Chapter 1

The Attacker's Mindset

Think like the attacker before you defend like one.

~14 min total2 lessonsAssignment

By the end of this chapter you'll be able to

Frame every endpoint as "what could go wrong?"
Map the OWASP Top 10 to real Grit endpoints

Lessons

Module: Foundation

A threat model in 15 minutes

What you protect, from whom, with what.

6measy

OWASP Top 10 — the speedrun tour

One sentence per category, in plain English.

8measy

Chapter assignment

Threat-model your API

Write a 1-page threat model for your Grit API in notes.md: 5 assets, 5 actors (user, admin, attacker, bot, partner), and 10 threats (one per OWASP category). One paragraph each.

See success criteria

Lesson 1 takes ~6 min.

Start chapter

Spot a typo? Have an idea?

Help us improve this chapter. One click opens a GitHub issue with this chapter's URL pre-filled — suggest a clearer wording, report a bug, or request a new lesson. The course keeps improving thanks to learners like you.

Suggest an improvement on GitHub

ch.2: Broken Access Control