How do I get Started in Cyber Security? — My Perspective & Learning Path!

Cyber Security Career Options

Offensive Cyber Security Career Path

  1. Good understanding of how Computer System Works
  2. Good understanding of how the Internet works and how to use it
  3. Mindset & Rythm — You must enjoy what you are doing!!!

Getting Started

Learning about Operating Systems

Learning about Computer Networks

Learning about Web Applications

Understanding Common Security Frameworks

Getting Started with Web Application Security

  1. OWASP Testing Guide explaining a wide range of security issues and how to test for them. This should be the initial reference guide to know and explore various security vulnerabilities.
  2. PortSwigger Web Security Academy is the practical version of Web Application Hacker’s Handbook. You will get good learning resources (short and crisp) followed by Labs to master the things you are learning.
  3. Bugcrowd Vulnerability Rating Taxonomy talks about multiple security issues and an associated severity with them. This is also a helpful resource to know multiple security issues.
  4. OWASP Juice Shop is a real-life application and gives you a flavor to test multiple security vulnerabilities ranging from Injection, Access Control to XXE.
  5. Cobalt.io Vulnerability Wiki is yet another great resource that includes a brief explanation, proof of concept, and risk ratings for various security issues based on OWASP ASVS.
  6. PayloadAllTheThings is an open-resource GitHub Repository that contains a huge list of payloads for all security issues and this is a good resource to know some of the new security issues as well.
  7. Learn365 is my own GitHub Repo which contains all the learning resources I am following in my #Learn365 challenge, these include various attack vectors including Web, Mobile, Network, Cloud, etc.
  8. HackTricks GitBook is a great collection of resources about various Network, Mobile & Web Attack vectors.
  9. InfoSec Writeups, PentesterLand & HackerOne Disclosures are great resources for looking at the Bug Bounty Writeups and learn how various hackers approach different bugs and different applications.
  1. PentesterLab: https://pentesterlab.com/
  2. PentesterAcademy — AttackDefense Labs: https://attackdefense.com/

Getting Started with Network Security

  • HackTheBox: An online platform to test and advance your skills in penetration testing and cybersecurity.
  • VulnHub: To provide materials that allow anyone to gain practical ‘hands-on’ experience in digital security, computer software & network administration.
  • OffensiveSecurity ProvingGrounds: Practice your Pentesting skills in a standalone, private lab environment with the additions of PG Play and PG Practice to Offensive Security’s Proving Grounds training labs.
  • TryHackMe: TryHackMe is an online platform that teaches Cyber Security through short, gamified real-world labs. We have content for both complete beginners and seasoned hackers, incorporating guides and challenges to cater to different learning styles.
  • HackTricks GitBook is a great collection of resources about various Network, Mobile & Web Attack vectors.

Getting Started with Mobile Application Security

  1. OWASP Mobile Security Top 10: https://owasp.org/www-project-mobile-top-10/
  2. The Mobile Application Hacker’s Handbook:
  3. HackTricks GitBook is a great collection of resources about various Network, Mobile & Web Attack vectors.
  4. OWASP iGoat: https://github.com/OWASP/igoat
  5. Insecure Bank: https://github.com/dineshshetty/Android-InsecureBankv2

Closing Remarks

Tips & Side Notes

  1. Never ignore learning the basics. Invest as much time as you can to understand how things work. This will help you a lot.
  2. Do not get too much comfortable with solving the labs as you may get into Lab mentality. This may make you feel giving up if you don’t find anything in real-life applications.
  3. Once you learn about few security vulnerabilities through reading and labs, go and practice them through responsible disclosure and bug bounty programs, it may also give you some rewards but at the end of the day, you will learn.
  4. Follow the right set of people on Twitter and another social platform where you can stay updated about what’s going on in the market.
  5. Don’t give up easily and start seeking help to solve your problems. Dig deeper and exhaust all the possible resources and still if you stuck, reach out to others.
  6. Whenever you reach out to someone, make sure you explain the complete scenario and ready to provide the URLs/Affected Endpoints where you are suspecting a vulnerability. If you are restrictive to provide details, people won’t be able to help you.
  7. If you don’t get some bounties or a job, keep on trying harder and things will fall in place for sure. It’s easy to say someone’s hard work is luck but always focus on how you can improve yourself and your learning process.
  8. Certifications are good to have a thing and if you get it sponsored or you can afford them, surely, go ahead and enroll yourself.

Takeaways

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Harsh Bothra

Harsh Bothra

Security Engineer | Bugcrowd Top 150 & MVP| Synack Red Teamer | Cobalt Core Pentester | Bug Hunter | Author | Speaker | Learner | Poet | Twitter — @harshbothra_