I'm very passionate about Cyber Security, and so I was thinking of starting a series where I'll try to update you about the progress, topics, and related labs each day for better hands-on practice.
The topics will be mostly from Portswigger Website. Also, for some more practical discussion, I'll refer to Kontra.
If you're also a beginner & want to begin your journey in Cyber Security, you can follow my VAPT tutorial with labs series & if you're an expert or in this journey, you can help me out with some suggestions.
Following are the topics that I'll cover during this journey:
Server Side topics
- SQL injection
- Authentication
- Path traversal
- Command injection
- Business logic vulnerabilities
- Information disclosure
- Access control
- File upload vulnerabilities
- Race conditions
- Server-side request forgery (SSRF)
- XXE injection
- NoSQL injection
- API testing
- Web cache deception
Client Side topics
- Cross-site scripting (XSS)
- Cross-site request forgery (CSRF)
- Cross-origin resource sharing (CORS)
- Clickjacking
- DOM-based vulnerabilities
- WebSockets
Advanced topics
- Insecure deserialization
- Web LLM attacks
- GraphQL API vulnerabilities
- Server-side template injection
- Web cache poisoning
- HTTP Host header attacks
- HTTP request smuggling
- OAuth authentication
- JWT attacks
- Prototype pollution
- Essential skills
Let me know my plan & your ideas, suggestions, or pointers to discuss this. I'm open to collaboration too. I'll try to create more concise but informative blogs on each topic & it's solution.
We can check our leaderboard/dashboard here.
To get started, you need to create an account in Portswigger & my main focus will be on this website only.
Let's Hack !!
Top comments (0)