Nowdays, Cyber Security, Ethical Hacking, Application Security, Penetration Testing, Bug Bounties, etc., these career options are blooming and becoming popular among teenagers, scholars, experienced professionals, etc. globally. The reason for this popularity is surely the growing community, increased attacks, and need for skilled professionals.
In the beginner the common questions facing Where should I start from? What should I learn first?
The above mindmap breaks down Cyber Security career options in three major domains Offensive, Defensive & Research.
Defensive
- Security Operation CEnter (SOC)
- Blue Teamer
- Cyber Forensics
- Cyber Compliance & Risk Activitices
- Secure Software Developer
- Security Acchicture
- Inciednt Response (IR)
** Defensive **
- Application Security Expart
- Red Teamer
- Penetration tester
- Bug Hunter
- Cloud Auditor
- Code Reviewer
Research
- Threat Analylysist
- Malware analysis
- Security Trend Analysis
- Zero day & Expolit
Offensive Cyber Security Career Path
When we talk about getting started into Offensive Cyber Security, there are many domains such as Application Security, Red Teaming, Penetration Testing, Code Reviews, Cloud Audits, etc. However, there are always some initial requirements and at the end of the day, everything is linked somehow.
Pre-requisite:
Good understanding of how Computer System Works
Good understanding of how the Internet works and how to use it
Mindset & Rythm — You must enjoy what you are doing!!!
Resources to learn about Operating Systems:
- Linux Basics: https://linuxjourney.com/
- Android Basics: https://www.educba.com/android-operating-system/
- Windows Basics: https://www.educba.com/introduction-to-windows/
- Operating System Basics: https://www.tutorialspoint.com/operating_system/index.htm
Learning about Computer Networks
As a security professional, you must know basic concepts of networking which include knowing how Routing, Firewalling, SSL, TLS, Ports, Protocols, IP, TCP, UDP, MAC, and other important network security features work. Why this knowledge is required doesn’t need any explanation itself, it’s essential, that’s all.
Resources to learn Computer Networks
https://www.tutorialspoint.com/data_communication_computer_network/index.htm
https://www.tutorialspoint.com/network_security/index.htm
Cryptography & Network Security (McGraw-Hill Forouzan Networking)
Learning about Web Applications
Resources to learn Basic Concepts
- About HTTP: https://developer.mozilla.org/en-US/docs/Web/HTTP
- HTTP Headers: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers
- HTTP Security: https://developer.mozilla.org/en-US/docs/Web/Security
- Content-Security Policy: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
- HTTP Cookies: https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies#Secure_and_HttpOnly_cookies
- Web Security Cheatsheet: https://infosec.mozilla.org/guidelines/web_security
- Cross-Origin Resource Sharing: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS
Understanding Common Security Frameworks
- OWASP Web Top 10: https://owasp.org/www-project-top-ten/
- OWASP API Top 10: https://owasp.org/www-project-api-security/
- OWASP Mobile Top 10: https://owasp.org/www-project-mobile-top-10/
- OWASP ASVS: https://owasp.org/www-project-application-security-verification-standard/
Getting Started with Web Application Security
At this point, we will talk about how to get started in Web Application Security. There are tons of resources out there in the wild and it is not possible to learn/read all of them, however, choosing the best ones is also a difficult task. I am sharing some of the good resources to follow in order to get a good hold:
OWASP Testing Guide explaining a wide range of security issues and how to test for them. This should be the initial reference guide to know and explore various security vulnerabilities.
PortSwigger Web Security Academy is the practical version of Web Application Hacker’s Handbook. You will get good learning resources (short and crisp) followed by Labs to master the things you are learning.
Bugcrowd Vulnerability Rating Taxonomy talks about multiple security issues and an associated severity with them. This is also a helpful resource to know multiple security issues.
OWASP Juice Shop is a real-life application and gives you a flavor to test multiple security vulnerabilities ranging from Injection, Access Control to XXE.
Cobalt.io Vulnerability Wiki is yet another great resource that includes a brief explanation, proof of concept, and risk ratings for various security issues based on OWASP ASVS.
PayloadAllTheThings is an open-resource GitHub Repository that contains a huge list of payloads for all security issues and this is a good resource to know some of the new security issues as well.
Learn365 is my own GitHub Repo which contains all the learning resources I am following in my #Learn365 challenge, these include various attack vectors including Web, Mobile, Network, Cloud, etc.
HackTricks GitBook is a great collection of resources about various Network, Mobile & Web Attack vectors.
InfoSec Writeups, PentesterLand & HackerOne Disclosures are great resources for looking at the Bug Bounty Writeups and learn how various hackers approach different bugs and different applications.
Getting Started with Network Security
HackTheBox: An online platform to test and advance your skills in penetration testing and cybersecurity.
VulnHub: To provide materials that allow anyone to gain practical ‘hands-on’ experience in digital security, computer software & network administration.
OffensiveSecurity ProvingGrounds: Practice your Pentesting skills in a standalone, private lab environment with the additions of PG Play and PG Practice to Offensive Security’s Proving Grounds training labs.
**TryHackMe: **TryHackMe is an online platform that teaches Cyber Security through short, gamified real-world labs. We have content for both complete beginners and seasoned hackers, incorporating guides and challenges to cater to different learning styles.
**HackTricks GitBook **is a great collection of resources about various Network, Mobile & Web Attack vectors.
Top comments (0)