--- tags: devtools2022 --- # 2022 Fundamentals in Developer Tools ## Learning Outcome By the end of this course, participants should be able to / can expect to: * **Utilise** advanced git skills as version control in a collaborative environment * **Explain** the basics of Linux OS and the role of shell (bash or zsh) * **Explain** basics of Computer Networks and the internet protocol stack * **Identify** common web application vulnerabilities and **apply** various mitigation techniques * **Deploy** web services in the cloud (AWS), **setup** its network environment and **utilise** various developer tools to maintain its security and availability * **Write** shell scripts to **attack** various basic network and OS vulnerabilities * **Explain** the fundamental differences between a VM and Container * **Write** Dockerfile/docker-compose file and deploy web services using Docker * **Create** a simple REST API (backend) and a simple frontend CRUD app ## Timeline Full day: 17,18,19,20 Oct 2022, Half day: 4 Nov 2022 (consultation PM), 11 Nov 2022 (presentation PM) ## Syllabus Instructor: Natalie Agus and David Yau Each AM and PM section includes 1 hr of hands-on (we let participants try) 1. **[Day1 AM Part 1 Natalie]** Introduction to AWS, setting up environment, getting started * Installation of necessary programs, setting up EC2 * Setting up starter project and running it * Test sample site * **Notes**: * http://tiny.cc/devtools2022-day1-AM-1 1. **[Day1 AM Part 2 Natalie]** **Basics** of Operating System (theoretical introduction): * OS Kernel, role of Operating System * File system permission and different user permissions * Basics of shell and commands * TOCTOU bug * **Notes**: * http://tiny.cc/devtools2022-day1-AM-2 * http://tiny.cc/devtools2022-day1-AM-3 4. **[Day1 PM Natalie]** Introduction to git and GitHub for **development** and **collaboration**: * **Basic git**: nodes and head, staging, comitting, rebasing, push, push to remote, pull, fix merge conflicts, using VSCode with git * **Advanced git** tools for project collaboration: merge vs rebase, reset, checkout, reflog, squash and bisect, cherry pick, dotfiles management and ignore files, git prune, submodules and subtree. * **Notes**: * http://tiny.cc/devtools2022-day1-PM-1 * http://tiny.cc/devtools2022-day1-PM-2 3. **[Day2 AM David]** Shell **functions** and shell **attacks**: * Define functions in bash shell * Shellshock attack on CGI programs * Reverse shell 7. **[Day2 PM Part 2 Natalie]** Network environment for tool development: * Cont'd from Day 1PM: * **Git Hooks**: http://tiny.cc/devtools2022-git-hooks (tentative) * Basics of the **Internet**: * Protocol Stack * LAN, WAN, NAT * DNS * Lab with AWS Route 53, Wireshark * **Notes**: * http://tiny.cc/devtools2022-day2-PM-1 8. **[Day3 AM David]** Fundamentals of **Network Security**: * SSL/TLS concepts, VPN access * Interacting with a real TLS server + browser, what's required for proper certification requirements with HTTPS * Public key infrastructure and chain of **trust** * **MITM** Attack 10. **[Day3 PM David]** **Web Application** and its **vulnerabilities**: * HTTP/HTTPS * Web technologies (e.g., GET, POST, CGI, PHP, cookies, same-site vs. cross-site access, web database, etc), particularly their implications for web security * TLS client-side programming for secure web access with trusted CA certs * TLS server-side programming for implementing HTTPS server * Web attacks: Cross Site Scripting (XSS), Cross-Site Request Forgery, SQL injection 12. **[Day4 AM David]** Defining **Trustworthy** Applications and **REST** Architectural Constraints: * CORS * Cookies * Best practices for REST API design * REST API (mysql + node) demo: https://hackmd.io/@Crimsonlycans/r1ZGJaAfs 16. **[Day4 PM Natalie]** Deploying Applications with **Docker**: * Introduction to Basic **Docker** concepts * Differences between containers vs VM * Basic docker commands and docker-compose * `chroot` jail * Building container from scratch * **Notes**: * http://tiny.cc/devtools2022-day4-PM-1 ## Final Project **Due: 11 Nov 2022, 12PM** Handout can be found here: http://tiny.cc/devtools2022-project