-
Notifications
You must be signed in to change notification settings - Fork 207
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Program Security - Updated security introduction lesson (#395)
* Updated security intro lesson * Updated security lesson * Update content/courses/program-security/security-intro.md Co-authored-by: Mike MacCana <[email protected]> * Update content/courses/program-security/security-intro.md Co-authored-by: Mike MacCana <[email protected]> * Update content/courses/program-security/security-intro.md Co-authored-by: Mike MacCana <[email protected]> * Update content/courses/program-security/security-intro.md Co-authored-by: Mike MacCana <[email protected]> * Update content/courses/program-security/security-intro.md Co-authored-by: Mike MacCana <[email protected]> * Update content/courses/program-security/security-intro.md Co-authored-by: Mike MacCana <[email protected]> * Change branch name * Merged changes * Fixed links and content * Added callout * Added callout * Added grammar fix * Added grammar fix --------- Co-authored-by: Mike MacCana <[email protected]>
- Loading branch information
1 parent
16914c6
commit 540ad6e
Showing
1 changed file
with
36 additions
and
38 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,48 +1,46 @@ | ||
--- | ||
title: How to approach the Program Security module | ||
title: How to Approach the Program Security Course | ||
objectives: | ||
- understand how to approach the Program Security Module | ||
- Understand how to approach the Program Security Course | ||
description: | ||
"Learn how to think intelligently about security for your onchain programs, | ||
whether developing in Anchor or in Native Rust." | ||
whether developing in Anchor or Native Rust." | ||
--- | ||
|
||
## Overview | ||
|
||
The goal of this course is to expose you to a wide variety of common security | ||
exploits that are unique to Solana development. We’ve heavily modeled this | ||
course off Coral's | ||
[Sealevel Attacks](https://github.com/coral-xyz/sealevel-attacks) repo. | ||
This course aims to introduce you to a range of common security exploits unique | ||
to Solana development. We’ve modeled this course heavily on Coral's | ||
[Sealevel Attacks](https://github.com/coral-xyz/sealevel-attacks) repository. | ||
|
||
We've covered program security in our | ||
Program security is covered in our | ||
[Anchor](/content/courses/onchain-development.md) and | ||
[native Rust](/content/courses/native-onchain-development.md) development | ||
courses because we wanted to make sure that anyone deploying programs to Mainnet | ||
right out of the gates had at least a basic understanding of security. And if | ||
that’s you then hopefully the fundamental principles you learned in that lesson | ||
have led to you avoiding some common Solana exploits on your own. | ||
|
||
This unit is meant to build on top of that lesson with two goals in mind: | ||
|
||
1. To expand your awareness of the Solana programming model and the areas where | ||
you need to focus to close up security loopholes in your programs | ||
2. To show you the array of tools provided by Anchor to help you keep your | ||
programs secure | ||
|
||
If you went through the Basic Security lesson, the first few lessons should seem | ||
familiar. They largely cover topics we discussed in that lesson. After that, | ||
some of the attacks may seem new. We encourage you to go through all of them. | ||
|
||
The last thing to call out is that there are a lot more lessons in this course | ||
than in prior course. And the lessons aren't dependent on each other in the same | ||
ways, so you can bounce around a bit more if you'd like. | ||
|
||
Originally, we were going to have more, shorter lessons in this course. And | ||
while they might be shorter than average, they aren't much shorter. It turns out | ||
that even though each of the security vulnerabilities is "simple," there's a lot | ||
to discuss. So each lesson may have a little bit less prose and more code | ||
snippets, making it easy for readers to choose how in depth to go. But, | ||
ultimately, each lesson is still as fully-fledged as they have been before so | ||
that you can really get a solid grasp on each of the discussed security risks. | ||
|
||
As always, we appreciate feedback. Good luck digging in! | ||
[Native Rust](/content/courses/native-onchain-development.md) development | ||
courses to ensure that anyone deploying programs to Mainnet has at least a basic | ||
understanding of security. Those courses should help you avoid some common | ||
Solana exploits on your own. | ||
|
||
This course builds on those courses with two main goals: | ||
|
||
1. Expand your awareness of the Solana programming model and highlight areas | ||
where you need to focus to close security loopholes. | ||
2. Introduce you to the tools provided by Anchor to help keep your programs | ||
secure, and show native Rust users how to implement similar techniques on | ||
their own. | ||
|
||
While the first few lessons in this course cover topics similar to those in the | ||
[Anchor course](/content/courses/onchain-development/intro-to-anchor.md) or | ||
[Program Security lesson](/content/courses/native-onchain-development/program-security.md) | ||
in the [Native Course](/content/courses/native-onchain-development.md), but as | ||
you progress, you’ll encounter new types of attacks. We encourage you to explore | ||
all of them. | ||
|
||
<Callout> | ||
Unlike the lessons in other courses, which are in order, you are welcome to | ||
explore these lessons in whatever order suits you best. </Callout> | ||
|
||
Even though each security vulnerability may seem "simple," there's a lot to | ||
discuss. These lessons contain less prose and more code, ensuring you gain a | ||
solid understanding of the security risks discussed. | ||
|
||
As always, your feedback is appreciated. Good luck as you delve into the course! |