After last week’s talk on Web Application Pentesting, you would be forgiven for leaving the room scratching your head – potentially more confused than when you entered. “I’m supposed to be learning here” you think silently, wondering where you can gain the knowledge to even understand all of this terminology. RCE, XSS, CSRF, DNS – WTF??

As with any technical field, Cyber Security comes with plenty of technical jargon to get your head around. Luckily, Google (*cough* or DuckDuckGo *cough*) is always your friend and honing your Google-fu is an important part of the OSINT methodology. For more about OSINT download Peter’s slides from week 1 here.

Vernacular aside, getting started in security is greatly benefited by a working understanding of a variety of IT (and sometimes non-IT) fields. These include:

  • Networking
  • Applications/Programming(/Scripting)
  • Operating Systems
  • Hardware (Consumer and embedded systems)

While broad, these concepts should be considered from both a user and a developer perspective. In understanding how these systems and principles are intended to work, you gain the ability to see also how their implementation could have unforeseen consequences too (read: vulnerabilities).

With even a basic understanding of some of these concepts, you are in a position to get started on reading about the fun stuff – the vulnerabilities and exploits.

If you find any other resources you think should be on this list, simply comment on this post, post in the Facebook group or message me on Facebook/Discord.

Happy Hacking!

 

Categories: Resources

Leave a Reply

Your email address will not be published. Required fields are marked *