Wednesday, February 18, 2026

📗 PHASE 2: Web Security Core (Month 3–4)

🔥 OWASP Top 10 (Very Important)

1️⃣ SQL Injection

Vulnerable code:


SELECT * FROM users WHERE username = '$user';

Attack:


' OR '1'='1

Fix:

Prepared statements
Parameterized queries

2️⃣ XSS (Cross-Site Scripting)

Stored XSS:

Malicious script saved in DB

Reflected XSS:

Injected via URL

Fix:

Escape output
Use Content Security Policy

3️⃣ CSRF

User logged in → attacker forces request.

Fix:

CSRF tokens

4️⃣ Broken Authentication

Fix:

Strong hashing (bcrypt)
Secure session handling

Tuesday, February 17, 2026

🚀 CYBERSECURITY COMPLETE ROADMAP (Beginner → Advanced) 📘 PHASE 1: Foundations (Month 1–2)

🚀 CYBERSECURITY COMPLETE ROADMAP (Beginner → Advanced)

📘 PHASE 1: Foundations (Month 1–2)

1️⃣ Networking Deep Dive (Core Backbone)

🔹 What You Must Understand

OSI Model (7 Layers)

Layers:

Physical
Data Link
Network
Transport
Session
Presentation
Application

👉 Real understanding:

HTTP works at Application layer
TCP works at Transport layer
IP works at Network layer

TCP vs UDP

TCP	UDP
Reliable	Fast
Connection oriented	Connectionless
Used in HTTPS	Used in streaming

Important Concepts

IP Address (IPv4, IPv6)
Subnetting
DNS (How google.com becomes IP)
ARP
Ports (80, 443, 22, 21, 3306)
Three-way handshake (SYN → SYN-ACK → ACK)

Tools Practice

Wireshark → Capture packets
ping, traceroute
netstat
nslookup

2️⃣ Linux Mastery (Month 1–2)

Install:

Kali Linux (VirtualBox)

Learn:

File Structure

/etc
/var
/home
/bin
/root

Important Commands


ls
cd
chmod
chown
grep
cat
nano
find
ps
kill
apt install

Permissions

Example:


-rwxr-xr--

Meaning:

Owner: read write execute
Group: read execute
Others: read

3️⃣ Programming for Security

Since you're a developer, focus on:

Python

Variables
Loops
Functions
Requests library
Sockets

Example:


import socket
print(socket.gethostbyname("google.com"))

Cybersecurity journey 💻 Phase 3: Practical Hacking Practice (4–8 Months)

💻 Phase 3: Practical Hacking Practice (4–8 Months)

Never hack real websites ❌
Practice legally on platforms:

TryHackMe
Hack The Box
PortSwigger Web Security Academy

Start with beginner rooms.

🧪 Phase 4: Tools You Must Learn

Tool	Purpose
Nmap	Network scanning
Burp Suite	Web app testing
Metasploit	Exploitation
Wireshark	Packet analysis
John the Ripper	Password cracking
Hydra	Brute force

🎓 Certifications (Optional but Powerful)

Start with:

CEH (Certified Ethical Hacker)
CompTIA Security+
eJPT (Beginner friendly)

Cybersecurity journey 🛡 Phase 2: Core Cybersecurity Concepts (2–4 Months)

🛡 Phase 2: Core Cybersecurity Concepts (2–4 Months)

🔍 1. Types of Cybersecurity

Understand domains:

Ethical Hacking
Web Security
Network Security
Cloud Security
Digital Forensics
SOC Analyst
Malware Analysis

🌐 2. Web Application Security (Very Important for You)

Since you build web apps like:

Student Management System
V-Connect
Jinni Shopping App

You should learn how they can be attacked.

Study:

SQL Injection
XSS (Cross Site Scripting)
CSRF
Authentication bypass
Session hijacking

Resource:
👉 OWASP Top 10

Cybersecurity journey Phase 1: Build Strong Foundations (0–2 Months)

Phase 1: Build Strong Foundations (0–2 Months)

Before jumping into hacking tools, master the basics.

🖥 1. Computer Networking (Very Important)

Learn:

OSI & TCP/IP model
IP, Subnetting
DNS, DHCP
HTTP / HTTPS
Ports & Protocols

Tools to explore:

Wireshark
Packet Tracer

🐧 2. Linux Fundamentals

Most cybersecurity tools run on Linux.

Learn:

File system structure
Commands (ls, grep, chmod, nano, etc.)
Users & permissions
Process management

Install:

Kali Linux (Virtual Machine using VirtualBox)

🧠 3. Basic Programming

Since you already work with PHP, Node.js, Firebase — that’s a big advantage.

Focus on:

Python (for automation & scripting)
Bash scripting
Basic understanding of JavaScript vulnerabilities