Tech Skills

Cybersecurity

Ethical hacking, penetration testing, network security, CTFs and defensive security

17,968
lessons
Skills in this topic
View full skill map →
Security Basics
beginner
Fix OWASP top 10 vulnerabilities
AI Security
intermediate
Identify and patch prompt injection vulnerabilities
Network Security
intermediate
Configure a firewall with proper inbound/outbound rules
Ethical Hacking & Pen Testing
intermediate
Conduct a full pen test with Kali Linux
Cloud Security
intermediate
Implement IAM least-privilege policies on AWS/GCP
Incident Response
intermediate
Build an incident response playbook
Security Compliance
intermediate
Map controls for SOC 2 Type II compliance
Defensive AI
advanced
Build an AI-powered log anomaly detector
All Reads (11,059) Articles (5481)Blog Posts (4300)Tutorials (403)Research Papers (34)News (841)
The Incident Commander Role: Running Incidents Without Chaos
Dev.to · Samson Tanimawo 🔐 Cybersecurity ⚡ AI Lesson 4h ago
The Incident Commander Role: Running Incidents Without Chaos
Everyone's Debugging, Nobody's Leading Five engineers in an incident channel. All...
Signal Protocol: A Technical Deep Dive into Modern Encrypted Messaging
Dev.to · Gladis Jenkins 🔐 Cybersecurity ⚡ AI Lesson 4h ago
Signal Protocol: A Technical Deep Dive into Modern Encrypted Messaging
Signal Protocol: A Technical Deep Dive into Modern Encrypted Messaging The Signal Protocol...
Applying SAST Tools to Real Applications — A Hands-On Look at Bandit
Dev.to · Mauricio Choqueña Choque 🔐 Cybersecurity ⚡ AI Lesson 8h ago
Applying SAST Tools to Real Applications — A Hands-On Look at Bandit
What is SAST, and Why It Matters Static Application Security Testing (SAST) analyzes...
I Downloaded a Free PHP Script. It Was Stealing Data
Dev.to · NIXX/DEV 🔐 Cybersecurity ⚡ AI Lesson 12h ago
I Downloaded a Free PHP Script. It Was Stealing Data
Some years ago, an anonymous PHP developer used to share free PHP scripts online. These scripts were...
What Is Project Glasswing, Really? Inside Anthropic's Big Bet on AI-Powered Cyber Defense
Dev.to · Arashad Dodhiya 🔐 Cybersecurity ⚡ AI Lesson 13h ago
What Is Project Glasswing, Really? Inside Anthropic's Big Bet on AI-Powered Cyber Defense
I'm not going to pretend I'm some veteran pentester writing this from experience. I'm a beginner. I'm...
Demystifying SSH with -vvv: How GBase 8a's Underlying Connection Negotiates Encryption
Dev.to · Michael 🔐 Cybersecurity ⚡ AI Lesson 13h ago
Demystifying SSH with -vvv: How GBase 8a's Underlying Connection Negotiates Encryption
SSH is the backbone of GBase 8a cluster management, powering everything from remote commands to SFTP...
How Hashing Actually Works (and Why You Can't Un-Hash a Password)
Dev.to · Anh Quân Nguyễn 🔐 Cybersecurity ⚡ AI Lesson 18h ago
How Hashing Actually Works (and Why You Can't Un-Hash a Password)
Last time a lot of people learned that Base64 isn't encryption. Hashing gets the same treatment:...
Hashing, encoding, and encryption are three different jobs, and Security+ catches you when you mix them up
Dev.to · TiltedLunar123 🔐 Cybersecurity ⚡ AI Lesson 1d ago
Hashing, encoding, and encryption are three different jobs, and Security+ catches you when you mix them up
A lot of people walk into the SY0-701 exam able to recite that AES is symmetric and SHA-256 is a...
The open source AI pentest tools worth knowing in 2026
Dev.to · Mehdi BOUTAYEB 🔐 Cybersecurity ⚡ AI Lesson 1d ago
The open source AI pentest tools worth knowing in 2026
Disclosure: I work on Darkmoon, one entry in this list. This is a neutral survey of the open source...
Autonomous pentesting against Active Directory, without the black box
Dev.to · Mehdi BOUTAYEB 🔐 Cybersecurity ⚡ AI Lesson 1d ago
Autonomous pentesting against Active Directory, without the black box
Active Directory is where most internal compromises happen and where most AI tools give up. Darkmoon...
Pentera alternatives in 2026, including the open source options
Dev.to · Mehdi BOUTAYEB 🔐 Cybersecurity ⚡ AI Lesson 1d ago
Pentera alternatives in 2026, including the open source options
Disclosure: I work on Darkmoon, one of the tools below. Pentera is a mature, enterprise grade...
Built an AI-Powered WAF for PHP/Laravel Apps in Africa — Here’s What It Catches
Dev.to · Nchiminyi — Founder, Kriosa 🔐 Cybersecurity ⚡ AI Lesson 1d ago
Built an AI-Powered WAF for PHP/Laravel Apps in Africa — Here’s What It Catches
Originally published on Medium A student developer from Cameroon built a security tool that explains...
Seven Unpatched FatFs Flaws Put Millions of Embedded Devices One USB Away From a Jailbreak
Dev.to · Etairos.ai 🔐 Cybersecurity ⚡ AI Lesson 1d ago
Seven Unpatched FatFs Flaws Put Millions of Embedded Devices One USB Away From a Jailbreak
TL;DR what: runZero disclosed seven vulnerabilities in FatFs, a tiny FAT/exFAT...
We open-sourced our security audit. Here's what we found (and fixed).
Dev.to · Edison Flores 🔐 Cybersecurity ⚡ AI Lesson 1d ago
We open-sourced our security audit. Here's what we found (and fixed).
MarketNow got pentested. 4 CRITICAL, 5 HIGH, 7 MEDIUM findings. All fixed. Here's the full report.
We open-sourced our security audit
Dev.to · Edison Flores 🔐 Cybersecurity ⚡ AI Lesson 1d ago
We open-sourced our security audit
MarketNow got pentested. 4 CRITICAL, 5 HIGH, 7 MEDIUM. All fixed.
I Built a Four‑Cloud Security Scanner That Auto‑Fixes Attack Chains – Here's How
Dev.to · APCSS SECURITY 🔐 Cybersecurity ⚡ AI Lesson 1d ago
I Built a Four‑Cloud Security Scanner That Auto‑Fixes Attack Chains – Here's How
🚀 The Problem Cloud security tools like Wiz and Orca are incredibly powerful – but they...
The Hidden Dangers of DMARC p=none: Why It's Undermining Your Email Security (Not Just Deliverability)
Dev.to · Azeem Malik 🔐 Cybersecurity ⚡ AI Lesson 1d ago
The Hidden Dangers of DMARC p=none: Why It's Undermining Your Email Security (Not Just Deliverability)
Understanding DMARC and the 'p=none' Policy DMARC (Domain-based Message Authentication,...
The MCP attack your code review cannot see
Dev.to · Kiell Tampubolon 🔐 Cybersecurity ⚡ AI Lesson 1d ago
The MCP attack your code review cannot see
Here is a line from an MCP manifest that would pass most code reviews: { "name": "search",...
Securing the Amnesiac Cloud: Database-Free Token Auth in Apps Script Web Apps
Dev.to · Hayrullah Kar 🔐 Cybersecurity ⚡ AI Lesson 1d ago
Securing the Amnesiac Cloud: Database-Free Token Auth in Apps Script Web Apps
Stop relying on vulnerable client-side states. Learn how to engineer production-grade session tokens, server-side RBAC, and audit logs using native CacheService
How one line in my log scanner's allowlist was muting alerts I never told it to
Dev.to · TiltedLunar123 🔐 Cybersecurity ⚡ AI Lesson 1d ago
How one line in my log scanner's allowlist was muting alerts I never told it to
threatlens is a log triage cli i've been building. you point it at windows event logs, or syslog, or...
Why Cursor Keeps Hashing Passwords With MD5 (And How to Fix It)
Dev.to · Charles Kern 🔐 Cybersecurity ⚡ AI Lesson 1d ago
Why Cursor Keeps Hashing Passwords With MD5 (And How to Fix It)
TL;DR AI editors still reach for md5/sha1 to hash passwords because that is what a decade...
How I built a zero-knowledge encrypted cloud storage app: the complete crypto architecture
Dev.to · Rajath R 🔐 Cybersecurity ⚡ AI Lesson 1d ago
How I built a zero-knowledge encrypted cloud storage app: the complete crypto architecture
For the past two years I've been building Silvora - a zero-knowledge encrypted cloud storage app -...
The Blind Spot of Every Cloud Config Scanner
Dev.to · Bala Paranj 🔐 Cybersecurity ⚡ AI Lesson 1d ago
The Blind Spot of Every Cloud Config Scanner
Most cloud security tools check settings one at a time. The breaches come from how settings combine. The maintainers of the best open-source scanner have been s
Why HIPAA Doesn't Cover the Health Data Your API Just Pulled
Dev.to · Spicy 🔐 Cybersecurity ⚡ AI Lesson 1d ago
Why HIPAA Doesn't Cover the Health Data Your API Just Pulled
If you're building anything on top of HealthKit, Google Fit, or a direct wearable API integration,...
N Mistakes I Made with HashiCorp Vault and AWS Secrets Manager in 2026
Dev.to · isabelle dubuis 🔐 Cybersecurity ⚡ AI Lesson 1d ago
N Mistakes I Made with HashiCorp Vault and AWS Secrets Manager in 2026
During a recent multi-region rollout, our pipeline stalled for 42 minutes because a Terraform module...
Your PDF tool is storing your files. Here's proof.
Dev.to · Muhammad Arbaz 🔐 Cybersecurity ⚡ AI Lesson 1d ago
Your PDF tool is storing your files. Here's proof.
Upload a file to any random "free" PDF tool online. Then check their privacy policy. Most of them...
Finding Exposed Services (and Fixing Them) with ScanSearch and Python
Dev.to · Billy 🔐 Cybersecurity ⚡ AI Lesson 2d ago
Finding Exposed Services (and Fixing Them) with ScanSearch and Python
Ever wondered what parts of your infrastructure are inadvertently exposed to the internet? Or maybe...
Workflow Series (06): Security — Cross-Step Injection Propagation and Four Defense Principles
Dev.to · WonderLab 🔐 Cybersecurity ⚡ AI Lesson 2d ago
Workflow Series (06): Security — Cross-Step Injection Propagation and Four Defense Principles
Workflow Security vs Skill Security Skill security (Skill Series Article 02) protects a...
I’m a Beginner, and I make an Open Source Ethical Hacking Tool Entirely on My Phone.
Dev.to · Skokoo 🔐 Cybersecurity ⚡ AI Lesson 2d ago
I’m a Beginner, and I make an Open Source Ethical Hacking Tool Entirely on My Phone.
Hey dev community! I don't have a PC yet, so I challenged myself to build an open source ethical...
How I protect Discord webhook URLs from being exposed in frontend code
Dev.to · David | Kordhub 🔐 Cybersecurity ⚡ AI Lesson 2d ago
How I protect Discord webhook URLs from being exposed in frontend code
The Problem If you've ever used Discord webhooks in a frontend app, you've probably done...
Cybersecurity Compliance Services: The Complete Guide
Dev.to · Solzorro IT Services 🔐 Cybersecurity ⚡ AI Lesson 2d ago
Cybersecurity Compliance Services: The Complete Guide
In the modern digital landscape, protecting sensitive data is no longer just an IT preference; it is...
Google Degrades NetNut: 2 Million Home Devices Cut From a Residential Proxy Network
Dev.to · Etairos.ai 🔐 Cybersecurity ⚡ AI Lesson 2d ago
Google Degrades NetNut: 2 Million Home Devices Cut From a Residential Proxy Network
TL;DR what: Google's GTIG, with the FBI, Lumen, and partners, degraded NetNut (tracked...
Waymap v7.2.1: Thread-Safe Results, Hardened Security, and a Dozen Bug Fixes
Dev.to · Trix Cyrus 🔐 Cybersecurity ⚡ AI Lesson 2d ago
Waymap v7.2.1: Thread-Safe Results, Hardened Security, and a Dozen Bug Fixes
Author: Trix Cyrus [🔹 Try My] Waymap Pentesting Tool [🔹 Follow] TrixSec GitHub [🔹 Join] TrixSec...
How to Test OAuth Recovery Emails Without Exposing Real Inboxes
Dev.to · SophiaXS 🔐 Cybersecurity ⚡ AI Lesson 2d ago
How to Test OAuth Recovery Emails Without Exposing Real Inboxes
A practical security guide to validating OAuth recovery emails with isolated inboxes, safer token checks, and less privacy risk.
The x402 payment layer has a state-synchronization gap, and four agent-payment attacks fall out of it
Dev.to · Michael "Mike" K. Saleme 🔐 Cybersecurity ⚡ AI Lesson 2d ago
The x402 payment layer has a state-synchronization gap, and four agent-payment attacks fall out of it
Agent payments crossed from prototype to infrastructure faster than the security work did. The x402...
Critical phpBB Authentication Bypass Allows Instant Account Takeover
Dev.to · BeyondMachines 🔐 Cybersecurity ⚡ AI Lesson 2d ago
Critical phpBB Authentication Bypass Allows Instant Account Takeover
phpBB version 3.3.17 patches a critical authentication bypass (CVE-2026-48611) that allows unauthenticated attackers to take over any account, including adminis
How to Use Snort on Ubuntu Dedicated Servers to Detect SSH Brute-Force Attacks
Dev.to · Nyra Amsi 🔐 Cybersecurity ⚡ AI Lesson 2d ago
How to Use Snort on Ubuntu Dedicated Servers to Detect SSH Brute-Force Attacks
SSH brute-force attacks are among the most common threats targeting Linux dedicated servers....
Cloudflare's Flexible SSL looks secure. It isn't.
Dev.to · Boris Kl 🔐 Cybersecurity ⚡ AI Lesson 2d ago
Cloudflare's Flexible SSL looks secure. It isn't.
A client called: "the site has the padlock, we're done with SSL, right?" Pulled up the Cloudflare...
Password Spray Attacks: How Attackers Exploit Authentication Weaknesses
Dev.to · GuardingPearSoftware 🔐 Cybersecurity ⚡ AI Lesson 2d ago
Password Spray Attacks: How Attackers Exploit Authentication Weaknesses
Password spraying is a type of account takeover (ATO) attack in which cybercriminals test one or a...
Cyber Security Best Practices Every Business Should Follow
Dev.to · sneha work 🔐 Cybersecurity ⚡ AI Lesson 2d ago
Cyber Security Best Practices Every Business Should Follow
Cyber threats are becoming more advanced, making security a top priority for businesses of all sizes....
Day 55 of #100DaysOfClickHouse - Security Best Practices for ClickHouse® Deployments
Dev.to · Kanishga Subramani 🔐 Cybersecurity ⚡ AI Lesson 2d ago
Day 55 of #100DaysOfClickHouse - Security Best Practices for ClickHouse® Deployments
Security Best Practices for ClickHouse® Deployments Introduction As...
Apple Releases Security Updates for 37 Vulnerabilities
Dev.to · BeyondMachines 🔐 Cybersecurity ⚡ AI Lesson 2d ago
Apple Releases Security Updates for 37 Vulnerabilities
Apple released security updates for iOS, macOS, and Safari to fix 37 vulnerabilities, including 26 WebKit flaws.
Top 10 Benefits of Using Professional CST Compliance Services in Saudi Arabia
Dev.to · dubai landpackage 🔐 Cybersecurity ⚡ AI Lesson 2d ago
Top 10 Benefits of Using Professional CST Compliance Services in Saudi Arabia
As Saudi Arabia continues to strengthen its digital economy cybersecurity compliance has become a...
How Dark Web Services Are Reshaping Cognitive Warfare
Dev.to · Adrian Alexandru Stinga 🔐 Cybersecurity ⚡ AI Lesson 2d ago
How Dark Web Services Are Reshaping Cognitive Warfare
It took me a few months to write the articles in Cognitive Warfare articles , The most important...
Developing a Practical, Ethical Web/AppSec Learning Platform for Modern Vulnerabilities and Patterns
Dev.to · Maxim Gerasimov 🔐 Cybersecurity ⚡ AI Lesson 2d ago
Developing a Practical, Ethical Web/AppSec Learning Platform for Modern Vulnerabilities and Patterns
Introduction: The Need for Modern Web/AppSec Training The cybersecurity landscape is...
Hinkal Protocol Hit by $820K Exploit as Attacker Routes Funds Through Tornado Cash
Dev.to · Codego Group 🔐 Cybersecurity ⚡ AI Lesson 2d ago
Hinkal Protocol Hit by $820K Exploit as Attacker Routes Funds Through Tornado Cash
Hinkal Protocol has been allegedly exploited for $820,000, with on-chain data showing stolen funds laundered through Tornado Cash and THORChain.
The Security Liability of Memory Allocation in TEEs: A Design Decision Log
Dev.to · Theo Ezell (webMethodMan) 🔐 Cybersecurity ⚡ AI Lesson 3d ago
The Security Liability of Memory Allocation in TEEs: A Design Decision Log
Memory allocation is not a feature — it is a security liability. In high-assurance Trusted Execution...
SaaS Security Best Practices: Auth, Authorization, and Data Protection
Dev.to · sweet 🔐 Cybersecurity ⚡ AI Lesson 3d ago
SaaS Security Best Practices: Auth, Authorization, and Data Protection
Security is not a feature — it is a property of your entire architecture. This guide covers the...