A bit technical! - The Ultimate Beginner's Guide to Cyber Security

The Ultimate Beginner's Guide to Cyber Security

The fundamentals

Understanding the cyber space

What is cyber security?

A bit technical!

Diving deep into the cyber world

The why, the what and the how!

Why we need cyber security & how cyber security started?

What is cyber space actually?

Lab Setup

Installing your own kali linux VM to finally start writing commands!

Kali Linux download and required softwares.

Installing and first preview of the environment.

Some more tweaks for the perfect setup!

Linux fundamentals

Learn how to use different linux OS distros and understand linux file system (LFS)

Different Linux OS Distributions.

Understanding LFS.

Knowing your commands.

Understanding Linux permissions.

Web App basics

Gain critical knowledge about how websites are made and what things to lookout for.

Introduction

Some strong base.

Looking practically, how websites work!

Adding 'security' into web apps, how & what to look for?

OWASP Top - 10 Web - Explanation

OWASP Top - 10 Web - Theory

Using tools to boost your speed in compromising systems!

Using different tools for different use cases to find important details about the applications.

Tools - Doing work for you - Part 1

Tools - Doing work for you - Part 2

Let's get hands on!

Finally getting the real world feel of how to approach systems and building a hacking methodology!

Practice what you've learnt - CTF 1

Practice what you've learnt - CTF 2

Practice what you've learnt - CTF 3

Bonus Tips and Tools.

Next steps & Resources- how to proceed further.

Level up your skill level to match the industry requirements

Recap!

Resources and Thank you.

A bit technical!

Ayush Sahu

Mar 31, 2023

In theory, cyber security is just the protection of systems, applications and networks. But going a bit technical, cyber security actually occurs due to the code logic errors which are the root cause for every digital risk.

To minimise the cyber security concerns, we have to rely more on HI i.e. human intelligence, rather than on AI i.e. Artificial intelligence.

Because at the end of the day, the programmer behind the development of the system or application is responsible for cyber threats.

Lets take a few examples to better understand how cyber security is related to bad code practices

(for now just focus on concept, we'll understand the technicality later on in this course.)

Example - 1

SELECT * FROM users WHERE username = '$username' AND password = '$password'

This code is vulnerable to SQL injection attacks because it concatenates user-supplied data directly into the SQL query. An attacker could input malicious data into the username and password fields, causing the query to execute unintended actions on the database.

How to solve it:

By use of prepared statements with parameterized queries to ensure that user-supplied data is properly sanitized and cannot be used to inject SQL commands.

$stmt = $pdo-&gt;prepare('SELECT * FROM users WHERE username = :username AND password = :password');
$stmt-&gt;execute(['username' =&gt; $username, 'password' =&gt; $password]);
$user = $stmt-&gt;fetch();

This code uses a prepared statement with named parameters to separate the SQL command from the user-supplied data. This ensures that the query is executed as intended and prevents SQL injection attacks.

Example - 2

import os

filename = input('Enter the filename: ')
os.system('rm ' + filename)

This code is vulnerable to command injection attacks because it passes user-supplied input directly to the os.system() function without any validation or sanitization. An attacker could input malicious data into the filename field, causing unintended commands to be executed on the system.

How to solve it: By using the subprocess module to execute shell commands and pass arguments as a list instead of a string like below

import subprocess

filename = input('Enter the filename: ')
subprocess.call(['rm', filename])

This code uses the subprocess.call() function to execute the rm command and passes the filename argument as a list item. This ensures that any special characters or malicious input in the filename are properly escaped and prevents command injection attacks.

By the above examples you get the feel of how small the flaw could be and how big a impact can cyber security have. That's why we'll learn basics of cyber security in this course.

alt text

Previous Lesson Next Lesson

Have a doubt?

Post it here, our mentors will help you out.