Resources To Get Started in Cybersecurity

What is cybersecurity ?

Cybersecurity is protection of computer systems or networks from malicious actors that may result in theft of data or disruption to any services these systems provide. It has many fields such as web hacking , mobile hacking , reverse engineering etc. To get started, you have to pick the field which interests you. It can be web hacking if you like to tinker around web applications to see how they behave or maybe reverse engineering , if you like to see how the applications works.

Basics

To get started with cybersecurity, it is recommended to have basic understanding of computer networking, operating system fundamentals, as to hack something you have to know how it communicates. Checkout following resource to get a head start:

• Network Fundamentals
• TCP IP Model
• How ssl works
• Basic of HTTP
• If you want a university like course with deeper understanding of basics you can follow PWN College

Learn about the vulnerabilites and tools

After understanding the basics, it is time to learn some hacking skills.

OWASP Top 10 for Web

The very first step is to understand what are vulnerabilities to look for in a system? OWASP Top 10 is a standard awareness document for developers and web application security. It represents a broad consensus about the most critical security risks to web applications.

Web Testing Guide

After learning about the OWSAP TOP 10 vulnerabilities in web applications. You can use these comprehensive guides to learn step by step how to look for these vulnerabilities along with the impact they have when exploited and how to remediate or fix those vulnerabilities.

Burpsuite

Burp Suite is a software security application used for penetration testing of web applications. It is a HTTP proxy tool which is used to intercept and manipulate the HTTP traffic of application which we are testing. To go ahead with practicing to look for vulnerabilites , it is necessary to learn how to use this tool to intercept and edit the HTTP request. It has both paid and free versions, but you can use the community edition which is more than enough.

• How to use burpsuite
• To practice Burpsuite lab

Practice

After you have some knowledge about the vulnerabilities in theory it is time to practice them

• Portswigger Web Security Academy is a free online academy to learn about web security from the creaters of Burpsuite. They have detailed information about different vulnerability topics along with the real world scenario. Must recommended for anyone who wants to learn basics of how to look for the web vulnerabilites.
• Tryhackme is a online platform for learning cyber security, using hands-on exercises and labs, all through your browser. It has both paid and free rooms which covers all topics about security through as series of CTF.
• Kontra is a free platform to learn about application security through their series of interactive execises of vulnerabilities in the real world scenario.
• Owasp Juice Shop is a modern insecure application which has vulnerabilites from Owasp Top 10 and other security issues found in the real world applications.

Test your skills in real world

So now after gaining the knowledge about vulnerabilities and practicing how to find them it is time to use your skills in the real world. You can try to test for the vulnerabilities in the Bug Bounty programs.

Bug bounty programs offer monetary rewards to ethical hackers for successfully discovering and reporting a vulnerability or bug to the application's developer.

1. HackerOne
2. Bugcrowd
3. Intigriti
4. Bugbase: Bugbase is India based bug bounty platform which hosts bug bounty programs for various Indian companies.

You can use there platforms to hunt on various programs or you can search for independent vulnerability disclosure programs which are self-hosted by various companies by searching 'Company Name' vulnerability disclosure program or 'Company Name' bug bounty program on google.

References

• OWASP
• Portswigger
• How to be a hacker

This wiki is maintained by u/Sanamdhar