Tech Skills
Cybersecurity
Ethical hacking, penetration testing, network security, CTFs and defensive security
Skills in this topic
8 skills — Sign in to track your progress
Security Basics
beginner
Fix OWASP top 10 vulnerabilities
AI Security
intermediate
Identify and patch prompt injection vulnerabilities
Network Security
intermediate
Configure a firewall with proper inbound/outbound rules
Ethical Hacking & Pen Testing
intermediate
Conduct a full pen test with Kali Linux
Cloud Security
intermediate
Implement IAM least-privilege policies on AWS/GCP
Incident Response
intermediate
Build an incident response playbook
Security Compliance
intermediate
Map controls for SOC 2 Type II compliance
Defensive AI
advanced
Build an AI-powered log anomaly detector

Dev.to · Andrew Kew
🔐 Cybersecurity
⚡ AI Lesson
1mo ago
Your MCP servers can read your SSH keys. Anthropic just fixed that.
Every MCP server you run locally executes with your full filesystem and network permissions. That...

Dev.to · Olivia Craft
🔐 Cybersecurity
⚡ AI Lesson
1mo ago
CLAUDE.md Security Rules: What to Add Now That Claude Code Reviews Your Code
Claude Code just shipped a built-in security-guidance plugin — a 3-layer review that runs a pattern...

Dev.to · Jorge Cedillo
🔐 Cybersecurity
⚡ AI Lesson
1mo ago
I scanned 8 popular open-source repos for outdated dependencies and CVEs. Here's what I found.
Most developers know their dependencies are probably outdated. Few know by how much. I built...

Dev.to · 七品
🔐 Cybersecurity
⚡ AI Lesson
1mo ago
Automated Security Audits for Your Codebase Using Claude Code
How to catch OWASP Top 10 vulnerabilities, auth flaws, and dependency risks before they hit production — using a specialized Claude Code security skill.

Dev.to · Ofri Peretz
🔐 Cybersecurity
⚡ AI Lesson
1mo ago
Getting Started with eslint-plugin-mongodb-security
How to prevent MongoDB NoSQL injection, operator injection, and hardcoded connection strings with the only ESLint plugin built specifically for MongoDB/Mongoose

Dev.to · Homayoun Mohammadi
🔐 Cybersecurity
⚡ AI Lesson
1mo ago
Modern Web Security Attacks Every Developer Must Know (2026 Guide) Clickjacking
Modern websites are not only about beautiful UI and animations security matters too. One of the most...

Dev.to · Eli
🔐 Cybersecurity
⚡ AI Lesson
1mo ago
Bluetooth Device Name Triggers Emergency Alert on United 767
A wireless connectivity mishap forces aircraft diversion, raising questions about airline safety protocols in the wireless age.

Dev.to · Stefan
🔐 Cybersecurity
⚡ AI Lesson
1mo ago
Detect Prototype Pollution in JavaScript: Code Review Checklist
A practical code review checklist to detect prototype pollution in JavaScript: dangerous patterns, safe fixes, and review questions for reviewers and authors.

Dev.to · Satyam Rastogi
🔐 Cybersecurity
⚡ AI Lesson
1mo ago
Dark Reading's 20-Year Anniversary: Security Marketing's Role in Threat Landscape Evolution
Dark Reading's 20-year milestone reveals critical insights into how security journalism influences both attacker intelligence gathering and defender c

Dev.to · Security Cyber
🔐 Cybersecurity
⚡ AI Lesson
1mo ago
🔒 Protecting Cookies with Device Bound Session Credentials
🔒 Protecting Cookies with Device Bound Session Credentials Breaking security news. Here is what you...

Dev.to · Arashad Dodhiya
🔐 Cybersecurity
⚡ AI Lesson
1mo ago
The Castle Analogy: Understanding Attack Surface Through Subdomains
Most beginners think a company's website is just a single website. For example: company.com ...

Dev.to · Mahafuzur Rahaman
🔐 Cybersecurity
⚡ AI Lesson
1mo ago
SSH Bastion Hosts and Jump Servers: Architecture, ProxyJump, and Zero-Trust Patterns
Exposing every server directly to the internet is how breaches happen. Here's how to build a...

Dev.to · Tarek CHEIKH
🔐 Cybersecurity
⚡ AI Lesson
1mo ago
Build a Free AWS Security Lab on Your Laptop with LocalEmu
Spin up a local AWS, plant deliberately insecure resources, and run real security scanners against...

Dev.to · DevToolsmith
🔐 Cybersecurity
⚡ AI Lesson
1mo ago
NIS2 Directive 2025: What Software Companies Need to Do Now
NIS2 (Network and Information Security Directive 2) came into EU law in October 2024. Unlike GDPR, which targets data protection, NIS2 targets **operational res

Dev.to · ricco020
🔐 Cybersecurity
⚡ AI Lesson
1mo ago
Public WiFi in 2026: What's Actually Risky and What Isn't
What WiFi operators actually see on your connections, the 6 documented attacks in 2025-2026, and why HTTPS alone isn't enough.

Dev.to · Shubham Chaudhary
🔐 Cybersecurity
⚡ AI Lesson
1mo ago
SOC Analyst's Guide to Security Monitoring and Threat Detection Tools
Security Operations Centers (SOCs) are evolving rapidly as organizations face increasingly...

Dev.to · InboxGreen
🔐 Cybersecurity
⚡ AI Lesson
1mo ago
Your domain has no DMARC record: what that means for your email
If you run dig TXT _dmarc.yourdomain.com and get nothing back, your domain has no DMARC record. That...

Dev.to · BeyondMachines
🔐 Cybersecurity
⚡ AI Lesson
1mo ago
Palo Alto Networks PAN-OS Authentication Bypass Exploited in the Wild
Palo Alto Networks patched a high-severity authentication bypass vulnerability (CVE-2026-0257) in PAN-OS and Prisma Access that is being exploited to gain unaut

Dev.to · Destawell
🔐 Cybersecurity
⚡ AI Lesson
1mo ago
Introducing Destawell — Mobile-First Security Research & Open-Source Tooling
Introducing Destawell Mobile-First Security Research | AI Red Teaming | Open-Source...

Dev.to · kt
🔐 Cybersecurity
⚡ AI Lesson
1mo ago
SPIFFE Compliance Deep Dive
If you run SPIRE, are you SPIFFE compliant? How far do you have to go with a custom implementation? I read the spiffe/spiffe spec end to end and pulled out the

Dev.to · Mahafuzur Rahaman
🔐 Cybersecurity
⚡ AI Lesson
1mo ago
SSH Agent Forwarding vs ProxyJump: Why Agent Forwarding Is Dangerous and What to Use Instead
Thousands of tutorials recommend ForwardAgent yes. Most of them don't tell you what it...

Dev.to · Charles Givre
🔐 Cybersecurity
⚡ AI Lesson
1mo ago
Detecting Adversary-in-the-Middle (T1557) with Data Science
Detect MITRE ATT&CK T1557 adversary-in-the-middle attacks with Python: LLMNR/NBT-NS poisoning, ARP cache poisoning, and rogue DHCP, using pandas and scapy.

Dev.to · Charles Givre
🔐 Cybersecurity
⚡ AI Lesson
1mo ago
Detecting Ingress Tool Transfer (T1105) with Python
How to detect MITRE ATT&CK T1105 ingress tool transfer with Python: LOLBin downloaders, rare process-to-network pairs, and executables on the wire.

Dev.to · Arashad Dodhiya
🔐 Cybersecurity
⚡ AI Lesson
1mo ago
Starting My Cybersecurity Learning Journey 🚀
Starting My Cybersecurity Learning Journey 🚀 Hey everyone 👋 I'm Arashad, and this is my...

Dev.to · weiseer
🔐 Cybersecurity
⚡ AI Lesson
1mo ago
Bulk-check DNS, SSL and email auth for a whole list of domains (no scraping)
If you've ever had a spreadsheet of domains — a lead list, an acquisition target's footprint, your...

Dev.to · N Suresh
🔐 Cybersecurity
⚡ AI Lesson
1mo ago
Pentest Swarm AI Tool With Live Access to Nmap, SQLMap, Burp Suite, and Metasploit: The Ultimate Ethical Hacking Guide
Most security teams already use vulnerability scanners, recon tools, and penetration testing...

Dev.to · Zeke
🔐 Cybersecurity
⚡ AI Lesson
1mo ago
Three ways to gate an MCP server: OAuth, L402, and proof-of-work
Somebody at Sentry filed a bug last month: Cursor Automations started hitting rate-limit errors...

Dev.to · TAKUMI SUGATA
🔐 Cybersecurity
⚡ AI Lesson
1mo ago
IDS Is a Fire Alarm, IPS Is a Sprinkler — Understanding Snort from the Ground Up
Introduction While studying for CompTIA Network+, I couldn't understand a relationship...

Dev.to · Blessing James
🔐 Cybersecurity
⚡ AI Lesson
1mo ago
Why a Strong Foundation in General Cybersecurity Analysis is Non-Negotiable Before Specializing in Cloud DFIR: Lessons from Day One
Introduction In the rapidly evolving landscape of cybersecurity in 2026, Cloud Digital Forensics and...

Dev.to · Bhavy Yadav
🔐 Cybersecurity
⚡ AI Lesson
1mo ago
What Happens in 2 Milliseconds: Anatomy of a Single HTTP Request Through a Production WAF
The rule engine is not the hard part. Everyone builds a rule engine. The hard part is deciding what...

Dev.to · Antonio Lopez
🔐 Cybersecurity
⚡ AI Lesson
1mo ago
Building a Cloud SIEM from Scratch with AWS Lambda and EventBridge
How I built a real-time serverless security detection pipeline on AWS using CloudTrail, EventBridge,...

Dev.to · Regő Botond Ronyecz
🔐 Cybersecurity
⚡ AI Lesson
1mo ago
How to Test Your SPF Record for Common Mistakes (Step by Step)
Your SPF record looks correct. You added the include values your email provider told you to add. You...

Dev.to · Johan Tovar
🔐 Cybersecurity
⚡ AI Lesson
1mo ago
Tu navegador te conoce mejor de lo que crees: privacidad en 2026
El modo incógnito no te hace invisible. Borrar el historial tampoco. Lo único que hace el modo...

Dev.to · Zeke
🔐 Cybersecurity
⚡ AI Lesson
1mo ago
Someone wrote a fake EULA into Bitcoin. Two hours later they revoked it.
On May 30, 2026, an OP_RETURN inscription claimed federal law enforcement could search anyone who downloaded the block. Six blocks later, the author published a

Dev.to · mergeguard
🔐 Cybersecurity
⚡ AI Lesson
1mo ago
We shipped OSV + Trivy inside GitHub/GitLab PR reviews—no extra CI YAML
We just shipped a security release on MergeGuard: OSV (npm lockfile advisories) and Trivy (filesystem...
Dev.to · Lisa Zulu
🔐 Cybersecurity
⚡ AI Lesson
1mo ago
Treasure Hunt Engine: Why One Bad Prometheus Rule Sank the Whole Veltrix Event
The Problem We Were Actually Solving Our real goal wasnt fancy LLM prompts or real-time...

Dev.to · ricco020
🔐 Cybersecurity
⚡ AI Lesson
1mo ago
Test a DNS Leak in 2 Minutes: Complete Methodology + Per-OS Fixes (2026)
Complete methodology to detect DNS leaks on your VPN in 2 minutes — including Windows SMHNR, IPv6, and browser-DoH causes. Per-OS fix guide.

Dev.to · Olawale Afuye
🔐 Cybersecurity
⚡ AI Lesson
1mo ago
Cryptographic Failures: The Silent Killer in Your Codebase (OWASP #2)
You ship a feature. Tests pass. Deployment goes smooth. Everyone's happy. Meanwhile, somewhere in...

Dev.to · Habeeb Salami
🔐 Cybersecurity
⚡ AI Lesson
1mo ago
I scanned my side projects for vulnerabilities. It was humbling.
I ship small apps fast. Some of them I build mostly with AI tools. And every time I deployed one, the...

Dev.to · Rençber AKMAN
🔐 Cybersecurity
⚡ AI Lesson
1mo ago
Stage 0.5 — Programming Fundamentals
From Zero to Cybersecurity Professional | Complete Roadmap Series Series: Cybersecurity ×...

Dev.to · Dipta
🔐 Cybersecurity
⚡ AI Lesson
1mo ago
CSRF, and the cookie flag
<form action="https://bank.com/transfer" method="POST"> <input name="to"...

Dev.to · Jer Catallo
🔐 Cybersecurity
⚡ AI Lesson
1mo ago
Cookie Tampering: How Attackers Modify Cookies to Break Into Web Apps (And How You Can Prevent It)
Cookies are a common way for web apps to remember who you are and what you can access. The server...

Dev.to · HelixCipher
🔐 Cybersecurity
⚡ AI Lesson
1mo ago
Your Printer Might Be Leaving a Fingerprint on Every Page
A 2018 open-access paper in the Egyptian Journal of Forensic Sciences shows how yellow tracking dots...

Dev.to · Rizwan Saleem
🔐 Cybersecurity
⚡ AI Lesson
1mo ago
How to secure your web application — a practical guide for developers
How to secure your web application — a practical guide for developers Focused web...

Dev.to · Vedant Kulkarni
🔐 Cybersecurity
⚡ AI Lesson
1mo ago
CTF Writeup: Autorev 1 — picoCTF
1. Executive Summary Field Detail Challenge Name Autorev...

Dev.to · Kento IKEDA
🔐 Cybersecurity
⚡ AI Lesson
1mo ago
"Reinstalling Won't Fix It": A Cross-App Shared-Auth Deadlock After Switching Phones
After migrating to a new Android phone, a few specific apps stopped launching. Amazon Shopping and...

Dev.to · weiseer
🔐 Cybersecurity
⚡ AI Lesson
1mo ago
I scanned 200 popular MCP server packages. Here is what I found.
Open-source supply-chain trust gate for MCP servers, validated on 200 packages. 3 BLOCK findings including 1 hardcoded LLM API key. 6 'official' servers abandon

Dev.to · Cyber Defentech
🔐 Cybersecurity
⚡ AI Lesson
1mo ago
Best Cyber Security Course in Delhi 2026: Fees, Syllabus & Career Roadmap
A practical guide for students choosing cyber security training in Delhi with CEH, VAPT, SOC, cloud security and placement support.
DeepCamp AI