@codewithsid Complete Cyber Security Learning RoadMap https://linktr.ee/codewithsid@codewithsid PRE-REQUISITE: 1.Good understanding of how Computer System Works 2.Good understanding of how the Internet works and how to use it 3.Mindset & Rythm — You must enjoy what you are doing!!! https://linktr.ee/codewithsid@codewithsid LEARNING ABOUT OPERATING SYSTEMS FOR BEGINNERS THERE ARE MULTIPLE OPERATING SYSTEMS AVAILABLE IN THE MARKET, HOWEVER, THE MOST COMMON ARE WINDOWS, MAC & LINUX-BASED OPERATING SYSTEMS. ON THE OTHER HAND. ANDROID & IOS ARE THE MAJORITY PLAYERS IN THE MOBILE OPERATING SYSTEMS. Resources to learn about operating systems & Cyber Security RoadMap Link in Bio https://linktr.ee/codewithsid FOR EXAMPLE: AS A PENTESTER, YOU HAVE GAINED ACCESS TO A LINUX MACHINE AS A RESTRICTED USER. NOW, IN ORDER TO ESCAPE THE RESTRICTION, YOU WILL NEED TO KNOW HOW YOU CAN ABUSE THE AVAILABLE FEATURES AND GAIN PRIVILEGED ACCESS THIS BECOMES REALLY SIMPLE WHEN YOU KNOW WHAT ARE VARIOUS FEATURES PRESENT AND YOU WILL HAVE A GOOD HOLD OF WHAT TO EXPLOIT AND GAIN BpIVWilccen acreece@codewithsid AS A SECURITY PROFESSIONAL, YOU MUST KNOW BASIC CONCEPTS OF NETWORKING WHICH INCLUDE KNOWING HOW ROUTING. FIREWALLING, SSL. TLS, PORTS, PROTOCOLS IP, TCP, UDP, MAC, AND OTHER IMPORTANT NETWORK SECURITY FEATURES WORK. WHY THIS KNOWLEDGE IS REQUIRED DOESN'T NEED ANY EXPLANATION ITSELF, IT’S ESSENTIAL. THAT'S ALL Resources to learn about networks & Cyber Security RoadMap Link in Bio https://linktr.ee/codewithsidPICKING YOUR FIELD CYBER SECURITY IS A HUGE DOMAIN AND WHEN YOU REFER TO CYBER SECURITY, YOU ARE ACTUALLY NOT CLEAR WHAT DOMAIN YOU ARE ACTUALLY TRYING TO ASK! WHEN YOU SAY CYBER SECURITY IT CAN BE — YOU WANT TO BE A BUG BOUNTY HUNTER OR MAYBE A BLUE TEAMER OR A CYBER FORENSICS GUY OR MAYBE YOU ARE NOT SURE EITHER. SO LET'S JUST FIRST BREAK DOWN SOME GENERAL CAREER OPTIONS IN CYBER SECURITY WHICH WILL HELP YOU TO KNOW WHERE YOU WANT TO GO EXACTLY. Cyber Security SWIPE RIGHT LEFT FOR CHART codewithsid@codewithsid XMind Security Operations Center (SOC) Soe enS Blue Teamer Cyber Forensics pee Anat Cyber Compliance & Risk Advisory Secure Software Developer Security Architect Incident Response ication Security Expert —- TiS SY Mainly focuses on Web, Mobil, Application Security ExPert — apis g Micro-Services, Thick Clients, etc Red Teamer This guy is comfortable performing Penetration Tester — penetration testing on any given target including Wireless and Network CUR esto Bug Bounty Hunter Cloud Auditor Code Reviewer Threat Analysis Malware Analysis CTT re elec) Security Trend Analysis Ze10-Day & Exploit Developers (Can also be considered in Offensive Part)LEARNING ABOUT WEB APPLICATIONS THE WEB APPLICATION IS ONE OF THE WIDELY ENCOUNTERED THINGS DURING MY JOURNEY AS AN APPLICATION SECURITY ENGINEER AND OFFENSIVE SECURITY GUY. MOST OF THE EXTERNALLY FACED RESOURCES OF ANY ORGANIZATION ARE WEB APPLICATIONS. BEFORE DIVING DEEPER INTO HOW TO TEST FOR WEB APPLICATION SECURITY, IT IS ESSENTIAL TO KNOW VARIOUS CONCEPTS ABOUT WEB APPLICATION, THEIR COMMUNICATION, AND COMPONENTS. THIS INCLUDES UNDERSTANDING HOW AN HTTP REQUEST IS FORMED, HOW HTTP RESPONSE WORKS, WHAT ARE THE VARIOUS SECURITY HEADERS, BROWSER SECURITY FEATURES, WHAT IS CSP AND CORS, ETC. THIS ISA BASIC CONCEPT AND WILL EVENTUALLY HELP YOU THROUGHOUT YOUR JOURNEY AS APPLICATION SECURITY GUY! @codewithsidUNDERSTANDING COMMON SECURITY FRAMEWORK ONCE YOU HAVE GAINED ENOUGH UNDERSTANDING ABOUT THE BASIC CONCEPTS OF WEB APPLICATION, OPERATING SYSTEMS & COMPUTER NETWORKS, THE NEXT PART BEFORE EXPLORING THE SECURITY PERSPECTIVE IS TO UNDERSTAND SOME OF THE COMMON SECURITY FRAMEWORKS WHICH ARE FOLLOWED AT THE INDUSTRY STANDARD. THIS IS GOING TO HELP YOU IN PROPER REFERENCING AND UNDERSTANDING WHICH CATEGORY YOUR SECURITY VULNERABILITY LIES IN. HOW YOU CAN RATE THE SEVERITY OF AN IDENTIFIED SECURITY ISSUE AND HOW TO APPROACH FOR REMEDIATION RESOURCES LINK IN BIO @codewithsidGETTING STARTED WITH WEB: £ APPLICATION= SECURITY AT THIS POINT, WE WILL TALK ABOUT HOW TO GET STARTED IN WEB APPLICATION SECURITY. THERE ARE TONS OF RESOURCES OUT THERE IN THE WILD AND IT IS NOT POSSIBLE TO LEARN/READ ALL OF THEM, HOWEVER, CHOOSING THE BEST ONES IS ALSO A DIFFICULT TASK. | AM SHARING SOME OF THE GOOD RESOURCES TO FOLLOW IN ORDER TO GET A GOOD HOLD RESOURCES LINK IN BIO @codewithsidGETTING STARTED WITH NETWORK SECURITY FOR NETWORK SECURITY, THERE IS NO LIMIT OF RESOURCES BUT HAVING A GOOD UNDERSTANDING OF COMPUTER NETWORKING FROM A SECURITY POINT IS MUCH REQUIRED THERE ARE MULTIPLE WAYS TO PRACTICE FOR NETWORK SECURITY, HOWEVER, THE BEST WAY IS TO INVEST TIME IN SOLVING LABS USING HACKTHEBOX AND UNDERSTANDING NEW CONCEPTS. SOME OF THE GOOD RESOURCES ARE LINKED IN BIO (PDF) @codewithsidGETTING STARTED WITH MOBILE APPLICATION SECURITY THE NEXT BIG THING WE OFTEN ENCOUNTER AS AN APPLICATION SECURITY ENGINEER IS MOBILE APPLICATIONS. HOWEVER, THIS IS A REALLY INTERESTING AREA AS YOU HAVE ACCESS TO THE SOURCE CODE BY SIMPLY REVERSE- ENGINEERING THE APPLICATION AND YOU CAN PERFORM BOTH STATIC AS WELL AS DYNAMIC ANALYSIS | AM ALSO A LEARNER WHEN IT COMES TO MOBILE APPLICATION SECURITY RESOURCES LINKED IN BIO @codewithsidClosing Remarks 6 It took me a lot of time to put all the pieces together to write this blog but the purpose of drafting this blog is to answer all the questions that are generally sked to me around “How to get started”, “What is the right path” and others Often, it is not possible to answer everyone but | hope this blog will help everyone who is seeking answers on this topic and all the newcomers. | will try to keep this blog updated at regular time intervals. In the future, | plan to add resources to get started into Cloud Security, Thick Clients, and other areas in this blog as well. | hope you enjoy reading this and get enough resources to get started in Cyber Security (Application Security/Offensive Security) @codewithsid