Our Journey:
I like to look back at the what we've touched on, I won't say mastered/learned because this is web, it's a shotgun. I don't expect mastery of everything, but awareness of many things, and the meta-cognition to pick up anything.
- HTML tags and structure
- CSS Selectors and basic styling
- Javascript as a language
- Javascript as the master of the DOM
- Event-based programming
- jQuery fwiw
- Static hosting via file servers
- Static hosting via firebase hosting
- Hosting via github pages
- Hosting via Apache/NGINX on digital ocean style servers
- PHP basics
- Sessions
- Cookies
- NodeJS
- Express
- REST APIs as a shared mental model
- Firebase Real-Time Database
- Local Storage
- Single-Page Apps
- Client-Side Routing techniques
- Server-side rendering
- Authentication
- Role-Based Access Control
- Hashing
- Password Storage and Security (salting, stretching, cracking)
- Public-Key Key Exchanges (DHKE)
- Cylic Groups underlying Internet Security
- Man-in-the-middle attacks
- Certificates and Certificate Authorities
- Basic SQL
- the LAMP stack
- the MEAN stack (minus the A kinda)
- Serverless stacks
- Hybrid Apps with native tech
- History lessons in the eras of web dev
- robots.txt
- Session Hijacking
- Brute Force Limits
- Cookie Manipulation
- JWT Security
- File Upload Exploits
- Cross-Site Scripting XSS
- Local File Inclusion / Path Traversal
- exposed .git directories
- Type Juggling exploits
- Insecure deserialization
- Burpsuite
- SSRF (server-side request Forgery)
- Prototype Pollution
- SSTI (server-side template injection)
- Popping a reverse shell
- Docker Basics
- OWASP Juice Shop
- AWS Lambdas
- S3 for hosting
- Default Config Exploitation
- Request Stuffing
- XXE (eXternal XML Entities)
- OWASP top 10 classifications
- How to face uncertainty
- Hopefully being the driver of the car, and not a passenger on the bus
- How to hunt around for clues and learn something you've never seen, while on the job