From Beginner to Expert | Level 1 to Level 10
Internet, Networking, Web Security
Authentication, Backend, Cryptography
System Security, Defensive Ops
Ethical Hacking, Security Engineering
Cybersecurity is the practice of protecting computer systems, networks, and data from unauthorized access, attacks, and damage.
Create a secure login form with proper HTML5 security features.
Full Preview โLike your home address for computers. IPv4: 192.168.1.1 | IPv6: 2001:0db8::
| 22 | SSH | 80 | HTTP | 443 | HTTPS |
A firewall monitors and controls network traffic based on security rules. It acts as a barrier between trusted internal networks and untrusted external networks.
Build a Python script that performs basic network diagnostics including DNS lookup, ping test, and port scanning.
Full Preview โThis knowledge is for DEFENSIVE purposes only. Always get written permission before testing any system.
query = f"SELECT * FROM users WHERE name = '{name}'"query = "SELECT * FROM users WHERE name = %s"
cursor.execute(query, (name,))Permanently stored malicious script
Script in request
Client-side manipulation
Tricks authenticated users into performing unwanted actions. Defense: CSRF tokens and SameSite cookies.
Build a Python script that checks websites for security headers like CSP, HSTS, X-Frame-Options.
Full Preview โHTTP is stateless - sessions maintain user state. Tokens (JWT) provide stateless authentication.
Compact token format for securely transmitting claims between parties. Contains header, payload, and signature.
import bcrypt
salt = bcrypt.gensalt(rounds=12)
hashed = bcrypt.hashpw(password.encode(), salt)Assign permissions to roles rather than individual users. Simplifies access management and follows principle of least privilege.
Build a complete authentication system with registration, login, JWT tokens, and role-based access control.
Full Preview โProtects API from abuse: 10-100 requests/minute. Prevents brute force and DoS attacks.
All user input must be validated on the server side. Never trust client-side validation alone.
Build a secure Express.js REST API with JWT auth, rate limiting, and security headers.
Full Preview โOne-way function that converts input to fixed-size output. Use bcrypt or Argon2 for passwords, SHA-256 for checksums.
AES: Symmetric encryption, fast for large data. RSA: Asymmetric, solves key distribution problem.
Create a Python tool for file encryption, hashing, and digital signatures.
Full Preview โ# Essential security commands
chmod 600 private.key
ps aux
netstat -tulpnchmod 600 = owner read/write only | chmod 755 = owner full, others read/execute
Key log files: /var/log/auth.log, /var/log/syslog, journalctl. Monitor for suspicious activity.
Create a bash script that hardens a Linux system with proper permissions, firewall rules, and monitoring.
Full Preview โBlue Team focuses on detecting and responding to threats. Uses SIEM, IDS/IPS, and log analysis.
Security Information and Event Management. Tools: Splunk, ELK Stack, Microsoft Sentinel.
Create a Python script that monitors logs for suspicious patterns and generates alerts.
Full Preview โAlways get written permission before testing any system. Unauthorized access is illegal.
Passive: OSINT, DNS lookup, public info. Active: Port scanning, network enumeration.
Tools: OpenVAS, Nikto, Nmap NSE. Identify known vulnerabilities in systems and applications.
Conduct a simulated security assessment and document findings with remediation recommendations.
Full Preview โIntegrate security into CI/CD: SAST (Static), DAST (Dynamic), SCA (Dependencies).
IAM roles, VPC, Security Groups, encryption at rest and in transit.
Spoofing, Tampering, Repudiation, Info Disclosure, DoS, Elevation of Privilege.
Design and implement a complete secure enterprise application with authentication, RBAC, secure API, encryption, and monitoring.
Full Preview โDesign and implement a secure enterprise application demonstrating all skills learned:
Security+, CEH
TryHackMe
Network, Cloud
Have questions or feedback? Login to send us a message.
Please login with Firebase to send us a message.