Mastery Tasks:
- DEV STUFF:
- Sufficient Javascript, HTML, CSS to make an interactive website
- jQuery
- MVC
- Single Page Apps
- Angular/React/Vue
- Learn how to host a website:
- static files via apache/nginx
- deploying static files to a CDN
- static files or templates via NodeJS, PHP, Flask
- Basics of pointing DNS records:
- A
- CNAME
- MX
- TXT
- Using HTTPS via TLS/SSL certs
- Let's Encrypt
- Cloud provisioning
- Wiring up a database:
- Relational Mode - Pick one of: SQLite, MySQL/Maria, Redis, Postgres
- NoSQL - Pick one of: Mongo, Cassandra, CouchDB
- Cloud Stores - Pick one of: Firebase, DynamoDB, Cosmos DB
- Serving the data via REST API via connecting with:
- Node with Express
- PHP
- Flask
- Django
- Firebase
- Connecting front-end to your backend via AJAX, Websockets, or Forms
- Perform Authentication using old-school and new-school tech:
- passwords
- cookies
- sessions
- localStorage
- tokens
- oAuth
- JWT
- Perform Authorization using RBAC to:
- grant/revoke a role to a user
- give verb to noun permissions to a role
- Mess with caching and cache invalidation
- Serverless functions
- Firebase
- Lambdas (and their kin)
- Hybrid Apps
- Ionic
- React Native
- Cordova
- Cloud Provisioning
- Docker
- Rancher
- The Big Cloud Companies
- Sufficient Javascript, HTML, CSS to make an interactive website
- VULNERABILITIES:
- XSS
- Injection (SQLi, server-side templates, NoSQL injection)
- Sensitive Data Exposure
- XXE
- Broken Access Control
- Misconfiguration (default configs too)
- Deserialization exploits
- JWT tinkering
- File Upload Exploits
- Cache Poisoning
- Directory Traversal
- CSRF
- SECURITY CONTEXT:
- NIST framework
- Attack/Defense models
- OSINT
- Security Lifecycle
- Network Traffic
- ELK/Splunk monitoring
- CVEs
- Threat Hunting