Cyber Security RoadMap Resources
Resources to learn about Operating Systems:
Linux Basics: https://linuxjourney.com/
Android Basics: https://www.educba.com/android-operating-system/
Windows Basics: https://www.educba.com/introduction-to-windows/
Operating System Basics: https://www.tutorialspoint.com/operating_system/index.htm
Resources to learn Computer Networks
https://www.tutorialspoint.com/data_communication_computer_network/index.htm
https://www.tutorialspoint.com/network_security/index.htm
Cryptography & Network Security (McGraw-Hill Forouzan Networking)
Resources to Learn About Web Applications
About HTTP: https://developer.mozilla.org/en-US/docs/Web/HTTP
HTTP Headers: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers
HTTP Security: https://developer.mozilla.org/en-US/docs/Web/Security
Content-Security Policy: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
HTTP Cookies: https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies#Secure_and_HttpOnly_cookies
Web Security Cheatsheet: https://infosec.mozilla.org/guidelines/web_security
Cross-Origin Resource Sharing: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS
Resources to Learn About Common Security Frameworks
OWASP: The Open Web Application Security Project is an online community that produces freely-available articles, methodologies, documentation, tools, and technologies in the field of web application security.
OWASP Web Top 10: https://owasp.org/www-project-top-ten/
OWASP API Top 10: https://owasp.org/www-project-api-security/
OWASP Mobile Top 10: https://owasp.org/www-project-mobile-top-10/
OWASP ASVS: https://owasp.org/www-project-application-security-verification-standard/
OWASP Vulnerability Management Guide: https://owasp.org/www-project-vulnerability-management-guide/OWASP-Vuln-Mgm-Guide-Jul23-2020.pdf
OWASP Risk Rating Methodology: https://owasp.org/www-community/OWASP_Risk_Rating_Methodology
STRIDE: The STRIDE model was developed by Microsoft in order to help security engineers understand and classify all possible threats on a server. The name of this model is an acronym for the six main types of threats.
Read More: https://docs.microsoft.com/en-us/previous-versions/commerce-server/ee823878(v=cs.20)?redirectedfrom=MSDN
CVSS: The Common Vulnerability Scoring System (CVSS) provides a way to capture the principal characteristics of a vulnerability and produce a numerical score reflecting its severity. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes.
Read More: https://www.first.org/cvss/
OWASP Testing Guide explaining a wide range of security issues and how to test for them. This should be the initial reference guide to know and explore various security vulnerabilities.
PortSwigger Web Security Academy is the practical version of Web Application Hacker’s Handbook. You will get good learning resources (short and crisp) followed by Labs to master the things you are learning.
Bugcrowd Vulnerability Rating Taxonomy talks about multiple security issues and an associated severity with them. This is also a helpful resource to know multiple security issues.
OWASP Juice Shop is a real-life application and gives you a flavor to test multiple security vulnerabilities ranging from Injection, Access Control to XXE.
Cobalt.io Vulnerability Wiki is yet another great resource that includes a brief explanation, proof of concept, and risk ratings for various security issues based on OWASP ASVS.
PayloadAllTheThings is an open-resource GitHub Repository that contains a huge list of payloads for all security issues and this is a good resource to know some of the new security issues as well.
Learn365 is my own GitHub Repo which contains all the learning resources I am following in my #Learn365 challenge, these include various attack vectors including Web, Mobile, Network, Cloud, etc.
HackTricks GitBook is a great collection of resources about various Network, Mobile & Web Attack vectors.
InfoSec Writeups, PentesterLand & HackerOne Disclosures are great resources for looking at the Bug Bounty Writeups and learn how various hackers approach different bugs and different applications.
If you can purchase paid subscriptions I would suggest these two paid labs and they have nice content:
PentesterLab: https://pentesterlab.com/
PentesterAcademy — AttackDefense Labs: https://attackdefense.com/
Resources to Learn About Network Security
There are multiple ways to practice for network security, however, the best way is to invest time in solving labs using HackTheBox and understanding new concepts. some of the good resources are:
HackTheBox: An online platform to test and advance your skills in penetration testing and cybersecurity.
VulnHub: To provide materials that allow anyone to gain practical ‘hands-on’ experience in digital security, computer software & network administration.
OffensiveSecurity ProvingGrounds: Practice your Pentesting skills in a standalone, private lab environment with the additions of PG Play and PG Practice to Offensive Security’s Proving Grounds training labs.
TryHackMe: TryHackMe is an online platform that teaches Cyber Security through short, gamified real-world labs. We have content for both complete beginners and seasoned hackers, incorporating guides and challenges to cater to different learning styles.
HackTricks GitBook is a great collection of resources about various Network, Mobile & Web Attack vectors.
Mobile Application Security:
OWASP Mobile Security Top 10: https://owasp.org/www-project-mobile-top-10/
The Mobile Application Hacker’s Handbook:
HackTricks GitBook is a great collection of resources about various Network, Mobile & Web Attack vectors.
OWASP iGoat: https://github.com/OWASP/igoat
Insecure Bank: https://github.com/dineshshetty/Android-InsecureBankv2
Linux Basics: https://linuxjourney.com/
Android Basics: https://www.educba.com/android-operating-system/
Windows Basics: https://www.educba.com/introduction-to-windows/
Operating System Basics: https://www.tutorialspoint.com/operating_system/index.htm
Resources to learn Computer Networks
https://www.tutorialspoint.com/data_communication_computer_network/index.htm
https://www.tutorialspoint.com/network_security/index.htm
Cryptography & Network Security (McGraw-Hill Forouzan Networking)
Resources to Learn About Web Applications
About HTTP: https://developer.mozilla.org/en-US/docs/Web/HTTP
HTTP Headers: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers
HTTP Security: https://developer.mozilla.org/en-US/docs/Web/Security
Content-Security Policy: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
HTTP Cookies: https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies#Secure_and_HttpOnly_cookies
Web Security Cheatsheet: https://infosec.mozilla.org/guidelines/web_security
Cross-Origin Resource Sharing: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS
Resources to Learn About Common Security Frameworks
OWASP: The Open Web Application Security Project is an online community that produces freely-available articles, methodologies, documentation, tools, and technologies in the field of web application security.
OWASP Web Top 10: https://owasp.org/www-project-top-ten/
OWASP API Top 10: https://owasp.org/www-project-api-security/
OWASP Mobile Top 10: https://owasp.org/www-project-mobile-top-10/
OWASP ASVS: https://owasp.org/www-project-application-security-verification-standard/
OWASP Vulnerability Management Guide: https://owasp.org/www-project-vulnerability-management-guide/OWASP-Vuln-Mgm-Guide-Jul23-2020.pdf
OWASP Risk Rating Methodology: https://owasp.org/www-community/OWASP_Risk_Rating_Methodology
STRIDE: The STRIDE model was developed by Microsoft in order to help security engineers understand and classify all possible threats on a server. The name of this model is an acronym for the six main types of threats.
Read More: https://docs.microsoft.com/en-us/previous-versions/commerce-server/ee823878(v=cs.20)?redirectedfrom=MSDN
CVSS: The Common Vulnerability Scoring System (CVSS) provides a way to capture the principal characteristics of a vulnerability and produce a numerical score reflecting its severity. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes.
Read More: https://www.first.org/cvss/
OWASP Testing Guide explaining a wide range of security issues and how to test for them. This should be the initial reference guide to know and explore various security vulnerabilities.
PortSwigger Web Security Academy is the practical version of Web Application Hacker’s Handbook. You will get good learning resources (short and crisp) followed by Labs to master the things you are learning.
Bugcrowd Vulnerability Rating Taxonomy talks about multiple security issues and an associated severity with them. This is also a helpful resource to know multiple security issues.
OWASP Juice Shop is a real-life application and gives you a flavor to test multiple security vulnerabilities ranging from Injection, Access Control to XXE.
Cobalt.io Vulnerability Wiki is yet another great resource that includes a brief explanation, proof of concept, and risk ratings for various security issues based on OWASP ASVS.
PayloadAllTheThings is an open-resource GitHub Repository that contains a huge list of payloads for all security issues and this is a good resource to know some of the new security issues as well.
Learn365 is my own GitHub Repo which contains all the learning resources I am following in my #Learn365 challenge, these include various attack vectors including Web, Mobile, Network, Cloud, etc.
HackTricks GitBook is a great collection of resources about various Network, Mobile & Web Attack vectors.
InfoSec Writeups, PentesterLand & HackerOne Disclosures are great resources for looking at the Bug Bounty Writeups and learn how various hackers approach different bugs and different applications.
If you can purchase paid subscriptions I would suggest these two paid labs and they have nice content:
PentesterLab: https://pentesterlab.com/
PentesterAcademy — AttackDefense Labs: https://attackdefense.com/
Resources to Learn About Network Security
There are multiple ways to practice for network security, however, the best way is to invest time in solving labs using HackTheBox and understanding new concepts. some of the good resources are:
HackTheBox: An online platform to test and advance your skills in penetration testing and cybersecurity.
VulnHub: To provide materials that allow anyone to gain practical ‘hands-on’ experience in digital security, computer software & network administration.
OffensiveSecurity ProvingGrounds: Practice your Pentesting skills in a standalone, private lab environment with the additions of PG Play and PG Practice to Offensive Security’s Proving Grounds training labs.
TryHackMe: TryHackMe is an online platform that teaches Cyber Security through short, gamified real-world labs. We have content for both complete beginners and seasoned hackers, incorporating guides and challenges to cater to different learning styles.
HackTricks GitBook is a great collection of resources about various Network, Mobile & Web Attack vectors.
Mobile Application Security:
OWASP Mobile Security Top 10: https://owasp.org/www-project-mobile-top-10/
The Mobile Application Hacker’s Handbook:
HackTricks GitBook is a great collection of resources about various Network, Mobile & Web Attack vectors.
OWASP iGoat: https://github.com/OWASP/igoat
Insecure Bank: https://github.com/dineshshetty/Android-InsecureBankv2