Cybersecurity is a field that's rarely covered in the CS curriculum, even though it can be one of the most exhilarating fields in tech. It covers so many bases -- from IT administration, to mathematics and cryptography, to hardware architecture, to web development. In some ways, it's like studying the Dark Arts from Harry Potter -- it's good to be familiar with, fun to play around with, but terrifying when used to effect in the wild.
With this in mind, please note that never use any of the knowledge in this workshop for non-approved purposes -- whether you want to test a website for XSS vulnerabilities, capture packets on the WiFi, or otherwise. This material is purely educational, and HackBU and its organizers are not responsible for any damages that you cause because of ignoring the above directive.
In this workshop, we'll teach you how a couple popular web security vulnerabilities work, as well as how to exploit them. We'll also expose you to the network side of things with Wireshark, and give you a rundown of cryptography!
- Cross-Site Scripting (XSS) - How to exploit and prevent one of the most common web vulnerabilities!
- SQL Injection - A dive into another kind of web vulnerability responsible for most data breaches!
- Capturing Network Traffic with Wireshark - How to capture, inspect, and interpret network traffic with Wireshark!
- Intro to and Theory of Cryptography - A primer on some basics of modern cryptography, as well as details on the history and mathematics of cryptography over the years!
Above all, one of the best resources for someone looking to get into cybersecurity is a website called TryHackMe. This site has hundreds of workshops in every aspect of cybersecurity you can think of, ranging from basic networking, cryptography, web app pentesting and more.
Other helpful resources in the form of podcasts/shows include:
Security Now, a podcast hosted by Steve Gibson (the man who coined the term 'spyware') and Leo Laporte. Check out their weekly episodes if you want to stay informed on modern day cybersecurity news.
Cyber Insecurity, a show in which Neal Bridges, a former NSA hacker with over 20 years of experience in the industry, discusses the challenges people new and existing in the cyber field face on a daily basis, as well as how beginners can get into cybersecurity.
If you'd like to learn more about hacking and do some target practice, be sure to check out the following:
- Web Security Academy - This massive, interactive, and free tutorial gives you a ton of information on how to find and exploit bugs in web applications.
- Hack the Box - A huge collection of vulnerable VMs hosted in the cloud that you can attack! Note that this website actually requires you to have some experience with web applications and other cybersecurity concepts before you are even able to create an account, so it is more geared to an intermediate level.
- VulnHub - A repository of VM images if you'd like to host a vulnerable box locally.
Finally, nothing is better than hands on learning. Anyone looking to quickly improve their cybersecurity skills should participate in at least one CTF. To learn more about what a cyber CTF really means, check out CTF 101, then visit CTF Time to join your first competition!