Resources To Get Started in Cybersecurity

What is cybersecurity?

Cybersecurity is the protection of computer systems or networks from malicious actors that may result in the theft of data or disruption to any services these systems provide. It has many fields such as web hacking, mobile hacking, reverse engineering, etc. To get started, you have to pick the field which interests you. It can be web hacking if you like to tinker around with web applications to see how they behave or maybe reverse engineering if you like to see how the applications work.

Basics

To get started with cybersecurity, it is recommended to have a basic understanding of computer networking, operating system fundamentals, as you have to know how it communicates to hack something. Check out the following resources to get a head start:

Learn about vulnerabilities and tools

After understanding the basics, it is time to learn some hacking skills.

OWASP Top 10 for Web

The very first step is to understand what vulnerabilities to look for in a system. OWASP Top 10 is a standard awareness document for developers and web application security. It represents a broad consensus about the most critical security risks to web applications.

Web Testing Guide

After learning about the OWASP TOP 10 vulnerabilities in web applications, you can use these comprehensive guides to learn step by step how to look for these vulnerabilities, along with the impact they have when exploited and how to remediate or fix those vulnerabilities.

Burp Suite

Burp Suite is a software security application used for penetration testing of web applications. It is an HTTP proxy tool that is used to intercept and manipulate the HTTP traffic of the application you are testing. To practice looking for vulnerabilities, it is necessary to learn how to use this tool to intercept and edit the HTTP request. It has both paid and free versions, but you can use the community edition, which is more than enough.

Practice

After you have some knowledge about the vulnerabilities in theory, it is time to practice them.

  • Portswigger Web Security Academy is a free online academy to learn about web security from the creators of Burp Suite. They have detailed information about different vulnerability topics along with real-world scenarios. Highly recommended for anyone who wants to learn the basics of how to look for web vulnerabilities.
  • Tryhackme is an online platform for learning cybersecurity, using hands-on exercises and labs, all through your browser. It has both paid and free rooms that cover all topics about security through a series of CTF.
  • Kontra is a free platform to learn about application security through their series of interactive exercises on vulnerabilities in real-world scenarios.
  • OWASP Juice Shop is a modern insecure application that has vulnerabilities from OWASP Top 10 and other security issues found in real-world applications.

Test your skills in the real world

Now, after gaining knowledge about vulnerabilities and practicing how to find them, it is time to use your skills in the real world. You can try to test for vulnerabilities in Bug Bounty programs.

Bug bounty programs offer monetary rewards to ethical hackers for successfully discovering and reporting a vulnerability or bug to the application's developer.

  1. HackerOne
  2. Bugcrowd
  3. Intigriti
  4. Bugbase: Bugbase is an India-based bug bounty platform that hosts bug bounty programs for various Indian companies.

You can use these platforms to hunt on various programs, or you can search for independent vulnerability disclosure programs that are self-hosted by various companies by searching for 'Company Name' vulnerability disclosure program or 'Company Name' bug bounty program on Google.

References

Perspective & advice from the community

Acknowledgements

This wiki was initially written by u/Sanamdhar.

Must Read Thread Collections on r/developersIndia
Monthly Showcase Sundays
Weekly Tech Discussions
Monthly Community Roundups
200+ Insightful Handpicked Discussions
All AMA sessions with Engineering Leaders