Tech Skills
Cybersecurity
Ethical hacking, penetration testing, network security, CTFs and defensive security
Skills in this topic
8 skills — Sign in to track your progress
Security Basics
beginner
Fix OWASP top 10 vulnerabilities
AI Security
intermediate
Identify and patch prompt injection vulnerabilities
Network Security
intermediate
Configure a firewall with proper inbound/outbound rules
Ethical Hacking & Pen Testing
intermediate
Conduct a full pen test with Kali Linux
Cloud Security
intermediate
Implement IAM least-privilege policies on AWS/GCP
Incident Response
intermediate
Build an incident response playbook
Security Compliance
intermediate
Map controls for SOC 2 Type II compliance
Defensive AI
advanced
Build an AI-powered log anomaly detector

Dev.to · Arashad Dodhiya
🔐 Cybersecurity
⚡ AI Lesson
1mo ago
Threat Modeling: The Cybersecurity Skill Nobody Talks About
When people think about cybersecurity, they usually imagine tools, exploits, and...

Dev.to · Nasrul Hazim Bin Mohamad
🔐 Cybersecurity
⚡ AI Lesson
1mo ago
PII Protection in PHP without a framework holding the leash
A pure-PHP toolkit for encrypting, masking, redacting, and tokenizing personal data — built as plain classes with explicit inputs and outputs, so it drops into

Dev.to · Rabah Laouadi
🔐 Cybersecurity
⚡ AI Lesson
1mo ago
14.8 Billion Fuzz
How 14.8 Billion Fuzz Executions Exposed an XOR Invariant Trap in a Rust Kernel Primitive For the...

Dev.to · Mahafuzur Rahaman
🔐 Cybersecurity
⚡ AI Lesson
1mo ago
SSH Mastery: The Complete Guide to Secure Remote Access (From Zero to Pro)
SSH isn't just a command — it's the Swiss Army knife of sysadmins, devs, and security pros. In 2026,...

Dev.to · CaraComp
🔐 Cybersecurity
⚡ AI Lesson
1mo ago
Your VPN Just Stopped Working — And 30 Countries Are Why
The end of anonymous access as we know it For developers in the computer vision and biometrics...
Dev.to · Alexey Leshchenko
🔐 Cybersecurity
⚡ AI Lesson
1mo ago
5 Levels of Telegram Spam Your Anti-Spam Bot Isn't Catching
From plain-text crypto links to LLM-powered neurocommenting — a technical breakdown of Telegram spam evolution and why most moderation bots only detect the firs

Dev.to · Nader Khayyatei
🔐 Cybersecurity
⚡ AI Lesson
1mo ago
Elevating Legacy PHP Authentication to Enterprise Standards: A Zero-Trust Approach
A practical case study on transforming a vulnerable PHP login script into an enterprise-ready, OWASP-compliant architecture.

Dev.to · Andrew Gibbs
🔐 Cybersecurity
⚡ AI Lesson
1mo ago
34 malicious packages discovered targeting Solana developers: Steals wallet credentials and SSH keys
Socket Security just published research on TrapDoor malware: 34 malicious packages targeting...

Dev.to · Zeke
🔐 Cybersecurity
⚡ AI Lesson
1mo ago
Three ways to gate an MCP server: OAuth, L402, and proof-of-work
Somebody at Sentry filed a bug last month: Cursor Automations started hitting rate-limit errors...

Dev.to · Vincent Olagbemide
🔐 Cybersecurity
⚡ AI Lesson
1mo ago
How 23,000 Repos Got Their Secrets Stolen Through Their Own CI/CD Pipeline
Been thinking about writing this one for a while. Supply chain attacks against CI/CD pipelines have...

Dev.to · soy
🔐 Cybersecurity
⚡ AI Lesson
1mo ago
AI Jailbreaks, WebGL Fingerprinting, & Post-Quantum Crypto Defenses
AI Jailbreaks, WebGL Fingerprinting, & Post-Quantum Crypto Defenses Today's...

Dev.to · Silver_dev
🔐 Cybersecurity
⚡ AI Lesson
1mo ago
Trust Boundary Violation in gRPC gateways
Encountered an interesting case about Trust Boundary Violation. Microservices are written in Golang....

Dev.to · Silver_dev
🔐 Cybersecurity
⚡ AI Lesson
1mo ago
Trust Boundary Violation in gRPC gateways
Encountered an interesting case about Trust Boundary Violation. Microservices are written in Golang....

Dev.to · Miroslav Thompson
🔐 Cybersecurity
⚡ AI Lesson
1mo ago
Ethical considerations of working with Microsoft technologies
I’ve been working as a C# dev since 2010. I was 16 years younger back then, and the "ethical...

Dev.to · Tarek CHEIKH
🔐 Cybersecurity
⚡ AI Lesson
1mo ago
Your EC2 Instances Are Probably Exposed Right Now
Part 1 of 3 in the EC2 Security Series We’ve all been there. You spin up an EC2 instance. Pick an...

Dev.to · Arashad Dodhiya
🔐 Cybersecurity
⚡ AI Lesson
1mo ago
Reconnaissance Is Not Hacking (And That's Why It's So Powerful)
When most people hear the word "cybersecurity," they imagine someone furiously typing commands in a...

Dev.to · Mona
🔐 Cybersecurity
⚡ AI Lesson
1mo ago
10 Important Azure Security Settings That Are Easy to Miss
When learning Azure security, I realized that many important security controls are already available...

Dev.to · Shubham
🔐 Cybersecurity
⚡ AI Lesson
1mo ago
Breaking to Build: How CTF and Bug Bounty Hunting Rewires System Design
As software engineers, we are trained to be creators. We stare at a product requirement document, map...

Dev.to · Andrew Kew
🔐 Cybersecurity
⚡ AI Lesson
1mo ago
Your MCP servers can read your SSH keys. Anthropic just fixed that.
Every MCP server you run locally executes with your full filesystem and network permissions. That...

Dev.to · Olivia Craft
🔐 Cybersecurity
⚡ AI Lesson
1mo ago
CLAUDE.md Security Rules: What to Add Now That Claude Code Reviews Your Code
Claude Code just shipped a built-in security-guidance plugin — a 3-layer review that runs a pattern...

Dev.to · Jorge Cedillo
🔐 Cybersecurity
⚡ AI Lesson
1mo ago
I scanned 8 popular open-source repos for outdated dependencies and CVEs. Here's what I found.
Most developers know their dependencies are probably outdated. Few know by how much. I built...

Dev.to · 七品
🔐 Cybersecurity
⚡ AI Lesson
1mo ago
Automated Security Audits for Your Codebase Using Claude Code
How to catch OWASP Top 10 vulnerabilities, auth flaws, and dependency risks before they hit production — using a specialized Claude Code security skill.

Dev.to · Ofri Peretz
🔐 Cybersecurity
⚡ AI Lesson
1mo ago
Getting Started with eslint-plugin-mongodb-security
How to prevent MongoDB NoSQL injection, operator injection, and hardcoded connection strings with the only ESLint plugin built specifically for MongoDB/Mongoose

Dev.to · Homayoun Mohammadi
🔐 Cybersecurity
⚡ AI Lesson
1mo ago
Modern Web Security Attacks Every Developer Must Know (2026 Guide) Clickjacking
Modern websites are not only about beautiful UI and animations security matters too. One of the most...

Dev.to · Eli
🔐 Cybersecurity
⚡ AI Lesson
1mo ago
Bluetooth Device Name Triggers Emergency Alert on United 767
A wireless connectivity mishap forces aircraft diversion, raising questions about airline safety protocols in the wireless age.

Dev.to · Stefan
🔐 Cybersecurity
⚡ AI Lesson
1mo ago
Detect Prototype Pollution in JavaScript: Code Review Checklist
A practical code review checklist to detect prototype pollution in JavaScript: dangerous patterns, safe fixes, and review questions for reviewers and authors.

Dev.to · Satyam Rastogi
🔐 Cybersecurity
⚡ AI Lesson
1mo ago
Dark Reading's 20-Year Anniversary: Security Marketing's Role in Threat Landscape Evolution
Dark Reading's 20-year milestone reveals critical insights into how security journalism influences both attacker intelligence gathering and defender c

Dev.to · Security Cyber
🔐 Cybersecurity
⚡ AI Lesson
1mo ago
🔒 Protecting Cookies with Device Bound Session Credentials
🔒 Protecting Cookies with Device Bound Session Credentials Breaking security news. Here is what you...

Dev.to · Arashad Dodhiya
🔐 Cybersecurity
⚡ AI Lesson
1mo ago
The Castle Analogy: Understanding Attack Surface Through Subdomains
Most beginners think a company's website is just a single website. For example: company.com ...

Dev.to · Mahafuzur Rahaman
🔐 Cybersecurity
⚡ AI Lesson
1mo ago
SSH Bastion Hosts and Jump Servers: Architecture, ProxyJump, and Zero-Trust Patterns
Exposing every server directly to the internet is how breaches happen. Here's how to build a...

Dev.to · Tarek CHEIKH
🔐 Cybersecurity
⚡ AI Lesson
1mo ago
Build a Free AWS Security Lab on Your Laptop with LocalEmu
Spin up a local AWS, plant deliberately insecure resources, and run real security scanners against...

Dev.to · DevToolsmith
🔐 Cybersecurity
⚡ AI Lesson
1mo ago
NIS2 Directive 2025: What Software Companies Need to Do Now
NIS2 (Network and Information Security Directive 2) came into EU law in October 2024. Unlike GDPR, which targets data protection, NIS2 targets **operational res

Dev.to · ricco020
🔐 Cybersecurity
⚡ AI Lesson
1mo ago
Public WiFi in 2026: What's Actually Risky and What Isn't
What WiFi operators actually see on your connections, the 6 documented attacks in 2025-2026, and why HTTPS alone isn't enough.

Dev.to · Shubham Chaudhary
🔐 Cybersecurity
⚡ AI Lesson
1mo ago
SOC Analyst's Guide to Security Monitoring and Threat Detection Tools
Security Operations Centers (SOCs) are evolving rapidly as organizations face increasingly...

Dev.to · InboxGreen
🔐 Cybersecurity
⚡ AI Lesson
1mo ago
Your domain has no DMARC record: what that means for your email
If you run dig TXT _dmarc.yourdomain.com and get nothing back, your domain has no DMARC record. That...

Dev.to · BeyondMachines
🔐 Cybersecurity
⚡ AI Lesson
1mo ago
Palo Alto Networks PAN-OS Authentication Bypass Exploited in the Wild
Palo Alto Networks patched a high-severity authentication bypass vulnerability (CVE-2026-0257) in PAN-OS and Prisma Access that is being exploited to gain unaut

Dev.to · Destawell
🔐 Cybersecurity
⚡ AI Lesson
1mo ago
Introducing Destawell — Mobile-First Security Research & Open-Source Tooling
Introducing Destawell Mobile-First Security Research | AI Red Teaming | Open-Source...

Dev.to · kt
🔐 Cybersecurity
⚡ AI Lesson
1mo ago
SPIFFE Compliance Deep Dive
If you run SPIRE, are you SPIFFE compliant? How far do you have to go with a custom implementation? I read the spiffe/spiffe spec end to end and pulled out the

Dev.to · Mahafuzur Rahaman
🔐 Cybersecurity
⚡ AI Lesson
1mo ago
SSH Agent Forwarding vs ProxyJump: Why Agent Forwarding Is Dangerous and What to Use Instead
Thousands of tutorials recommend ForwardAgent yes. Most of them don't tell you what it...

Dev.to · Charles Givre
🔐 Cybersecurity
⚡ AI Lesson
1mo ago
Detecting Adversary-in-the-Middle (T1557) with Data Science
Detect MITRE ATT&CK T1557 adversary-in-the-middle attacks with Python: LLMNR/NBT-NS poisoning, ARP cache poisoning, and rogue DHCP, using pandas and scapy.

Dev.to · Charles Givre
🔐 Cybersecurity
⚡ AI Lesson
1mo ago
Detecting Ingress Tool Transfer (T1105) with Python
How to detect MITRE ATT&CK T1105 ingress tool transfer with Python: LOLBin downloaders, rare process-to-network pairs, and executables on the wire.

Dev.to · Arashad Dodhiya
🔐 Cybersecurity
⚡ AI Lesson
1mo ago
Starting My Cybersecurity Learning Journey 🚀
Starting My Cybersecurity Learning Journey 🚀 Hey everyone 👋 I'm Arashad, and this is my...

Dev.to · weiseer
🔐 Cybersecurity
⚡ AI Lesson
1mo ago
Bulk-check DNS, SSL and email auth for a whole list of domains (no scraping)
If you've ever had a spreadsheet of domains — a lead list, an acquisition target's footprint, your...

Dev.to · N Suresh
🔐 Cybersecurity
⚡ AI Lesson
1mo ago
Pentest Swarm AI Tool With Live Access to Nmap, SQLMap, Burp Suite, and Metasploit: The Ultimate Ethical Hacking Guide
Most security teams already use vulnerability scanners, recon tools, and penetration testing...

Dev.to · Zeke
🔐 Cybersecurity
⚡ AI Lesson
1mo ago
Three ways to gate an MCP server: OAuth, L402, and proof-of-work
Somebody at Sentry filed a bug last month: Cursor Automations started hitting rate-limit errors...

Dev.to · TAKUMI SUGATA
🔐 Cybersecurity
⚡ AI Lesson
1mo ago
IDS Is a Fire Alarm, IPS Is a Sprinkler — Understanding Snort from the Ground Up
Introduction While studying for CompTIA Network+, I couldn't understand a relationship...

Dev.to · Blessing James
🔐 Cybersecurity
⚡ AI Lesson
1mo ago
Why a Strong Foundation in General Cybersecurity Analysis is Non-Negotiable Before Specializing in Cloud DFIR: Lessons from Day One
Introduction In the rapidly evolving landscape of cybersecurity in 2026, Cloud Digital Forensics and...

Dev.to · Bhavy Yadav
🔐 Cybersecurity
⚡ AI Lesson
1mo ago
What Happens in 2 Milliseconds: Anatomy of a Single HTTP Request Through a Production WAF
The rule engine is not the hard part. Everyone builds a rule engine. The hard part is deciding what...
DeepCamp AI