Tech Skills

Cybersecurity

Ethical hacking, penetration testing, network security, CTFs and defensive security

18,002
lessons
Skills in this topic
View full skill map →
Security Basics
beginner
Fix OWASP top 10 vulnerabilities
AI Security
intermediate
Identify and patch prompt injection vulnerabilities
Network Security
intermediate
Configure a firewall with proper inbound/outbound rules
Ethical Hacking & Pen Testing
intermediate
Conduct a full pen test with Kali Linux
Cloud Security
intermediate
Implement IAM least-privilege policies on AWS/GCP
Incident Response
intermediate
Build an incident response playbook
Security Compliance
intermediate
Map controls for SOC 2 Type II compliance
Defensive AI
advanced
Build an AI-powered log anomaly detector
All Reads (11,092) Articles (5501)Blog Posts (4306)Tutorials (409)Research Papers (34)News (842)
Your MCP servers can read your SSH keys. Anthropic just fixed that.
Dev.to · Andrew Kew 🔐 Cybersecurity ⚡ AI Lesson 1mo ago
Your MCP servers can read your SSH keys. Anthropic just fixed that.
Every MCP server you run locally executes with your full filesystem and network permissions. That...
CLAUDE.md Security Rules: What to Add Now That Claude Code Reviews Your Code
Dev.to · Olivia Craft 🔐 Cybersecurity ⚡ AI Lesson 1mo ago
CLAUDE.md Security Rules: What to Add Now That Claude Code Reviews Your Code
Claude Code just shipped a built-in security-guidance plugin — a 3-layer review that runs a pattern...
I scanned 8 popular open-source repos for outdated dependencies and CVEs. Here's what I found.
Dev.to · Jorge Cedillo 🔐 Cybersecurity ⚡ AI Lesson 1mo ago
I scanned 8 popular open-source repos for outdated dependencies and CVEs. Here's what I found.
Most developers know their dependencies are probably outdated. Few know by how much. I built...
Automated Security Audits for Your Codebase Using Claude Code
Dev.to · 七品 🔐 Cybersecurity ⚡ AI Lesson 1mo ago
Automated Security Audits for Your Codebase Using Claude Code
How to catch OWASP Top 10 vulnerabilities, auth flaws, and dependency risks before they hit production — using a specialized Claude Code security skill.
Getting Started with eslint-plugin-mongodb-security
Dev.to · Ofri Peretz 🔐 Cybersecurity ⚡ AI Lesson 1mo ago
Getting Started with eslint-plugin-mongodb-security
How to prevent MongoDB NoSQL injection, operator injection, and hardcoded connection strings with the only ESLint plugin built specifically for MongoDB/Mongoose
Modern Web Security Attacks Every Developer Must Know (2026 Guide) Clickjacking
Dev.to · Homayoun Mohammadi 🔐 Cybersecurity ⚡ AI Lesson 1mo ago
Modern Web Security Attacks Every Developer Must Know (2026 Guide) Clickjacking
Modern websites are not only about beautiful UI and animations security matters too. One of the most...
Bluetooth Device Name Triggers Emergency Alert on United 767
Dev.to · Eli 🔐 Cybersecurity ⚡ AI Lesson 1mo ago
Bluetooth Device Name Triggers Emergency Alert on United 767
A wireless connectivity mishap forces aircraft diversion, raising questions about airline safety protocols in the wireless age.
Detect Prototype Pollution in JavaScript: Code Review Checklist
Dev.to · Stefan 🔐 Cybersecurity ⚡ AI Lesson 1mo ago
Detect Prototype Pollution in JavaScript: Code Review Checklist
A practical code review checklist to detect prototype pollution in JavaScript: dangerous patterns, safe fixes, and review questions for reviewers and authors.
Dark Reading's 20-Year Anniversary: Security Marketing's Role in Threat Landscape Evolution
Dev.to · Satyam Rastogi 🔐 Cybersecurity ⚡ AI Lesson 1mo ago
Dark Reading's 20-Year Anniversary: Security Marketing's Role in Threat Landscape Evolution
Dark Reading's 20-year milestone reveals critical insights into how security journalism influences both attacker intelligence gathering and defender c
🔒 Protecting Cookies with Device Bound Session Credentials
Dev.to · Security Cyber 🔐 Cybersecurity ⚡ AI Lesson 1mo ago
🔒 Protecting Cookies with Device Bound Session Credentials
🔒 Protecting Cookies with Device Bound Session Credentials Breaking security news. Here is what you...
The Castle Analogy: Understanding Attack Surface Through Subdomains
Dev.to · Arashad Dodhiya 🔐 Cybersecurity ⚡ AI Lesson 1mo ago
The Castle Analogy: Understanding Attack Surface Through Subdomains
Most beginners think a company's website is just a single website. For example: company.com ...
SSH Bastion Hosts and Jump Servers: Architecture, ProxyJump, and Zero-Trust Patterns
Dev.to · Mahafuzur Rahaman 🔐 Cybersecurity ⚡ AI Lesson 1mo ago
SSH Bastion Hosts and Jump Servers: Architecture, ProxyJump, and Zero-Trust Patterns
Exposing every server directly to the internet is how breaches happen. Here's how to build a...
Build a Free AWS Security Lab on Your Laptop with LocalEmu
Dev.to · Tarek CHEIKH 🔐 Cybersecurity ⚡ AI Lesson 1mo ago
Build a Free AWS Security Lab on Your Laptop with LocalEmu
Spin up a local AWS, plant deliberately insecure resources, and run real security scanners against...
NIS2 Directive 2025: What Software Companies Need to Do Now
Dev.to · DevToolsmith 🔐 Cybersecurity ⚡ AI Lesson 1mo ago
NIS2 Directive 2025: What Software Companies Need to Do Now
NIS2 (Network and Information Security Directive 2) came into EU law in October 2024. Unlike GDPR, which targets data protection, NIS2 targets **operational res
Public WiFi in 2026: What's Actually Risky and What Isn't
Dev.to · ricco020 🔐 Cybersecurity ⚡ AI Lesson 1mo ago
Public WiFi in 2026: What's Actually Risky and What Isn't
What WiFi operators actually see on your connections, the 6 documented attacks in 2025-2026, and why HTTPS alone isn't enough.
SOC Analyst's Guide to Security Monitoring and Threat Detection Tools
Dev.to · Shubham Chaudhary 🔐 Cybersecurity ⚡ AI Lesson 1mo ago
SOC Analyst's Guide to Security Monitoring and Threat Detection Tools
Security Operations Centers (SOCs) are evolving rapidly as organizations face increasingly...
Your domain has no DMARC record: what that means for your email
Dev.to · InboxGreen 🔐 Cybersecurity ⚡ AI Lesson 1mo ago
Your domain has no DMARC record: what that means for your email
If you run dig TXT _dmarc.yourdomain.com and get nothing back, your domain has no DMARC record. That...
Palo Alto Networks PAN-OS Authentication Bypass Exploited in the Wild
Dev.to · BeyondMachines 🔐 Cybersecurity ⚡ AI Lesson 1mo ago
Palo Alto Networks PAN-OS Authentication Bypass Exploited in the Wild
Palo Alto Networks patched a high-severity authentication bypass vulnerability (CVE-2026-0257) in PAN-OS and Prisma Access that is being exploited to gain unaut
Introducing Destawell — Mobile-First Security Research & Open-Source Tooling
Dev.to · Destawell 🔐 Cybersecurity ⚡ AI Lesson 1mo ago
Introducing Destawell — Mobile-First Security Research & Open-Source Tooling
Introducing Destawell Mobile-First Security Research | AI Red Teaming | Open-Source...
SPIFFE Compliance Deep Dive
Dev.to · kt 🔐 Cybersecurity ⚡ AI Lesson 1mo ago
SPIFFE Compliance Deep Dive
If you run SPIRE, are you SPIFFE compliant? How far do you have to go with a custom implementation? I read the spiffe/spiffe spec end to end and pulled out the
SSH Agent Forwarding vs ProxyJump: Why Agent Forwarding Is Dangerous and What to Use Instead
Dev.to · Mahafuzur Rahaman 🔐 Cybersecurity ⚡ AI Lesson 1mo ago
SSH Agent Forwarding vs ProxyJump: Why Agent Forwarding Is Dangerous and What to Use Instead
Thousands of tutorials recommend ForwardAgent yes. Most of them don't tell you what it...
Detecting Adversary-in-the-Middle (T1557) with Data Science
Dev.to · Charles Givre 🔐 Cybersecurity ⚡ AI Lesson 1mo ago
Detecting Adversary-in-the-Middle (T1557) with Data Science
Detect MITRE ATT&CK T1557 adversary-in-the-middle attacks with Python: LLMNR/NBT-NS poisoning, ARP cache poisoning, and rogue DHCP, using pandas and scapy.
Detecting Ingress Tool Transfer (T1105) with Python
Dev.to · Charles Givre 🔐 Cybersecurity ⚡ AI Lesson 1mo ago
Detecting Ingress Tool Transfer (T1105) with Python
How to detect MITRE ATT&CK T1105 ingress tool transfer with Python: LOLBin downloaders, rare process-to-network pairs, and executables on the wire.
Starting My Cybersecurity Learning Journey 🚀
Dev.to · Arashad Dodhiya 🔐 Cybersecurity ⚡ AI Lesson 1mo ago
Starting My Cybersecurity Learning Journey 🚀
Starting My Cybersecurity Learning Journey 🚀 Hey everyone 👋 I'm Arashad, and this is my...
Bulk-check DNS, SSL and email auth for a whole list of domains (no scraping)
Dev.to · weiseer 🔐 Cybersecurity ⚡ AI Lesson 1mo ago
Bulk-check DNS, SSL and email auth for a whole list of domains (no scraping)
If you've ever had a spreadsheet of domains — a lead list, an acquisition target's footprint, your...
Pentest Swarm AI Tool With Live Access to Nmap, SQLMap, Burp Suite, and Metasploit: The Ultimate Ethical Hacking Guide
Dev.to · N Suresh 🔐 Cybersecurity ⚡ AI Lesson 1mo ago
Pentest Swarm AI Tool With Live Access to Nmap, SQLMap, Burp Suite, and Metasploit: The Ultimate Ethical Hacking Guide
Most security teams already use vulnerability scanners, recon tools, and penetration testing...
Three ways to gate an MCP server: OAuth, L402, and proof-of-work
Dev.to · Zeke 🔐 Cybersecurity ⚡ AI Lesson 1mo ago
Three ways to gate an MCP server: OAuth, L402, and proof-of-work
Somebody at Sentry filed a bug last month: Cursor Automations started hitting rate-limit errors...
IDS Is a Fire Alarm, IPS Is a Sprinkler — Understanding Snort from the Ground Up
Dev.to · TAKUMI SUGATA 🔐 Cybersecurity ⚡ AI Lesson 1mo ago
IDS Is a Fire Alarm, IPS Is a Sprinkler — Understanding Snort from the Ground Up
Introduction While studying for CompTIA Network+, I couldn't understand a relationship...
Why a Strong Foundation in General Cybersecurity Analysis is Non-Negotiable Before Specializing in Cloud DFIR: Lessons from Day One
Dev.to · Blessing James 🔐 Cybersecurity ⚡ AI Lesson 1mo ago
Why a Strong Foundation in General Cybersecurity Analysis is Non-Negotiable Before Specializing in Cloud DFIR: Lessons from Day One
Introduction In the rapidly evolving landscape of cybersecurity in 2026, Cloud Digital Forensics and...
What Happens in 2 Milliseconds: Anatomy of a Single HTTP Request Through a Production WAF
Dev.to · Bhavy Yadav 🔐 Cybersecurity ⚡ AI Lesson 1mo ago
What Happens in 2 Milliseconds: Anatomy of a Single HTTP Request Through a Production WAF
The rule engine is not the hard part. Everyone builds a rule engine. The hard part is deciding what...
Building a Cloud SIEM from Scratch with AWS Lambda and EventBridge
Dev.to · Antonio Lopez 🔐 Cybersecurity ⚡ AI Lesson 1mo ago
Building a Cloud SIEM from Scratch with AWS Lambda and EventBridge
How I built a real-time serverless security detection pipeline on AWS using CloudTrail, EventBridge,...
How to Test Your SPF Record for Common Mistakes (Step by Step)
Dev.to · Regő Botond Ronyecz 🔐 Cybersecurity ⚡ AI Lesson 1mo ago
How to Test Your SPF Record for Common Mistakes (Step by Step)
Your SPF record looks correct. You added the include values your email provider told you to add. You...
Tu navegador te conoce mejor de lo que crees: privacidad en 2026
Dev.to · Johan Tovar 🔐 Cybersecurity ⚡ AI Lesson 1mo ago
Tu navegador te conoce mejor de lo que crees: privacidad en 2026
El modo incógnito no te hace invisible. Borrar el historial tampoco. Lo único que hace el modo...
Someone wrote a fake EULA into Bitcoin. Two hours later they revoked it.
Dev.to · Zeke 🔐 Cybersecurity ⚡ AI Lesson 1mo ago
Someone wrote a fake EULA into Bitcoin. Two hours later they revoked it.
On May 30, 2026, an OP_RETURN inscription claimed federal law enforcement could search anyone who downloaded the block. Six blocks later, the author published a
We shipped OSV + Trivy inside GitHub/GitLab PR reviews—no extra CI YAML
Dev.to · mergeguard 🔐 Cybersecurity ⚡ AI Lesson 1mo ago
We shipped OSV + Trivy inside GitHub/GitLab PR reviews—no extra CI YAML
We just shipped a security release on MergeGuard: OSV (npm lockfile advisories) and Trivy (filesystem...
Treasure Hunt Engine: Why One Bad Prometheus Rule Sank the Whole Veltrix Event
Dev.to · Lisa Zulu 🔐 Cybersecurity ⚡ AI Lesson 1mo ago
Treasure Hunt Engine: Why One Bad Prometheus Rule Sank the Whole Veltrix Event
The Problem We Were Actually Solving Our real goal wasnt fancy LLM prompts or real-time...
Test a DNS Leak in 2 Minutes: Complete Methodology + Per-OS Fixes (2026)
Dev.to · ricco020 🔐 Cybersecurity ⚡ AI Lesson 1mo ago
Test a DNS Leak in 2 Minutes: Complete Methodology + Per-OS Fixes (2026)
Complete methodology to detect DNS leaks on your VPN in 2 minutes — including Windows SMHNR, IPv6, and browser-DoH causes. Per-OS fix guide.
Cryptographic Failures: The Silent Killer in Your Codebase (OWASP #2)
Dev.to · Olawale Afuye 🔐 Cybersecurity ⚡ AI Lesson 1mo ago
Cryptographic Failures: The Silent Killer in Your Codebase (OWASP #2)
You ship a feature. Tests pass. Deployment goes smooth. Everyone's happy. Meanwhile, somewhere in...
I scanned my side projects for vulnerabilities. It was humbling.
Dev.to · Habeeb Salami 🔐 Cybersecurity ⚡ AI Lesson 1mo ago
I scanned my side projects for vulnerabilities. It was humbling.
I ship small apps fast. Some of them I build mostly with AI tools. And every time I deployed one, the...
Stage 0.5 — Programming Fundamentals
Dev.to · Rençber AKMAN 🔐 Cybersecurity ⚡ AI Lesson 1mo ago
Stage 0.5 — Programming Fundamentals
From Zero to Cybersecurity Professional | Complete Roadmap Series Series: Cybersecurity ×...
CSRF, and the cookie flag
Dev.to · Dipta 🔐 Cybersecurity ⚡ AI Lesson 1mo ago
CSRF, and the cookie flag
<form action="https://bank.com/transfer" method="POST"> <input name="to"...
Cookie Tampering: How Attackers Modify Cookies to Break Into Web Apps (And How You Can Prevent It)
Dev.to · Jer Catallo 🔐 Cybersecurity ⚡ AI Lesson 1mo ago
Cookie Tampering: How Attackers Modify Cookies to Break Into Web Apps (And How You Can Prevent It)
Cookies are a common way for web apps to remember who you are and what you can access. The server...
Your Printer Might Be Leaving a Fingerprint on Every Page
Dev.to · HelixCipher 🔐 Cybersecurity ⚡ AI Lesson 1mo ago
Your Printer Might Be Leaving a Fingerprint on Every Page
A 2018 open-access paper in the Egyptian Journal of Forensic Sciences shows how yellow tracking dots...
How to secure your web application — a practical guide for developers
Dev.to · Rizwan Saleem 🔐 Cybersecurity ⚡ AI Lesson 1mo ago
How to secure your web application — a practical guide for developers
How to secure your web application — a practical guide for developers Focused web...
CTF Writeup: Autorev 1 — picoCTF
Dev.to · Vedant Kulkarni 🔐 Cybersecurity ⚡ AI Lesson 1mo ago
CTF Writeup: Autorev 1 — picoCTF
1. Executive Summary Field Detail Challenge Name Autorev...
"Reinstalling Won't Fix It": A Cross-App Shared-Auth Deadlock After Switching Phones
Dev.to · Kento IKEDA 🔐 Cybersecurity ⚡ AI Lesson 1mo ago
"Reinstalling Won't Fix It": A Cross-App Shared-Auth Deadlock After Switching Phones
After migrating to a new Android phone, a few specific apps stopped launching. Amazon Shopping and...
I scanned 200 popular MCP server packages. Here is what I found.
Dev.to · weiseer 🔐 Cybersecurity ⚡ AI Lesson 1mo ago
I scanned 200 popular MCP server packages. Here is what I found.
Open-source supply-chain trust gate for MCP servers, validated on 200 packages. 3 BLOCK findings including 1 hardcoded LLM API key. 6 'official' servers abandon
Best Cyber Security Course in Delhi 2026: Fees, Syllabus & Career Roadmap
Dev.to · Cyber Defentech 🔐 Cybersecurity ⚡ AI Lesson 1mo ago
Best Cyber Security Course in Delhi 2026: Fees, Syllabus & Career Roadmap
A practical guide for students choosing cyber security training in Delhi with CEH, VAPT, SOC, cloud security and placement support.