0% found this document useful (0 votes)

45 views6 pages

Roadmap

The document outlines a comprehensive roadmap for cybersecurity fundamentals and web penetration testing, covering topics such as offensive and defensive security, Linux and Windows basics, networking, and web application functionality. It provides numerous resources, including links to online modules and tutorials on various vulnerabilities, tools, and testing methodologies. Additionally, it recommends YouTube channels and videos for further learning in cybersecurity and pentesting techniques.

Uploaded by

maqsudmuz1

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

45 views6 pages

Roadmap

Uploaded by

maqsudmuz1

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 6

Kiberxavfsizlik asoslari va

Web Pentest uchun Yo’l xaritasi

Kiberxavsizlikka Kirish
• Offensive Security Intro
• Defensive Security Intro
• Careers in Cyber
• Cybersecurity Concepts Overview

Linux Asoslari
• https://academy.hackthebox.com/module/details/18
• https://tryhackme.com/room/linuxmodules
• https://tryhackme.com/room/ninjaskills
• https://overthewire.org/wargames/bandit/

Windows Asoslari
• https://academy.hackthebox.com/module/details/49
• https://tryhackme.com/room/windowscommandline
• https://tryhackme.com/room/windowsfundamentals1xbx
• https://tryhackme.com/room/windowsfundamentals2x0x
• https://tryhackme.com/room/windowsfundamentals3xzx

Tarmoq Asoslari
• https://academy.hackthebox.com/module/details/34
• https://academy.hackthebox.com/module/details/289
• https://tryhackme.com/room/whatisnetworking
• https://tryhackme.com/room/introtonetworking
• https://tryhackme.com/room/networkingconcepts

Web Sayt/Applicationlar qanday ishlaydi?

• https://tryhackme.com/room/webapplicationbasics
• https://tryhackme.com/room/howwebsiteswork
• https://tryhackme.com/room/httpindetail
• https://tryhackme.com/room/introwebapplicationsecurity
• https://academy.hackthebox.com/module/details/35
• https://academy.hackthebox.com/module/details/75

2
Burp Suite va Proxy Tools
• https://academy.hackthebox.com/module/details/110
• https://tryhackme.com/room/learnowaspzap

Web Hacking Fundamentals

Recon/Enumeration
• https://academy.hackthebox.com/module/details/144
Information Disclosure
• https://portswigger.net/web-security/information-disclosure
SQL Injection and NoSQL Injection
• https://tryhackme.com/room/sqlilab
• https://tryhackme.com/room/sqlinjectionlm
• https://academy.hackthebox.com/module/details/33
• https://portswigger.net/web-security/learning-paths/sql-injection
• https://tryhackme.com/room/advancedsqlinjection
• https://academy.hackthebox.com/module/details/58
• https://tryhackme.com/room/nosqlinjectiontutorial
• https://portswigger.net/web-security/learning-paths/nosql-injection

XSS and DOM-Based Vulnerabilities

• https://tryhackme.com/room/axss
• https://portswigger.net/web-security/cross-site-scripting
• https://academy.hackthebox.com/module/details/103

Authentication Flaws
• https://portswigger.net/web-security/authentication
• https://tryhackme.com/room/enumerationbruteforce
• https://tryhackme.com/room/bypassreallysimplesecurity
• https://tryhackme.com/room/nextjscve202529927
• https://academy.hackthebox.com/module/details/80
• https://academy.hackthebox.com/module/details/134

Path Traversal va Local/Remote File Inclusion

• https://portswigger.net/web-security/file-path-traversal
• https://academy.hackthebox.com/module/details/23

3
Command Injection
• https://portswigger.net/web-security/os-command-injection
• https://academy.hackthebox.com/module/details/109

Business Logic Vulnerabilities and Rate Limiting

• https://portswigger.net/web-security/logic-flaws
• https://portswigger.net/web-security/race-conditions
• https://tryhackme.com/room/raceconditions

Access Control Issues

• https://portswigger.net/web-security/access-control

File Upload and XXE Injection

• https://academy.hackthebox.com/module/details/136
• https://portswigger.net/web-security/file-upload
• https://portswigger.net/web-security/xxe

Server-Side Request Forgery (SSRF)

• https://tryhackme.com/room/ssrfhr
• https://academy.hackthebox.com/module/details/145 (SSRF section is recommended)
• https://portswigger.net/web-security/ssrf

Cross-Site Request Forgery (CSRF)

• https://tryhackme.com/room/csrfV2
• https://portswigger.net/web-security/csrf

CORS Misconfigurations
• https://portswigger.net/web-security/cors

Clickjacking
• https://portswigger.net/web-security/clickjacking

4
JWT and OAuth Security
• https://portswigger.net/web-security/jwt
• https://portswigger.net/web-security/oauth

API Testing, WebSocket, and GraphQL Security

• https://portswigger.net/web-security/api-testing
• https://portswigger.net/web-security/websockets
• https://portswigger.net/web-security/graphql

Insecure Deserialization
• https://tryhackme.com/room/insecuredeserialisation
• https://portswigger.net/web-security/deserialization

Server-Side Template Injection (SSTI)

• https://tryhackme.com/room/learnssti
• https://academy.hackthebox.com/module/details/145 (SSTI qismi tavsiya qilinadi)
• https://portswigger.net/web-security/server-side-template-injection

LLM Hacking
• https://portswigger.net/web-security/llm-attacks
• https://academy.hackthebox.com/module/details/297

Web Cache Poisoning/Deception

• https://portswigger.net/web-security/web-cache-poisoning
• https://portswigger.net/web-security/web-cache-deception

HTTP Request Smuggling

• https://tryhackme.com/room/httprequestsmuggling
• https://tryhackme.com/room/http2requestsmuggling
• https://portswigger.net/web-security/request-smuggling

Prototype Pollution
• https://portswigger.net/web-security/prototype-pollution

5
Host Header Injection
• https://portswigger.net/web-security/host-header

Tavsiya qilinadigan youtube kanallar va videolar

Rana Khalil - Ko’pgina mavzular tushintirib berilgan
Z3nsh3ll - Asosan XSS va DOM XSS zaifliklari yaxshi tushintirilgan
Integriti - Bir qancha labatoriyalarni ishlashni yaxshi tushintirilgan
Jarno Timmermans - HTTP smuggling, Web Cache poisioning va CSRF zaifliklari yaxshi tushintirilgan
Porswigger Research Team - Portswigger jamoasi zaifliklarni qanday qilib aniqlashgani haqida
qiziqarli chiqishlar
Nahamsec - Umumiy pentest va bug hunting jarayoni haqida yaxshigina ma’lumotlar olish mumkin
Darknet Diaries - Interdagi qiziqarli voqealar haqida Gurung
Critical Thinking – Top Bug Bountychilar bilan suhbatlar va zaifliklar tahlili
Bug Bounty Report Explained – Bug Bountydagi Zaifliklar tahlili

? Beginner Cybersecurity Projects With GitHub Links
No ratings yet
? Beginner Cybersecurity Projects With GitHub Links
2 pages
Basic Security Concepts: Information Security Terminology (Simplified)
No ratings yet
Basic Security Concepts: Information Security Terminology (Simplified)
14 pages
Attacking Types - 250708 - 211834
No ratings yet
Attacking Types - 250708 - 211834
15 pages
FREE Cybersecurity COURSES - Awesome Cyber Security University
No ratings yet
FREE Cybersecurity COURSES - Awesome Cyber Security University
4 pages
Document
No ratings yet
Document
2 pages
Ethical
No ratings yet
Ethical
86 pages
Website Attack Vectors Presentation
No ratings yet
Website Attack Vectors Presentation
2 pages
Cyber Security - Zero To Mastery
No ratings yet
Cyber Security - Zero To Mastery
3 pages
Bug Bounty Exploitation Guide
80% (10)
Bug Bounty Exploitation Guide
250 pages
Cybersecurity Roadmap
100% (1)
Cybersecurity Roadmap
4 pages
Short Answers Cybersecurity
No ratings yet
Short Answers Cybersecurity
4 pages
Step 1 Understanding The Basics: Pre-Work
No ratings yet
Step 1 Understanding The Basics: Pre-Work
3 pages
Web Application Security
No ratings yet
Web Application Security
18 pages
Cybersecurity Learning Path Detailed
No ratings yet
Cybersecurity Learning Path Detailed
3 pages
DCSC Topics
No ratings yet
DCSC Topics
7 pages
Hacking Roadmap
No ratings yet
Hacking Roadmap
1 page
Ethical Hacking Roadmap 2025
No ratings yet
Ethical Hacking Roadmap 2025
7 pages
Nahamsec Bug Bounty Course Resources
No ratings yet
Nahamsec Bug Bounty Course Resources
3 pages
CEH Module 14
No ratings yet
CEH Module 14
195 pages
CompTIA Security+
No ratings yet
CompTIA Security+
75 pages
3.2 Web Application Attacks
No ratings yet
3.2 Web Application Attacks
23 pages
Reviewer
No ratings yet
Reviewer
4 pages
Security Vulnerabilities and Social Engineering
No ratings yet
Security Vulnerabilities and Social Engineering
33 pages
Web Security Terms and Definitions
No ratings yet
Web Security Terms and Definitions
3 pages
Web Hacking Syllabus: Beginner to Intermediate
No ratings yet
Web Hacking Syllabus: Beginner to Intermediate
5 pages
Bughutnig List of Vulnerabilities
No ratings yet
Bughutnig List of Vulnerabilities
2 pages
Comprehensive Ethical Hacking Course
No ratings yet
Comprehensive Ethical Hacking Course
7 pages
Cybersecurity
No ratings yet
Cybersecurity
4 pages
Prepare To BSCP
No ratings yet
Prepare To BSCP
2 pages
Introduction to Hacking Techniques
No ratings yet
Introduction to Hacking Techniques
11 pages
bb2019 Bryan Bishop Webappsec.2019 06 01
No ratings yet
bb2019 Bryan Bishop Webappsec.2019 06 01
36 pages
Assign 5
No ratings yet
Assign 5
5 pages
Cyber Security
No ratings yet
Cyber Security
6 pages
Website Hacking Introduction - From - HCH
No ratings yet
Website Hacking Introduction - From - HCH
10 pages
Bug Bounty Program Essentials
No ratings yet
Bug Bounty Program Essentials
3 pages
Web Security
No ratings yet
Web Security
3 pages
Typesofcyberattacks 150806095530 Lva1 App6892
No ratings yet
Typesofcyberattacks 150806095530 Lva1 App6892
17 pages
Awesome Web Hacking Guide
No ratings yet
Awesome Web Hacking Guide
10 pages
AppSec Ezine Edition 93 Overview
No ratings yet
AppSec Ezine Edition 93 Overview
4 pages
Cybersecurity Essentials for Small Networks
No ratings yet
Cybersecurity Essentials for Small Networks
4 pages
Simple Web-Hacking Techniques
100% (1)
Simple Web-Hacking Techniques
3 pages
Advanced Web Hacking Course Outline
No ratings yet
Advanced Web Hacking Course Outline
10 pages
Cyber Security
No ratings yet
Cyber Security
24 pages
100+ Hacker Techniques Explained
No ratings yet
100+ Hacker Techniques Explained
5 pages
Types of Cyber Attacks Explained
No ratings yet
Types of Cyber Attacks Explained
14 pages
Ethical Hacking from Scratch Course
No ratings yet
Ethical Hacking from Scratch Course
16 pages
IS Notes
No ratings yet
IS Notes
12 pages
Final Notes - All Units
No ratings yet
Final Notes - All Units
85 pages
Advanced Web Application Hacking Guide
No ratings yet
Advanced Web Application Hacking Guide
118 pages
Cybersecurity & Ethical Hacking Guide
No ratings yet
Cybersecurity & Ethical Hacking Guide
15 pages
OnlyHacks Merged
No ratings yet
OnlyHacks Merged
12 pages
Vapt Unit 1notes
No ratings yet
Vapt Unit 1notes
42 pages
Cybersecurity Roadmap All Goals
No ratings yet
Cybersecurity Roadmap All Goals
3 pages
67Hrs - The Complete Cyber Security Bundle - Beginner To Advanced
100% (1)
67Hrs - The Complete Cyber Security Bundle - Beginner To Advanced
6 pages
Pentest Qna 68
No ratings yet
Pentest Qna 68
12 pages
How I Would Hack You and Attack You
No ratings yet
How I Would Hack You and Attack You
4 pages
Ethical Hacking Important Question and Answer According Chatgpt
No ratings yet
Ethical Hacking Important Question and Answer According Chatgpt
15 pages
Hacking 101 OWASP
100% (2)
Hacking 101 OWASP
31 pages
What Is Information Security
No ratings yet
What Is Information Security
36 pages
SOP For E-Mail Security Policy - v. 1.0
No ratings yet
SOP For E-Mail Security Policy - v. 1.0
8 pages
Living in The IT Era
No ratings yet
Living in The IT Era
5 pages
Essential Cybersecurity Tools Guide
No ratings yet
Essential Cybersecurity Tools Guide
6 pages
Tutorial Question For Level4 Cyber Security
No ratings yet
Tutorial Question For Level4 Cyber Security
4 pages
Deep Web .onion Link Directory
No ratings yet
Deep Web .onion Link Directory
3 pages
Practical File
No ratings yet
Practical File
10 pages
Lecture 5 Questions and Answers - CIA Triad and Cybersecurity Roles
No ratings yet
Lecture 5 Questions and Answers - CIA Triad and Cybersecurity Roles
19 pages
Lesson 2
No ratings yet
Lesson 2
29 pages
Synopsis
No ratings yet
Synopsis
4 pages
Beijing Making A Push Back Shown by Chinese Report On The Suspected NSA Hack
No ratings yet
Beijing Making A Push Back Shown by Chinese Report On The Suspected NSA Hack
5 pages
Cyber Security
0% (2)
Cyber Security
3 pages
Credit Card Skimmer Disguised As Harmless Facebook Tracker
No ratings yet
Credit Card Skimmer Disguised As Harmless Facebook Tracker
9 pages
Cybersecurity and Data Privacy Challenges
No ratings yet
Cybersecurity and Data Privacy Challenges
7 pages
NSP-background 2024
No ratings yet
NSP-background 2024
51 pages
The Advanced Persistent Threat: Lewis Brodnax Founding Principal, Talion LLC
No ratings yet
The Advanced Persistent Threat: Lewis Brodnax Founding Principal, Talion LLC
34 pages
Verizon's 2025 DBIR - 97 - of APAC Breaches Driven by System Intrusion, Social Engineering, Web App Attacks
No ratings yet
Verizon's 2025 DBIR - 97 - of APAC Breaches Driven by System Intrusion, Social Engineering, Web App Attacks
2 pages
Cyber Security in Banking
No ratings yet
Cyber Security in Banking
11 pages
Cybercrime - Wikipedia
No ratings yet
Cybercrime - Wikipedia
72 pages
A Guide To Cyber Security Career Development
No ratings yet
A Guide To Cyber Security Career Development
1 page
The Cost of Cybercrime
No ratings yet
The Cost of Cybercrime
2 pages
ITWS - Cyber Hygiene Protecting Yourself in The Digital Age
No ratings yet
ITWS - Cyber Hygiene Protecting Yourself in The Digital Age
20 pages
Constella IdentityBreachReport 2024 2025
No ratings yet
Constella IdentityBreachReport 2024 2025
44 pages
Types of Cybers Attacks
No ratings yet
Types of Cybers Attacks
11 pages
Digital Footprints PROJECT FINAL (1) ..
No ratings yet
Digital Footprints PROJECT FINAL (1) ..
18 pages
Expert Guide to Targeted Malware Spreading
No ratings yet
Expert Guide to Targeted Malware Spreading
9 pages
Eh Unit2
No ratings yet
Eh Unit2
10 pages
Cybersecurity Threats in Banking
100% (1)
Cybersecurity Threats in Banking
67 pages
Android Trojan Variants Analysis
No ratings yet
Android Trojan Variants Analysis
60 pages
Ransomware - How To Prevent and Recover
No ratings yet
Ransomware - How To Prevent and Recover
3 pages