List News Background articles Commentaries Development/Java IT Security Computer Guides & Tips

Please understand: Secure Programming is not 'Hacking' (Skillshare)!

Added at 01/08/2021 by Frank Hissen

Usually, you won’t find blog posts like this one from me. They are kind of off-topic. I will definitely put it in the ‘news’ section only...

This article was also published on LinkedIn.

Since round about 2015, I started publishing online courses on the side. I studied computer science with an emphasis on IT security as well as cryptography and because of some coincidence, I started to give seminars in real life straight after graduation. Don’t get me wrong, I am not a full time teacher. I am first and foremost an IT/security consultant and software developer, but I always enjoyed ‘teaching’ people in all kinds of IT-related stuff. Anyhow, since online course and webinar platforms became popular, I enjoy publishing courses from time to time, besides blogging.

The focus of my courses is IT security and my specialization – application security and cryptography. I recently published the first version of a new online video course called “Secure Programming of Web Applications – For Developers and Project Managers” (also on Udemy). Nothing big, I do not expect a huge revenue but – also because of pandemic time – I always wanted to start a course like this and now it is live. From experience, I can tell that development projects – no matter how big the company – usually do not allow for enough time to take care about secure programming. Hence, we read about so many successful attacks on famous web site or web applications. Not all of them happening on the application-level, of course. But a huge part.

One of the platforms I wanted to publish the course is “Skillshare”. I do not know their market share but I believe this is a household name in the online teaching market. Their concept is a little different from others as far as I understand.

So, I publish the video course successfully and about five hours later, the course gets closed and I receive a “Strike Notification”. Why? - I quote:

“Skillshare does not permit classes about ethical hacking, as this topic contains sensitive material that may be misused”

Okay, interesting. This surely differs from other platforms, but I totally respect that. However, while I know a lot about hacking, I have never published any hacking tutorials or similar. So I tried to explain and replied:

“I do not demonstrate hacking techniques or hacking tools. I show code constructs of vulnerable code and how to make it right. This has nothing to do with hacking. It is about learning how to code securely.“

I really just look from the developing point of view, so “the other” side. I was part of many security projects. Pointing out security vulnerabilities is one thing, making it better and at best preventing them is at least as important.

Maybe the chapter titles, I have chosen, are a problem, for instance “Cross-Site Scripting (XSS)” (a subchapter of “Well-known Attacks and their Prevention”), but I am not saying, the person responsible only took to a look at the curriculum. Why I chose these chapters? Because XSS etc. are common expressions and well-known problems.

Please note that “Skillshare” has a course category called “IT Security”! To cut things short, they gave me a standard response that their decision stands, I asked for an example in which chapter they would see a “hacking tutorial”, but they do not respond.

I think, if you publish tons of courses about “web development”, it makes total sense to add one about “secure web development”. At the very end, developers often get the blame for ‘programming errors’ causing security issues. In my practical experience with IT projects, developers are most often not given the time – also not further training. I think it’s too bad. “Skillshare” seemed to be a good fit.

About

HissenIT, is a small business company from Germany focusing on IT software development, programming and consulting. Founder and computer scientist Frank Hissen has over 24 years of experience in various positions in IT projects - today offering special services from experience in IT security, web application security and encryption solutions.

Keywords

IT Security, Hacking, Ethical Hacking, Secure Code, Secure Programming, Online Training, Video Course, Training Course, Webinar

Categories: News


Comments

Post your comment

Share

If you like this page, it would be a great thing if you share it with others:

Mail Facebook Twitter Pinterest LinkedIn
reddit Digg StumbleUpon XING
WhatsApp Telegram