Essential learning guide in CyberSec.
-
Natting-EncodingHere
-
GET v POSThere
-
HTTP Request, Response, MethodsInfo
-
Site v Origin & Cookies101
-
All About SessionInfo
-
DAST-SAST-IAST-RCAInfo
1. Web Application Security Testing: PortSwigger Academy
Client Side Vuln: ONLY
Cross Site Scripting(XSS) | Cross Site Request Forgery | Cross Origin Resource Sharing(CORS) | Clickjacking | DOM Based Vuln | Web Socket
- Application Programming Interface API-101
- API Security Testing
- Android
- iOS
- Definition: Web proxy to intercept, analyze, and modify HTTP/S traffic.
- Best For: Web, API, Mobile (API Traffic Analysis).
- Definition: Exploitation framework to identify, exploit, and validate system vulnerabilities.
- Best For: Web, Network, API, Application, Post-Exploitation.
- Nessus: Vulnerability scanner
- Definition: To detect misconfigurations and security gaps System-level (OS, services, ports, packages), CVE-based scans for known vulns
- Best For: Network, Web, Infrastructure, Cloud Security.
- Nmap Network Mapper:
- Definition: Network scanner to check open ports, services, and hosts.
- Best For: Network Recon, Web Enumeration, API Recon, Advance NSE (NMAP Script Engine) Support
- Definition: Cloud-based scanner for identifying vulnerabilities and ensuring compliance.
- Best For: Web, Cloud, Network, Compliance Audits.
- Wireshark: Traffic Analyser
- Intercept HTTP/S traffic between browser and server for manual and automated testing.
- Use to analyze the traffic.
- Nikto: Web Server Scanner:
- Detect misconfigurations, outdated software, and exposed files in internal networks, dev/test environments, or legacy systems.
- Best for initial recon and hygiene checks before deeper analysis with tools like Burp or Nessus.