Tech Skills

Cybersecurity

Ethical hacking, penetration testing, network security, CTFs and defensive security

17,766
lessons
Skills in this topic
View full skill map →
Security Basics
beginner
Fix OWASP top 10 vulnerabilities
AI Security
intermediate
Identify and patch prompt injection vulnerabilities
Network Security
intermediate
Configure a firewall with proper inbound/outbound rules
Ethical Hacking & Pen Testing
intermediate
Conduct a full pen test with Kali Linux
Cloud Security
intermediate
Implement IAM least-privilege policies on AWS/GCP
Incident Response
intermediate
Build an incident response playbook
Security Compliance
intermediate
Map controls for SOC 2 Type II compliance
Defensive AI
advanced
Build an AI-powered log anomaly detector
All Reads (10,862) Articles (5373)Blog Posts (4242)Tutorials (376)Research Papers (34)News (837)
Why Your Business Website Is a Security Risk: What OpenClaw Found in 500 SMB Audits
Dev.to · AlloTech AI 🔐 Cybersecurity ⚡ AI Lesson 1w ago
Why Your Business Website Is a Security Risk: What OpenClaw Found in 500 SMB Audits
Most small business owners don't think they're a target. The data says otherwise. We built OpenClaw...
DNS Rebinding and NXDOMAIN Hijacking: Two Overlooked DNS Attacks
Dev.to · Kishore Bhavnanie 🔐 Cybersecurity ⚡ AI Lesson 1w ago
DNS Rebinding and NXDOMAIN Hijacking: Two Overlooked DNS Attacks
Most DNS attacks people know about involve changing where a domain points: cache poisoning,...
PASETO vs JWT: A Token Format That Removes the Footguns
Dev.to · Haven Messenger 🔐 Cybersecurity ⚡ AI Lesson 1w ago
PASETO vs JWT: A Token Format That Removes the Footguns
JSON Web Tokens are everywhere, and most of their famous vulnerabilities trace back to a single...
The Death of "Code Freeze": Why Autonomous Agents Require Continuous Deterministic Security
Dev.to · Eldor Zufarov 🔐 Cybersecurity ⚡ AI Lesson 1w ago
The Death of "Code Freeze": Why Autonomous Agents Require Continuous Deterministic Security
When your pipeline executes at machine speed, a scheduled security event is already too late For...
🛡️ The Secret Vault: Guarding Your App Like a Jedi with the Force
Dev.to · Timevolt 🔐 Cybersecurity ⚡ AI Lesson 1w ago
🛡️ The Secret Vault: Guarding Your App Like a Jedi with the Force
The Quest Begins (The "Why") I was building a tiny SaaS dashboard for a friend’s indie...
The Attacker Only Has to Be Right Once
Dev.to · Serguey Asael Shinder 🔐 Cybersecurity ⚡ AI Lesson 1w ago
The Attacker Only Has to Be Right Once
You have to defend everything. They only have to find one thing. That's the asymmetry. That's the...
The best password database is the one that doesn't exist
Dev.to · Kardix 🔐 Cybersecurity ⚡ AI Lesson 1w ago
The best password database is the one that doesn't exist
Site: https://maotaw.com/ Why I built Kardix as a stateless password generator instead of another...
NIST Password Guidelines 2024: What Every Developer Needs to Know
Dev.to · Snappy Tools 🔐 Cybersecurity ⚡ AI Lesson 1w ago
NIST Password Guidelines 2024: What Every Developer Needs to Know
If you're still telling users to include "at least one uppercase letter, one number, and one special...
Why an Incident Response Retainer Doesn't Guarantee Incident Readiness
Dev.to · Atharv Gupta 🔐 Cybersecurity ⚡ AI Lesson 1w ago
Why an Incident Response Retainer Doesn't Guarantee Incident Readiness
When organizations sign an Incident Response (IR) retainer, there’s this kinda quiet reassurance that...
CVE-2026-53856: CVE-2026-53856: Incorrect Permission Assignment for Critical Resource in OpenClaw Config Recovery
Dev.to · CVE Reports 🔐 Cybersecurity ⚡ AI Lesson 1w ago
CVE-2026-53856: CVE-2026-53856: Incorrect Permission Assignment for Critical Resource in OpenClaw Config Recovery
CVE-2026-53856: Incorrect Permission Assignment for Critical Resource in OpenClaw Config...
Millions Spent on Security Tools. Zero Spent on Asking the Right Questions.
Dev.to · Tilak Upadhyay 🔐 Cybersecurity ⚡ AI Lesson 1w ago
Millions Spent on Security Tools. Zero Spent on Asking the Right Questions.
There is a comfortable lie that has taken root in information security domain. It goes like this:...
CVE-2026-53844: CVE-2026-53844: Missing Session Visibility Authorization Bypass in OpenClaw Shared Memory Search
Dev.to · CVE Reports 🔐 Cybersecurity ⚡ AI Lesson 1w ago
CVE-2026-53844: CVE-2026-53844: Missing Session Visibility Authorization Bypass in OpenClaw Shared Memory Search
CVE-2026-53844: Missing Session Visibility Authorization Bypass in OpenClaw Shared Memory...
The Argon2 Dummy Hash: 50 Milliseconds Between Username Enumeration and Peace of Mind
Dev.to · Odilon HUGONNOT 🔐 Cybersecurity ⚡ AI Lesson 1w ago
The Argon2 Dummy Hash: 50 Milliseconds Between Username Enumeration and Peace of Mind
If your login responds in 1ms for unknown users and 50ms for known ones, you have an oracle. The fix is 3 lines. The trap that breaks it 6 months later is just
Reconciling 8 IP-reputation feeds into one verdict: averaging is the wrong default
Dev.to · szp2005 🔐 Cybersecurity ⚡ AI Lesson 1w ago
Reconciling 8 IP-reputation feeds into one verdict: averaging is the wrong default
Wire more than one IP-reputation source into a risk check and sooner or later they disagree. One feed...
Your tamper-evident log can still be backdated. Here's what closes that.
Dev.to · Sahir 🔐 Cybersecurity ⚡ AI Lesson 1w ago
Your tamper-evident log can still be backdated. Here's what closes that.
Most audit trail implementations record timestamps as fields in the log. The agent sets them, or the...
Authentication Patterns for Multi-Tenant Microservices in TRANSCEND
Dev.to · Team Cargoffer 🔐 Cybersecurity ⚡ AI Lesson 1w ago
Authentication Patterns for Multi-Tenant Microservices in TRANSCEND
Learn how TRANSCEND handles service-to-service auth, JWT normalization, and multi-tenant isolation across its microservices architecture.
CVE-2026-53850: CVE-2026-53850: Missing Authorization in OpenClaw focus Command Control Scope Enforcement
Dev.to · CVE Reports 🔐 Cybersecurity ⚡ AI Lesson 1w ago
CVE-2026-53850: CVE-2026-53850: Missing Authorization in OpenClaw focus Command Control Scope Enforcement
CVE-2026-53850: Missing Authorization in OpenClaw focus Command Control Scope...
Fix HTTP Parameter Pollution: Spring Boot REST API Code Review
Dev.to · Stefan 🔐 Cybersecurity ⚡ AI Lesson 1w ago
Fix HTTP Parameter Pollution: Spring Boot REST API Code Review
A code review walkthrough for fixing HTTP Parameter Pollution in a Spring Boot REST API, with vulnerable and patched controller examples.
CVE-2026-53849: CVE-2026-53849: Privilege Escalation and Authentication Bypass via Mutable Discord Display Names in OpenClaw allowFrom
Dev.to · CVE Reports 🔐 Cybersecurity ⚡ AI Lesson 1w ago
CVE-2026-53849: CVE-2026-53849: Privilege Escalation and Authentication Bypass via Mutable Discord Display Names in OpenClaw allowFrom
CVE-2026-53849: Privilege Escalation and Authentication Bypass via Mutable Discord Display...
CVE-2026-53858: CVE-2026-53858: Local Code Execution via Untrusted Search Path in OpenClaw
Dev.to · CVE Reports 🔐 Cybersecurity ⚡ AI Lesson 1w ago
CVE-2026-53858: CVE-2026-53858: Local Code Execution via Untrusted Search Path in OpenClaw
CVE-2026-53858: Local Code Execution via Untrusted Search Path in OpenClaw Vulnerability...
CVE-2026-53865: CVE-2026-53865: Arbitrary Local Command Execution in OpenClaw via Untrusted Search Path
Dev.to · CVE Reports 🔐 Cybersecurity ⚡ AI Lesson 1w ago
CVE-2026-53865: CVE-2026-53865: Arbitrary Local Command Execution in OpenClaw via Untrusted Search Path
CVE-2026-53865: Arbitrary Local Command Execution in OpenClaw via Untrusted Search...
Detect VPNs, Proxies, and Bots in Your Web App: A Practical Guide
Dev.to · Husnain Babar 🔐 Cybersecurity ⚡ AI Lesson 1w ago
Detect VPNs, Proxies, and Bots in Your Web App: A Practical Guide
Every login attempt on your app could be a real user — or a bot running through a residential proxy...
Why Your Security Stack Would Never See It Coming
Dev.to · christopher adams 🔐 Cybersecurity ⚡ AI Lesson 1w ago
Why Your Security Stack Would Never See It Coming
Why Your Security Stack Would Never See It Coming by Christopher Adams Imagine a...
The Honour System Running Your Phone's Speaker
Dev.to · Maxi 🔐 Cybersecurity ⚡ AI Lesson 1w ago
The Honour System Running Your Phone's Speaker
Part one of a short series on who actually controls the audio coming out of your Android phone, and...
How a modular arithmetic oversight turned a cryptographic primitive into a no-op — and what we did about it.
Dev.to · g.okc 🔐 Cybersecurity ⚡ AI Lesson 1w ago
How a modular arithmetic oversight turned a cryptographic primitive into a no-op — and what we did about it.
The silent bug that made our post-quantum signatures accept everything How a modular...
Most Security+ port questions are secretly asking one thing
Dev.to · TiltedLunar123 🔐 Cybersecurity ⚡ AI Lesson 1w ago
Most Security+ port questions are secretly asking one thing
If your SY0-701 study plan includes a stack of 40 port flashcards, I want to save you some time. You...
Supply Chain Malware, CLI Auth Hardening, & GitHub App Security
Dev.to · soy 🔐 Cybersecurity ⚡ AI Lesson 1w ago
Supply Chain Malware, CLI Auth Hardening, & GitHub App Security
Supply Chain Malware, CLI Auth Hardening, & GitHub App Security Today's...
RSAC 2026 Prep: Zero Trust Mandates and the Microsegmentation Imperative
Dev.to · Falcons Edge 🔐 Cybersecurity ⚡ AI Lesson 1w ago
RSAC 2026 Prep: Zero Trust Mandates and the Microsegmentation Imperative
With RSA Conference preparations underway, one topic dominates pre-show conversations: the cascade of...
Network namespaces are the right answer to per-process VPN on Linux
Dev.to · Ambitious Foreman 🔐 Cybersecurity ⚡ AI Lesson 1w ago
Network namespaces are the right answer to per-process VPN on Linux
Or: how I almost locked myself out of my own EC2 box, and the guard that fixed it. I needed one...
How I Found and Fixed an Open Redirect Vulnerability in My Startup
Dev.to · Tochukwu Nwosa 🔐 Cybersecurity ⚡ AI Lesson 1w ago
How I Found and Fixed an Open Redirect Vulnerability in My Startup
While reviewing parts of the MyTreda codebase recently, I came across a security issue that wasn't...
Break Glass Accounts in Azure: Why You Need Them, How to Set Them Up, and What to Do When One Is Used
Dev.to · Florian Lenz 🔐 Cybersecurity ⚡ AI Lesson 1w ago
Break Glass Accounts in Azure: Why You Need Them, How to Set Them Up, and What to Do When One Is Used
TL;DR A break glass account is a standalone, cloud-only Global Administrator account in Microsoft...
Non-Root Docker Security: Running AI Agent Wallets as UID 1001
Dev.to · Wallet Guy 🔐 Cybersecurity ⚡ AI Lesson 1w ago
Non-Root Docker Security: Running AI Agent Wallets as UID 1001
Non-Root Docker Security: Running AI Agent Wallets as UID 1001 Would you trust a third...
The Service That Stored Nothing Sensitive But Still Became High Priority
Dev.to · Victor Gutierrez Areyzaga 🔐 Cybersecurity ⚡ AI Lesson 1w ago
The Service That Stored Nothing Sensitive But Still Became High Priority
I kept noticing a mismatch between how defenders prioritize assets and how attackers actually move...
Flibustier: Why We Built a Container Security Auditor in Pure Bash
Dev.to · KL3FT3Z 🔐 Cybersecurity ⚡ AI Lesson 1w ago
Flibustier: Why We Built a Container Security Auditor in Pure Bash
"A lightweight, zero-dependency container runtime audit toolkit designed for redteam operations. No...
How to make production ready OTP handling system
Dev.to · Tom Brown 🔐 Cybersecurity ⚡ AI Lesson 2w ago
How to make production ready OTP handling system
Handling an OTP (One-Time Password) flow requires a clean sequence so you don't run into race...
I built a free IDE extension to catch malicious npm packages before they wreck your project
Dev.to · jomynn 🔐 Cybersecurity ⚡ AI Lesson 2w ago
I built a free IDE extension to catch malicious npm packages before they wreck your project
Supply-chain attacks via npm are up year-over-year — packages like event-stream, the Lazarus group...
Exponential Backoff Lockout: Stopping Brute Force Without Leaking Account Existence
Dev.to · Odilon HUGONNOT 🔐 Cybersecurity ⚡ AI Lesson 2w ago
Exponential Backoff Lockout: Stopping Brute Force Without Leaking Account Existence
First N failures are silent, then exponential backoff capped at 15 min. Why the status code must never distinguish locked vs wrong creds, and how to reset prope
How I Almost Let Claude Drop My Production Database — And Built a Safety Net in C#
Dev.to · Hero Tech 🔐 Cybersecurity ⚡ AI Lesson 2w ago
How I Almost Let Claude Drop My Production Database — And Built a Safety Net in C#
Last month, I did something stupid. I connected Claude Desktop to my company's SQL Server database...
A passing security audit is a timestamp, not a verdict
Dev.to · Truffle 🔐 Cybersecurity ⚡ AI Lesson 2w ago
A passing security audit is a timestamp, not a verdict
My CI security audit flipped from green to red with no code change of mine. The advisory database is a live input to your build, so a passing audit dates faster
JetBrains Marketplace Supply Chain Attack: 15 Malicious AI Plugins & API Key Exfiltration
Dev.to · Satyam Rastogi 🔐 Cybersecurity ⚡ AI Lesson 2w ago
JetBrains Marketplace Supply Chain Attack: 15 Malicious AI Plugins & API Key Exfiltration
Security researchers identified 15 malicious JetBrains plugins masquerading as DeepSeek AI assistants. Attack chain harvests API keys, exfiltrates LLM
CSRF: Why Double-Submit Cookie Falls Short for Financial-Grade Security
Dev.to · Odilon HUGONNOT 🔐 Cybersecurity ⚡ AI Lesson 2w ago
CSRF: Why Double-Submit Cookie Falls Short for Financial-Grade Security
Synchronizer token server-side vs double-submit cookie: when the latter fails, why middleware wire-order matters, and how to handle JS non-form requests.
Faille de sécurité du module PrestaShop ps_facetedsearch
Dev.to · AKIM SOUILAH 🔐 Cybersecurity ⚡ AI Lesson 2w ago
Faille de sécurité du module PrestaShop ps_facetedsearch
🚨 Alerte sécurité PrestaShop 🛡️ Faille critique du module ps_facetedsearch : votre boutique...
I stopped trusting curl | sh — so I built a tool that reads the script first
Dev.to · limack0 🔐 Cybersecurity ⚡ AI Lesson 2w ago
I stopped trusting curl | sh — so I built a tool that reads the script first
Every developer has done it. You hit a README, you see the install command: curl -fsSL...
Deploying Authelia Open-Source Authentication and Authorization Gateway on Ubuntu 24.04
Dev.to · Sanskriti Harmukh 🔐 Cybersecurity ⚡ AI Lesson 2w ago
Deploying Authelia Open-Source Authentication and Authorization Gateway on Ubuntu 24.04
Authelia is an open-source authentication and authorization gateway that adds SSO, two-factor...
Extending Our Mission With Developer Endpoint Protection
Dev.to · Dwayne McDaniel 🔐 Cybersecurity ⚡ AI Lesson 2w ago
Extending Our Mission With Developer Endpoint Protection
Since day one, our mission at GitGuardian has been clear: prevent accidental secret exposure and...
I added a Claude Code command that runs an OWASP security audit on any file before I ship it
Dev.to · Brandon 🔐 Cybersecurity ⚡ AI Lesson 2w ago
I added a Claude Code command that runs an OWASP security audit on any file before I ship it
Security reviews happen at the end of projects, when it is too late to change anything without pain....
I pointed capgate at Damn Vulnerable MCP. Here's what it caught — and what it couldn't.
Dev.to · Razu Kc 🔐 Cybersecurity ⚡ AI Lesson 2w ago
I pointed capgate at Damn Vulnerable MCP. Here's what it caught — and what it couldn't.
A capability-compiler meets ten deliberately-broken MCP servers. The honest scorecard: it cleanly stops one class, contains several, and is useless against anot
Disposable Email vs Real Email vs Aliases: Which Should You Use?
Dev.to · yobox 🔐 Cybersecurity ⚡ AI Lesson 2w ago
Disposable Email vs Real Email vs Aliases: Which Should You Use?
If "just use a temp email" or "just use Gmail" felt like sufficient advice in 2015, it doesn't...