Cyber Security, Ethical Hacking, Application Security, Penetration Testing, Bug Bounties, etc., these career options are blooming and becoming popular among teenagers, scholars, experienced professionals, etc. globally. The reason for this popularity is surely the growing community, increased attacks, and need for skilled professionals.
However, this domain is at a time confusing for a beginner and it may look like an ocean when it comes to Where should I start from? What should I learn first? Damn, there’s a lot to learn and it will take years for me to get into the game, is there any shortcut or shall I leave this domain!! These are not just some questions I frame for this blog but these are the most commonly asked questions to me over Twitter, Instagram, LinkedIn, Emails, etc.
Sometimes, it really hard to provide an exact answer to a curious mind when they come and ask me, Hey Harsh, I am new to Cyber Security and I really want to get started, can you please help me out? Keeping this thing in mind, I am writing this blog to answer all these questions and in a nutshell provide you all with a learning path from my perspective on How to Get Started in Cyber Security?
Cyber Security is a huge domain and when you refer to Cyber Security, you are actually not clear what domain you are actually trying to ask! When you say Cyber Security it can be — you want to be a bug bounty hunter or maybe a blue teamer or a cyber forensics guy or maybe you are not sure either. So let’s just first break down some general career options in Cyber Security which will help you to know where you want to go exactly.
The above mindmap breaks down Cyber Security career options in three major domains Offensive, Defensive & Research. (Please note that Offensive Cyber Security is not an illegal term). Since, there’s a lot to explain, however, as I work into Offensive Cyber Security and if your end goals are to move into the Offensive Cyber Security side, keep on reading as in the next few paragraphs, I am going to give you a more close view of this domain, some requirements & how one should start learning & build a good career in it.
When we talk about getting started into Offensive Cyber Security, there are many domains such as Application Security, Red Teaming, Penetration Testing, Code Reviews, Cloud Audits, etc. However, there are always some initial requirements and at the end of the day, everything is linked somehow.
Pre-requisite:
Since I am into Offensive Security & Application Security I can guide better in how to get a start into this domain and below is the breakdown of various essential setups one should take to get a good grasp from basic to advance concepts. So let’s have a look into it:
There are multiple Operating Systems available in the market, however, the most common are Windows, Mac & Linux-based Operating Systems. On the other hand, Android & iOS are the majority players in the Mobile Operating Systems.
There are many scenarios when you will require to know how a particular operating system works and what are various security features provided by them, what are the limitations each of them has and how an attacker can abuse them.
For Example: As a pentester, you have gained access to a Linux Machine as a restricted user. Now, in order to escape the restriction, you will need to know how you can abuse the available features and gain privileged access. This becomes really simple when you know what are various features present and you will have a good hold of what to exploit and gain privileged access.
Resources to learn about Operating Systems:
If you wish to dive deeper into these operating systems, you can look out for Windows Internals or Linux Internals which is a more comprehensive study about these operating systems. However, I would recommend getting a basic knowledge at least.
Computer Networks are a really important aspect for any IT professional not just for the IT security people. Most of the time when you will encounter any engagement as an offensive security guy, you will be dealing with either a Web Application, Mobile Application, Cloud Infrastructure, Internal Network, Routers, Firewalls, IoT Devices, etc. and if you notice, most of these architectures communicate using internet directly or indirectly.
As a security professional, you must know basic concepts of networking which include knowing how Routing, Firewalling, SSL, TLS, Ports, Protocols, IP, TCP, UDP, MAC, and other important network security features work. Why this knowledge is required doesn’t need any explanation itself, it’s essential, that’s all.
Resources to learn Computer Networks
The web application is one of the widely encountered things during my journey as an application security engineer and offensive security guy. Most of the externally faced resources of any organization are web applications.
Before diving deeper into how to test for Web Application Security, it is essential to know various concepts about Web Application, their communication, and components. This includes understanding how an HTTP Request is formed, how HTTP Response works, what are the various security headers, browser security features, what is CSP and CORS, etc. This is a basic concept and will eventually help you throughout your journey as Application Security Guy!
Resources to learn Basic Concepts
Once you have gained enough understanding about the basic concepts of Web Application, Operating Systems & Computer Networks, the next part before exploring the Security perspective is to understand some of the common security frameworks which are followed at the industry standard. This is going to help you in proper referencing and understanding which category your security vulnerability lies in. How you can rate the severity of an identified security issue and how to approach for remediation.
OWASP: The Open Web Application Security Project is an online community that produces freely-available articles, methodologies, documentation, tools, and technologies in the field of web application security.
STRIDE: The STRIDE model was developed by Microsoft in order to help security engineers understand and classify all possible threats on a server. The name of this model is an acronym for the six main types of threats.
CVSS: The Common Vulnerability Scoring System (CVSS) provides a way to capture the principal characteristics of a vulnerability and produce a numerical score reflecting its severity. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes.
At this point, we will talk about how to get started in Web Application Security. There are tons of resources out there in the wild and it is not possible to learn/read all of them, however, choosing the best ones is also a difficult task. I am sharing some of the good resources to follow in order to get a good hold:
If you can purchase paid subscriptions I would suggest these two paid labs and they have nice content:
Please note that I am not associated with these vendors in any sort of paid promotions.
Note: Do not spend much time on the labs and start exploring the things in the real-life application through bug bounty and responsible disclosure programs. Investing more time in labs may make you uncomfortable testing real-world applications. When you feel you need to learn any attack say cross-site scripting, simply google about the available labs and solve them, start hitting the real application and follow the process again.
Getting started with Web Application security is really simple if your basics are strong and you follow a proper approach, I strongly recommend not waste much time only looking for resources rather invest your time into facing real-life applications and various scenarios.
For Network Security, there is no limit of resources but having a good understanding of computer networking from a security point is much required. There are multiple ways to practice for network security, however, the best way is to invest time in solving labs using HackTheBox and understanding new concepts. some of the good resources are:
The next big thing we often encounter as an Application Security engineer is Mobile Applications. However, this is a really interesting area as you have access to the source code by simply reverse-engineering the application and you can perform both Static as well as Dynamic Analysis.
I am also a learner when it comes to Mobile Application Security and currently, I have limited resources to suggest (I’ll add more in the coming days in this blog itself) which one can follow to pick up the pace with Mobile Application Security:
It took me a lot of time to put all the pieces together to write this blog but the purpose of drafting this blog is to answer all the questions that are generally asked to me around “How to get started”, “What is the right path” and others. Often, it is not possible to answer everyone but I hope this blog will help everyone who is seeking answers on this topic and all the newcomers. I will try to keep this blog updated at regular time intervals. In the future, I plan to add resources to get started into Cloud Security, Thick Clients, and other areas in this blog as well. I hope you enjoy reading this and get enough resources to get started in Cyber Security (Application Security/Offensive Security)
This blog itself is a whole bunch of takeaways. This is specially written to direct people whenever they seek guidance to get started in the Cyber Security domain. This is totally my learning path and perspective about how one should get started and I am not saying to blindly follow this but if this looks good to you, follow it and I will try to keep it updated.
If you have any good resources that you know should be included in this blog, please leave a PRIVATE NOTE and I will add the relevant ones to the blog.