Skip to content
This repository has been archived by the owner on Aug 11, 2023. It is now read-only.

Latest commit

 

History

History
102 lines (92 loc) · 2.64 KB

README.md

File metadata and controls

102 lines (92 loc) · 2.64 KB

Disclaimer: My specialty is not security. Entities, Links and keywords are gathered to get a general knowledge about the need of this field. This content is for learning purposes only. Any of these items may be wrong or miscategorized.

Security 20

Security Domains

  • Data Security
  • System Security
  • Network Security
  • Access Control
    • Authentication
    • Authorization
  • Risk Management
  • Application Security
    • Application Security Fundamentals
  • Authentication and Security Protocols
  • Cryptography
  • Incident response
  • Offensive testing
    • Port Scanning
    • Vulnerability Scans
    • Penetration Testing
  • Security Systems (UNCATEGORIZED)
    • Intrusion detection
    • Content filtering
    • Privilege Access Management (PAM)
    • Data Loss Prevention (DLP)
    • Digital forensics
    • Firewalls
      • Web Application Firewall (WAF)
    • Anti-virus
    • Authentication systems (SSO, OAuth, Multi Factor Authentication (MFA), ...)
    • Log management
    • Cloud Access Security Broker (CASB)
  • Disaster Recovery Planning

Security Tools, Frameworks

[REMOVED FROM THIS VERSION]

Attacks and TTPS (Tactics, Techniques, and Procedures)

[REMOVED FROM THIS VERSION]

Degrees ??

  • CISSP
  • CSSLP
  • OSCP
  • GPEN
  • GIAC
  • Security+

Uncategorized Keywords

  • Cloud Security ??
  • SaaS, PaaS, ...
  • Cryptographic Systems -> SGX, SEV ??
  • Cyber Threat Intelligence ??
  • Security Orchestration ??
  • Threat modeling ??
  • Vulnerability assessments ??
  • [REMOVED FROM THIS VERSION]
  • PKI, TPM ??
  • CTF competitions, CVE research, Bug Bounty ??
  • SCCM ??, WSUS ??
  • DISA ??, STIG ??

Needed Qualifications, Skills

  • API Testing
  • Problem Solving
  • Troubleshooting, Debugging
  • Strong experience as a Developer
  • Knowledge of
    • Network Concepts
    • Server technologies
    • Web Services, Service Oriented Architectures
    • Secure coding practices
    • Common security vulnerabilities
    • Working with different Operating systems
    • IDE, build tools, source control, system administration.
    • Cloud service providers (AWS, GCP, Azure)
    • Data structures, algorithms, object-oriented, design patterns.
    • Linux
    • Performance/scale considerations.
    • CommandLine, Shell, Shell-Script, PowerShell, Bash
    • TLS/SSL, DDoS
    • DevOps best practices
    • CI tools like Circle CI, Jenkins, Team City
    • Windows (Active Directory) and Linux auth systems (LDAP)
    • TDD

List of Vulnerabilities

  • CVE
  • OWASP
  • Whitehat List

Tasks

  • Identify 3rd-Party dependency vulnerabilities

Langs

  • C, C++, Perl, Scala, JS, Python, Node, Java, Go, Ruby, ...

Other

  • SQL, Redis, Hive, Spark, Kubernetes, K8s, Docker, Kafka, ZeroMQ, NSQ, ...
  • JSON, gRPC
  • JWT, JWE, OpenID, ...
  • Splunk