Cybersecurity journey 💻 Phase 3: Practical Hacking Practice (4–8 Months)

 

💻 Phase 3: Practical Hacking Practice (4–8 Months)

Never hack real websites ❌
Practice legally on platforms:

• TryHackMe

• Hack The Box

• PortSwigger Web Security Academy

Start with beginner rooms.

---

🧪 Phase 4: Tools You Must Learn

Tool	Purpose
Nmap	Network scanning
Burp Suite	Web app testing
Metasploit	Exploitation
Wireshark	Packet analysis
John the Ripper	Password cracking
Hydra	Brute force

---

🎓 Certifications (Optional but Powerful)

Start with:

• CEH (Certified Ethical Hacker)

• CompTIA Security+

• eJPT (Beginner friendly)

Cybersecurity journey 🛡 Phase 2: Core Cybersecurity Concepts (2–4 Months)

 

🛡 Phase 2: Core Cybersecurity Concepts (2–4 Months)

🔍 1. Types of Cybersecurity

Understand domains:

• Ethical Hacking

• Web Security

• Network Security

• Cloud Security

• Digital Forensics

• SOC Analyst

• Malware Analysis

---

🌐 2. Web Application Security (Very Important for You)

Since you build web apps like:

• Student Management System

• V-Connect

• Jinni Shopping App

You should learn how they can be attacked.

Study:

• SQL Injection

• XSS (Cross Site Scripting)

• CSRF

• Authentication bypass

• Session hijacking

Resource:
👉 OWASP Top 10

Cybersecurity journey Phase 1: Build Strong Foundations (0–2 Months)

 

Phase 1: Build Strong Foundations (0–2 Months)

Before jumping into hacking tools, master the basics.

🖥 1. Computer Networking (Very Important)

Learn:

• OSI & TCP/IP model

• IP, Subnetting

• DNS, DHCP

• HTTP / HTTPS

• Ports & Protocols

Tools to explore:

• Wireshark

• Packet Tracer

---

🐧 2. Linux Fundamentals

Most cybersecurity tools run on Linux.

Learn:

• File system structure

• Commands (ls, grep, chmod, nano, etc.)

• Users & permissions

• Process management

Install:

• Kali Linux (Virtual Machine using VirtualBox)

---

🧠 3. Basic Programming

Since you already work with PHP, Node.js, Firebase — that’s a big advantage.

Focus on:

• Python (for automation & scripting)

• Bash scripting

• Basic understanding of JavaScript vulnerabilities

information security

 What is information security?

Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification or destruction by ensuring the following security objectives:

 

Confidentiality 

Makes sure that data remains private and confidential. It should not be viewed by unauthorized people through any means

Information disclosure is a cyber-attack that reads all emails sent to/by the victim by eavesdropping into the communication network; hence, compromising confidentiality

Integrity 

Assures that data is protected from accidental or any deliberate modification

Tampering is a cyber-attack where attacker modifies an incoming email before it reaches the intended recipient. Receiver would not know that the received message was modified; hence, compromising integrity

 Availability

Ensures timely and reliable access to information and its use

Denial of service is a cyber-attack where the website becomes unavailable for legitimate users, restricting the availability of the website

Confidentiality, Integrity and Availability (CIA) are the objectives of information security. All protection mechanisms aim to protect one or more of these objectives. Sometimes, an alternate term Disclosure, Alteration and Denial (DAD, in negative form) is used to refer to these objectives.