Cybersecurity Learning Path
In this blog, I’ll share the learning paths of cyber security which helps you to know about cybersecurity
I’ll guide you better on how to get a start in this domain and below are the various essential setups you should take to get a piece of good knowledge from basic to advance concepts. So let’s have a look into it:
Learn Programming
Programming is a core part if you want to make a career in cybersecurity. As a cyber professional it is important for you to recognize both the causes and symptoms of whatever threat you face. Coding knowledge can give you the insight you need to recognize what a piece of software is doing, and even if it’s malicious code or not.
However, any one programming language will not provide a comprehensive understanding of every application-level and hardware weakness.
For example :
- An understanding of C can enable you to spot buffer overflow vulnerabilities in systems software.
- Familiarity with Perl can assist you in testing applications for errors.
- Proficiency in JavaScript can be useful in identifying security issues in web applications.
- And knowing SQL will help you prevent Structured Query Language injection (SQLi) attacks, a specific type of cyber attack that allows an attacker to manipulate SQL statements and penetrate a secure, SQL-based database.
The languages are divided into two categories :
1. Programming Languages
They typically run inside a parent program like scripts. More compatible while integrating code with mathematical models. Languages like JAVA can be compiled and then used on any platform
2. Scripting Languages
To automate certain tasks in a program. Extracting information from a data set. Less code intensive as compared to traditional programming languages
Resources to learn about Programming Languages:
· C :
· Java:
· Golang:
Resources to learn about Scripting Languages:
· Shell:
· PHP:
· Python:
· Javascript:
Learn Databases
Most organizations lack the ability to respond to breaches in a timely manner and don’t assess database activity continuously. Common database security issues are compromised credentials, the potential for a major data breach, and the inability to recognize breaches until it is too late.
At a basic level, it is estimated that most organizations lack an elevated degree of certainty about who is accessing their database. That is a major security issue. Not knowing who is in your databases can lead to serious problems such as deleted data, incorrect data, or a major data breach.
Resources to learn about Databases:
· SQL:
· Mongo DB:
· PostgreSQL:
Learn OS (Operating Systems)
We all know what is Operating System
“An operating system (OS) is software system that manages computer hardware, software resources, and provides common services for computer programs”.
There were many Operating Systems available, however, the most common are Windows, Mac & Linux-based Operating Systems. On the other hand, Android & iOS are the majority players in the Mobile Operating Systems.
You face many scenarios when you will require to know how a particular operating system works and what are various security features provided by them, what are the limitations each of them has and how an attacker can abuse them.
Resources to learn about Operating Systems:
· Linux Basics :
· Android Basics :
· Windows Basics :
If you wish to go deep into these operating systems, you can look out for Windows Internals or Linux Internals. However, I would recommend getting basic knowledge is good just to know the proper commands and their usage of them.
Learn Computer Networking
Networking is one of the most important aspects for any IT professional when working over the internet. Getting connected to the internet means that you could receive lots of traffic. Huge traffic can cause stability problems and may lead to vulnerabilities in the system. Network security promotes the reliability of your network by preventing lagging and downtimes through continuous monitoring of any suspicious transaction that can sabotage the system.
As to make a career in cyber security, you must know basic concepts of networking which include knowing how Routing, Firewalling, SSL, TLS, Ports, Protocols, IP, TCP, UDP, MAC, and other important network security features work.
Resources to learn about Computer Networks
There were some books also which help you to understand Networking concepts.
1. A Top-Down Approach: Computer Networking
2. Networking for Systems Administrators (IT Mastery)
3. The All-New Switch Book (2nd Edition)
4. Networking All-in-One For Dummies (8th Edition)
5. High-Performance Browser Networking
6. Business Data Communications and Networking (14th Edition)
Learn Web Applications
Web application security is a series of protocols and tools that work together to ensure that all mobile, cloud app, website, and desktop applications are secure against malicious threats or accidental breaches and failures. It is the process of finding, fixing, and eliminating vulnerabilities that leave apps open to attacks by hackers.
Most of the externally faced resources of any organization are web applications.
Before going deep into how to test for Web Application Security, it is essential to know various concepts about Web Application, their communication, and components.
Resources to learn Basic Concepts
if you want to learn the topics in detail, check this website it will help you to know it.
· Web Security Cheatsheet :
Understanding Common Security Frameworks
Cyber security frameworks are sets of documents describing guidelines, standards, and best practices designed for cyber security risk management. The frameworks exist to reduce an organization’s exposure to weaknesses and vulnerabilities that hackers and other cyber criminals may exploit.
When you go on the Internet and search cybersecurity frameworks what you find is the Information security frameworks that actually industry uses to protect your data.
The actual Cybersecurity framework is OWASP.
OWASP: The Open Web Application Security Project is a community that runs online and produces articles that are freely available on the internet. They also gave methodologies, documentation, tools, and technologies in the Web Application Security field.
· OWASP Web Top 10:
· OWASP API Top 10:
· OWASP Mobile Top 10:
· OWASP Application Security Verification Standard:
· OWASP Vulnerability Management Guide:
· OWASP Risk Rating Methodology:
STRIDE: STRIDE is an acronym for six threat categories: Spoofing identity, Tampering with data, Repudiation threats, Information disclosure, Denial of Service, and Elevation of privileges.
Teams can use the STRIDE threat model to spot threats during the design phase of an app or system. The first step helps find potential threats using a proactive process. The design of the system forms the basis for spotting threats. The next steps include finding the risks inherent in the way the system has been implemented and then taking action to close gaps.
For example, imagine you find that an admin database is exposed to tampering with data, information disclosure, and denial-of-service threats. In that case, you can implement access control logs, secure socket layer/transport layer security, or IPSec authentication to counter those threats.
· Read More:
CVSS: The Common Vulnerability Scoring System offers a procedure to assess the level of vulnerability the software possesses. Most cybersecurity professionals use the CVSS base score as a major factor to examine the severity of any weakness in the system. The framework supports organizations to ensure confidentiality and integrity while protecting the data owned by the company. The system helps organizations prioritize software vulnerabilities on the basis of those that need immediate attention.
· Read More:
How to Start with Web Application Security
We will know about what is Web Application Security now talk about some resources. There are tons of resources out there and it is not possible to learn/read all of them, however, choosing the best ones is also a difficult task. So here are some of the good resources to follow in order to get it better.
- OWASP Testing Guide
2. PortSwigger Web Security Academy
3. Bugcrowd Vulnerability Rating Taxonomy
5. Cobalt.io Vulnerability Wiki
6. PayloadAllTheThings
7. HackTricks GitBook
8. InfoSec Writeups
9. PentesterLand
10. HackerOne Disclosures
How to Start with Network Security
For the Network Security, you don’t have to go in deep but having a good understanding of computer networking from a security point of view is much required. There were many ways to practice for network security
Some of the good resources would be :
· HackTheBox:
· VulnHub:
· TryHackMe:
· HackTricks GitBook
Closing Remarks
I hope this blog will help everyone, all the newcomers who are finding answers to “How to get started in cybersecurity”, “What is the right path”
I will try to keep this blog updated at regular time intervals. I hope you enjoy reading this and get enough resources to get started in Cyber Security.
Notes :
1. Never ignore learning the basics. After learning the basics you can understand how things work. This will help you a lot.
2. Follow the right set of people on Twitter, Github, and other social platforms where you can stay updated about what’s happenings nowadays in the market.
3. Never thought there were no resources for you to learn Internet is an encyclopedia where you get each and every piece of information for Free you just have the art of finding that things.
If you have any good resources that you know should be included in this blog, please leave a PRIVATE NOTE and I will add the relevant ones to the blog.
If you enjoyed reading the article do clap and follow:
Twitter: https://twitter.com/i_amsphinx
LinkedIn: https://www.linkedin.com/in/pathakabhi24/
GitHub: https://github.com/pathakabhi24
From Infosec Writeups: A lot is coming up in the Infosec every day that it’s hard to keep up with. Join our weekly newsletter to get all the latest Infosec trends in the form of 5 articles, 4 Threads, 3 videos, 2 Github Repos and tools, and 1 job alert for FREE!
