Tech Skills

Cybersecurity

Ethical hacking, penetration testing, network security, CTFs and defensive security

17,871
lessons
Skills in this topic
View full skill map →
Security Basics
beginner
Fix OWASP top 10 vulnerabilities
AI Security
intermediate
Identify and patch prompt injection vulnerabilities
Network Security
intermediate
Configure a firewall with proper inbound/outbound rules
Ethical Hacking & Pen Testing
intermediate
Conduct a full pen test with Kali Linux
Cloud Security
intermediate
Implement IAM least-privilege policies on AWS/GCP
Incident Response
intermediate
Build an incident response playbook
Security Compliance
intermediate
Map controls for SOC 2 Type II compliance
Defensive AI
advanced
Build an AI-powered log anomaly detector
All Reads (10,965) Articles (5428)Blog Posts (4276)Tutorials (387)Research Papers (34)News (840)
Your tamper-evident log can still be backdated. Here's what closes that.
Dev.to · Sahir 🔐 Cybersecurity ⚡ AI Lesson 2w ago
Your tamper-evident log can still be backdated. Here's what closes that.
Most audit trail implementations record timestamps as fields in the log. The agent sets them, or the...
Authentication Patterns for Multi-Tenant Microservices in TRANSCEND
Dev.to · Team Cargoffer 🔐 Cybersecurity ⚡ AI Lesson 2w ago
Authentication Patterns for Multi-Tenant Microservices in TRANSCEND
Learn how TRANSCEND handles service-to-service auth, JWT normalization, and multi-tenant isolation across its microservices architecture.
CVE-2026-53850: CVE-2026-53850: Missing Authorization in OpenClaw focus Command Control Scope Enforcement
Dev.to · CVE Reports 🔐 Cybersecurity ⚡ AI Lesson 2w ago
CVE-2026-53850: CVE-2026-53850: Missing Authorization in OpenClaw focus Command Control Scope Enforcement
CVE-2026-53850: Missing Authorization in OpenClaw focus Command Control Scope...
Fix HTTP Parameter Pollution: Spring Boot REST API Code Review
Dev.to · Stefan 🔐 Cybersecurity ⚡ AI Lesson 2w ago
Fix HTTP Parameter Pollution: Spring Boot REST API Code Review
A code review walkthrough for fixing HTTP Parameter Pollution in a Spring Boot REST API, with vulnerable and patched controller examples.
CVE-2026-53849: CVE-2026-53849: Privilege Escalation and Authentication Bypass via Mutable Discord Display Names in OpenClaw allowFrom
Dev.to · CVE Reports 🔐 Cybersecurity ⚡ AI Lesson 2w ago
CVE-2026-53849: CVE-2026-53849: Privilege Escalation and Authentication Bypass via Mutable Discord Display Names in OpenClaw allowFrom
CVE-2026-53849: Privilege Escalation and Authentication Bypass via Mutable Discord Display...
CVE-2026-53858: CVE-2026-53858: Local Code Execution via Untrusted Search Path in OpenClaw
Dev.to · CVE Reports 🔐 Cybersecurity ⚡ AI Lesson 2w ago
CVE-2026-53858: CVE-2026-53858: Local Code Execution via Untrusted Search Path in OpenClaw
CVE-2026-53858: Local Code Execution via Untrusted Search Path in OpenClaw Vulnerability...
CVE-2026-53865: CVE-2026-53865: Arbitrary Local Command Execution in OpenClaw via Untrusted Search Path
Dev.to · CVE Reports 🔐 Cybersecurity ⚡ AI Lesson 2w ago
CVE-2026-53865: CVE-2026-53865: Arbitrary Local Command Execution in OpenClaw via Untrusted Search Path
CVE-2026-53865: Arbitrary Local Command Execution in OpenClaw via Untrusted Search...
Detect VPNs, Proxies, and Bots in Your Web App: A Practical Guide
Dev.to · Husnain Babar 🔐 Cybersecurity ⚡ AI Lesson 2w ago
Detect VPNs, Proxies, and Bots in Your Web App: A Practical Guide
Every login attempt on your app could be a real user — or a bot running through a residential proxy...
Why Your Security Stack Would Never See It Coming
Dev.to · christopher adams 🔐 Cybersecurity ⚡ AI Lesson 2w ago
Why Your Security Stack Would Never See It Coming
Why Your Security Stack Would Never See It Coming by Christopher Adams Imagine a...
The Honour System Running Your Phone's Speaker
Dev.to · Maxi 🔐 Cybersecurity ⚡ AI Lesson 2w ago
The Honour System Running Your Phone's Speaker
Part one of a short series on who actually controls the audio coming out of your Android phone, and...
How a modular arithmetic oversight turned a cryptographic primitive into a no-op — and what we did about it.
Dev.to · g.okc 🔐 Cybersecurity ⚡ AI Lesson 2w ago
How a modular arithmetic oversight turned a cryptographic primitive into a no-op — and what we did about it.
The silent bug that made our post-quantum signatures accept everything How a modular...
Most Security+ port questions are secretly asking one thing
Dev.to · TiltedLunar123 🔐 Cybersecurity ⚡ AI Lesson 2w ago
Most Security+ port questions are secretly asking one thing
If your SY0-701 study plan includes a stack of 40 port flashcards, I want to save you some time. You...
Supply Chain Malware, CLI Auth Hardening, & GitHub App Security
Dev.to · soy 🔐 Cybersecurity ⚡ AI Lesson 2w ago
Supply Chain Malware, CLI Auth Hardening, & GitHub App Security
Supply Chain Malware, CLI Auth Hardening, & GitHub App Security Today's...
RSAC 2026 Prep: Zero Trust Mandates and the Microsegmentation Imperative
Dev.to · Falcons Edge 🔐 Cybersecurity ⚡ AI Lesson 2w ago
RSAC 2026 Prep: Zero Trust Mandates and the Microsegmentation Imperative
With RSA Conference preparations underway, one topic dominates pre-show conversations: the cascade of...
Network namespaces are the right answer to per-process VPN on Linux
Dev.to · Ambitious Foreman 🔐 Cybersecurity ⚡ AI Lesson 2w ago
Network namespaces are the right answer to per-process VPN on Linux
Or: how I almost locked myself out of my own EC2 box, and the guard that fixed it. I needed one...
How I Found and Fixed an Open Redirect Vulnerability in My Startup
Dev.to · Tochukwu Nwosa 🔐 Cybersecurity ⚡ AI Lesson 2w ago
How I Found and Fixed an Open Redirect Vulnerability in My Startup
While reviewing parts of the MyTreda codebase recently, I came across a security issue that wasn't...
Break Glass Accounts in Azure: Why You Need Them, How to Set Them Up, and What to Do When One Is Used
Dev.to · Florian Lenz 🔐 Cybersecurity ⚡ AI Lesson 2w ago
Break Glass Accounts in Azure: Why You Need Them, How to Set Them Up, and What to Do When One Is Used
TL;DR A break glass account is a standalone, cloud-only Global Administrator account in Microsoft...
Non-Root Docker Security: Running AI Agent Wallets as UID 1001
Dev.to · Wallet Guy 🔐 Cybersecurity ⚡ AI Lesson 2w ago
Non-Root Docker Security: Running AI Agent Wallets as UID 1001
Non-Root Docker Security: Running AI Agent Wallets as UID 1001 Would you trust a third...
The Service That Stored Nothing Sensitive But Still Became High Priority
Dev.to · Victor Gutierrez Areyzaga 🔐 Cybersecurity ⚡ AI Lesson 2w ago
The Service That Stored Nothing Sensitive But Still Became High Priority
I kept noticing a mismatch between how defenders prioritize assets and how attackers actually move...
Flibustier: Why We Built a Container Security Auditor in Pure Bash
Dev.to · KL3FT3Z 🔐 Cybersecurity ⚡ AI Lesson 2w ago
Flibustier: Why We Built a Container Security Auditor in Pure Bash
"A lightweight, zero-dependency container runtime audit toolkit designed for redteam operations. No...
How to make production ready OTP handling system
Dev.to · Tom Brown 🔐 Cybersecurity ⚡ AI Lesson 2w ago
How to make production ready OTP handling system
Handling an OTP (One-Time Password) flow requires a clean sequence so you don't run into race...
I built a free IDE extension to catch malicious npm packages before they wreck your project
Dev.to · jomynn 🔐 Cybersecurity ⚡ AI Lesson 2w ago
I built a free IDE extension to catch malicious npm packages before they wreck your project
Supply-chain attacks via npm are up year-over-year — packages like event-stream, the Lazarus group...
Exponential Backoff Lockout: Stopping Brute Force Without Leaking Account Existence
Dev.to · Odilon HUGONNOT 🔐 Cybersecurity ⚡ AI Lesson 2w ago
Exponential Backoff Lockout: Stopping Brute Force Without Leaking Account Existence
First N failures are silent, then exponential backoff capped at 15 min. Why the status code must never distinguish locked vs wrong creds, and how to reset prope
How I Almost Let Claude Drop My Production Database — And Built a Safety Net in C#
Dev.to · Hero Tech 🔐 Cybersecurity ⚡ AI Lesson 2w ago
How I Almost Let Claude Drop My Production Database — And Built a Safety Net in C#
Last month, I did something stupid. I connected Claude Desktop to my company's SQL Server database...
A passing security audit is a timestamp, not a verdict
Dev.to · Truffle 🔐 Cybersecurity ⚡ AI Lesson 2w ago
A passing security audit is a timestamp, not a verdict
My CI security audit flipped from green to red with no code change of mine. The advisory database is a live input to your build, so a passing audit dates faster
JetBrains Marketplace Supply Chain Attack: 15 Malicious AI Plugins & API Key Exfiltration
Dev.to · Satyam Rastogi 🔐 Cybersecurity ⚡ AI Lesson 2w ago
JetBrains Marketplace Supply Chain Attack: 15 Malicious AI Plugins & API Key Exfiltration
Security researchers identified 15 malicious JetBrains plugins masquerading as DeepSeek AI assistants. Attack chain harvests API keys, exfiltrates LLM
CSRF: Why Double-Submit Cookie Falls Short for Financial-Grade Security
Dev.to · Odilon HUGONNOT 🔐 Cybersecurity ⚡ AI Lesson 2w ago
CSRF: Why Double-Submit Cookie Falls Short for Financial-Grade Security
Synchronizer token server-side vs double-submit cookie: when the latter fails, why middleware wire-order matters, and how to handle JS non-form requests.
Faille de sécurité du module PrestaShop ps_facetedsearch
Dev.to · AKIM SOUILAH 🔐 Cybersecurity ⚡ AI Lesson 2w ago
Faille de sécurité du module PrestaShop ps_facetedsearch
🚨 Alerte sécurité PrestaShop 🛡️ Faille critique du module ps_facetedsearch : votre boutique...
I stopped trusting curl | sh — so I built a tool that reads the script first
Dev.to · limack0 🔐 Cybersecurity ⚡ AI Lesson 2w ago
I stopped trusting curl | sh — so I built a tool that reads the script first
Every developer has done it. You hit a README, you see the install command: curl -fsSL...
Deploying Authelia Open-Source Authentication and Authorization Gateway on Ubuntu 24.04
Dev.to · Sanskriti Harmukh 🔐 Cybersecurity ⚡ AI Lesson 2w ago
Deploying Authelia Open-Source Authentication and Authorization Gateway on Ubuntu 24.04
Authelia is an open-source authentication and authorization gateway that adds SSO, two-factor...
Extending Our Mission With Developer Endpoint Protection
Dev.to · Dwayne McDaniel 🔐 Cybersecurity ⚡ AI Lesson 2w ago
Extending Our Mission With Developer Endpoint Protection
Since day one, our mission at GitGuardian has been clear: prevent accidental secret exposure and...
I added a Claude Code command that runs an OWASP security audit on any file before I ship it
Dev.to · Brandon 🔐 Cybersecurity ⚡ AI Lesson 2w ago
I added a Claude Code command that runs an OWASP security audit on any file before I ship it
Security reviews happen at the end of projects, when it is too late to change anything without pain....
I pointed capgate at Damn Vulnerable MCP. Here's what it caught — and what it couldn't.
Dev.to · Razu Kc 🔐 Cybersecurity ⚡ AI Lesson 2w ago
I pointed capgate at Damn Vulnerable MCP. Here's what it caught — and what it couldn't.
A capability-compiler meets ten deliberately-broken MCP servers. The honest scorecard: it cleanly stops one class, contains several, and is useless against anot
Disposable Email vs Real Email vs Aliases: Which Should You Use?
Dev.to · yobox 🔐 Cybersecurity ⚡ AI Lesson 2w ago
Disposable Email vs Real Email vs Aliases: Which Should You Use?
If "just use a temp email" or "just use Gmail" felt like sufficient advice in 2015, it doesn't...
I couldn't test my VM sizing math without spinning up a real VM
Dev.to · TiltedLunar123 🔐 Cybersecurity ⚡ AI Lesson 2w ago
I couldn't test my VM sizing math without spinning up a real VM
WhonixAutoSetup is a PowerShell project i keep poking at while studying for Security+. it stands up...
How Security+ actually tests access control models (and why memorizing the definitions doesn't save you)
Dev.to · TiltedLunar123 🔐 Cybersecurity ⚡ AI Lesson 2w ago
How Security+ actually tests access control models (and why memorizing the definitions doesn't save you)
If you have studied for the SY0-701 exam for more than a week, you can probably recite the four...
Cómo difieren los CVEs de memory safety entre Rust y C/C++
Dev.to · Juan Torchia 🔐 Cybersecurity ⚡ AI Lesson 2w ago
Cómo difieren los CVEs de memory safety entre Rust y C/C++
Rust tiene menos CVEs de memoria que C/C++, pero eso no es toda la historia. Mi análisis de qué dice ese dato, qué no dice, y cómo convertirlo en una decisión t
MCP Authentication: Securing How Agents and Servers Connect
Dev.to · PolicyLayer 🔐 Cybersecurity ⚡ AI Lesson 2w ago
MCP Authentication: Securing How Agents and Servers Connect
Every MCP server you connect to expects a credential. Stripe wants an API key. A GitHub server wants...
JWKS explained: what every developer should know
Dev.to · Jérôme LELEU 🔐 Cybersecurity ⚡ AI Lesson 2w ago
JWKS explained: what every developer should know
When it comes to security, certificates are used everywhere since the early days of the web. While...
The Hidden ROI of Cloud Security Hygiene
Dev.to · Jon Rose 🔐 Cybersecurity ⚡ AI Lesson 2w ago
The Hidden ROI of Cloud Security Hygiene
We regularly find $5,000 to $10,000 per month in abandoned infrastructure during our first few weeks...
Lattice-Based Cryptography: The Math Behind Post-Quantum Security
Dev.to · Haven Messenger 🔐 Cybersecurity ⚡ AI Lesson 2w ago
Lattice-Based Cryptography: The Math Behind Post-Quantum Security
When NIST chose the algorithms meant to protect the internet from quantum computers, most of the...
WAF (Web Application Firewall) Rules and Evasion
Dev.to · Aviral Srivastava 🔐 Cybersecurity ⚡ AI Lesson 2w ago
WAF (Web Application Firewall) Rules and Evasion
Alright, buckle up, digital adventurers! We're about to dive deep into the fascinating, and sometimes...
An EU E2B alternative: agent sandboxes that stay in the EU
Dev.to · Stefan Iancu 🔐 Cybersecurity ⚡ AI Lesson 2w ago
An EU E2B alternative: agent sandboxes that stay in the EU
If you're shopping for an E2B alternative, you've probably already decided that running...
AES-256-GCM Encryption in Rust — Securing Local App Data
Dev.to · hiyoyo 🔐 Cybersecurity ⚡ AI Lesson 2w ago
AES-256-GCM Encryption in Rust — Securing Local App Data
All tests run on an 8-year-old MacBook Air. All results from shipping 7 Mac apps as a solo developer....
Introducing Security Profiles for Container Permission Management
Dev.to · Matsuoka Seiji 🔐 Cybersecurity ⚡ AI Lesson 2w ago
Introducing Security Profiles for Container Permission Management
Introduction In this article, I want to introduce Security Profiles, a feature I added to...
Why Most Phishing Detection Tools Fail Non-Technical Users
Dev.to · Alex 🔐 Cybersecurity ⚡ AI Lesson 2w ago
Why Most Phishing Detection Tools Fail Non-Technical Users
A few months ago, I noticed something interesting. Most phishing detection tools are built for...
Multi-Audience mTLS: 3 SNI Hosts, 1 Listener, and Session Cert Binding Against Cookie Theft
Dev.to · Odilon HUGONNOT 🔐 Cybersecurity ⚡ AI Lesson 2w ago
Multi-Audience mTLS: 3 SNI Hosts, 1 Listener, and Session Cert Binding Against Cookie Theft
A single TLS port serving three hosts via SNI with different ClientAuth levels. Plus the session cert binding pattern to block cookie replay attacks.
Baiting the Hook: Anatomy of a DPRK Cyberattack Trailed to My Inbox
Dev.to · 0xkniraj 🔐 Cybersecurity ⚡ AI Lesson 2w ago
Baiting the Hook: Anatomy of a DPRK Cyberattack Trailed to My Inbox
It came in through my own contact form, which is part of why it worked. Not a LinkedIn cold-open, not...