The problem.

There are tons of resources, hacking tools, and research papers, but still, breaking into information security is harder than ever. So, what's the problem?

The current security education model is broken.

There are many great web security courses available on the Internet. However, most of them jump straight into explaining various vulnerabilities such as Injections or XSS assuming that learners are already familiarised with various technical concepts: what is a web application, how it differs from a website, web applications architecture, networking, Javascript, and many others.

Moreover, those courses target people who already sorted out what they want to do in life (e.g., become a pentester). Still, there is a massive pool of talented people willing to start a career in information security, but confused by all those technical concepts, stereotypes, and the lack of clear guidance, choose to switch their minds to other careers.

Finally, we think that existing courses put too much emphasis on the technical side. Yes, it is essential to understand the technical concepts, but that’s not enough. Courses should also teach people that soft skills are just as important as technical skills, if not more important. After all, it is pointless to know how to exploit an SQL Injection vulnerability if you are not creative enough to find one in real-world applications.

The solution.

We want to do better. Our mission is to educate the next generation of information security professionals.

How?

By providing some of the best web application security courses suitable for both beginners and experienced security enthusiasts - all freely available to the public.

Designed for beginners.

We assume nothing. We start blank and slowly build up a base of knowledge, covering technical and less-technical topics.

This platform won’t make you an ethical hacker. Instead, it will help you get a solid understanding of computer and web security fundamentals that will set you up for future success. We aim to offer you a purpose-guided learning experience, instead of just filling your head with information.

Courses made for humans, not for robots.

While most of our lessons are going to be technical, we will also focus on several humanly topics that are both very important and often under-emphasized: creativity, critical thinking, and mental models. We’ll dive deep into the hacking culture so that you can get a better understanding of this industry. Instead of saying, “Think like a hacker!!”, we analyse together how a hacker thinks and what makes a hacker different from you (not too much, as you will see).

Ethics first.

Ethics in information security is a big topic to address and simply saying that “this platform will never encourage illegal activities” is not enough.

We strongly believe that many problems can be avoided if a person adopts the right mindset as early in his development. For this reason, we will have dedicated lessons on the mindset and moral code required to work effectively in this industry.

Nowadays, the information security industry offers fantastic opportunities. Ethical hackers can make good money from home while hacking some of the largest companies in the world — totally legal!

Clean revenue.

Keeping this educational platform completely free for everyone is one of our main ethics. We plan on holding it this way for as long as we can. Right now, you can help up pay the costs of running this service by becoming a Patron.

In the future, we’re planning to introduce an optional subscription that will not give you any benefit other than our gratitude — but will help us pay the bill. Absolutely zero ads and monetisation of your personal information.

The next steps...

As of 20th May 2020, we released the BETA version of Uphack after almost one year of full-time work. Indeed, there is not much content at the moment, but we have big plans for this project.

We are aware that teaching computer and web security fundamentals is not enough to achieve our mission. Still, it’s a small step forward. In the future, we plan to extend this platform to other security areas such as mobile security, reverse engineering, or malware analysis. But for now, we will focus on one thing: web application security. After all, we need to start somewhere, right?

Here is what to expect in the near future:

  • A lot of new content — We are currently working on some awesome new lessons for the existing and upcoming courses.
  • Hands-on lessons — Learning by reading it’s not fun, nor efficient. Our hands-on lessons will help you become proficient in web application security while exploiting vulnerabilities in real web applications. You may not even notice that you’re learning along the way!
  • Community board — We don’t build a learning platform, but a community of people. And as any community, we need a place where to discuss interesting things and exchange ideas.
  • New dashboard — Our dashboard is limited to the very basic features you need. To make your experience seamless, we will add new features that will allow you to track your progress, set goals, see achievements, and much more.

And if there’s anything you’re missing on Uphack, just let us know at [email protected]. We want to build Uphack together. To make things easier, we will create a Slack group where you can help us decide the topic for upcoming lessons, what features we implement next or what should be improved. Let’s build the best security educational platform — together.

Still got questions? Check out our FAQ or contact us at [email protected].