Introduction to OWASP DKTE & How to get started in CyberSecurity by Anubhav Singh

Transcript

1. Introduction to OWASP DKTE & How to get started in

   CyberSecurity ~ Anubhav Singh @owaspdkte

2. Overview • Brief overview of owasp. • How to get

   started in cyber security. • Fundamentals of cyber security. • Types of hackers • Security Teams in corporate world • Path for beginner • Career path • Certifications • Resources

3. What is OWASP? The Open Web Application Security Project® (OWASP)

   is a nonprofit foundation that works to improve the security of software. Through community-led open-source software projects, hundreds of local chapters worldwide, tens of thousands of members, and leading educational and training conferences, the OWASP Foundation is the source for developers and technologists to secure the web. • Tools and Resources • Community and Networking • Education & Training

4. This is our official page on owasp.org of owasp dkte

   chapter. You can go there and learn more about it. Owasp-dkte : https://owasp.org/www-chapter-dkte-soc-tex tile-and-engineering-institute/ Meet-up Link: https://www.meetup.com/owasp-dkte-society s-textile-and-engineering-institute/ OWASP DKTE Chapter

5. Getting started in Cyber Security Cyber Security is a huge

   domain and when you refer to Cyber Security, you are actually not clear what domain you are actually trying to ask! When you say Cyber Security, it can mean that you want to be a bug bounty hunter or a blue teamer or a cyber forensics guy or maybe you are not sure either.

6. FUNDAMENTALS OF CYBER SECURITY • Cybersecurity is the body of

   technologies, processes, and practices designed to protect networks, computers, programs and data from attack, damage or unauthorized access. • In modern English, the term hacking can take on several different meanings depending on the context. • As a matter of general use, the word typically refers to the act of exploiting computer security vulnerabilities to gain unauthorized access to a system. • However, with the emergence of cybersecurity as a major industry, computer hacking is no longer exclusively a criminal activity and is often performed by certified professionals who have been specifically requested to assess a computer system’s vulnerabilities by testing various methods of penetration.

7. THE “HATS” OF HACKING Black Hat A black hat hacker

   is the one who is unambiguously attempting to subvert the security of a computer system or information network knowingly against the will of its owner. Gray Hat The term gray hat is a bit less concrete in its notion of the hacker’s ethics. Gray hats will hack for the express purpose of strengthening a system that they use or enjoy to prevent any future subversion by actors with more malicious intent. White Hat A white hat hacker has been specifically authorized by the owner or custodian of a target system to discover and test its vulnerabilities. This is known as penetration testing. Ex: Security researcher, red teamers

8. Ethical Hacking “Teams” in the Corporate World

9. None

10. Path for Beginner 1. Be familiar with basic computer concepts.

    2. Learn about computer networks. 3. Learn basic concepts of linux. 4. Learn at least one language(most likely python) 5. Start playing CTFs. (capture the flag) 6. Learn how to google. “Roses are red, violets are blue, if you don’t want to learn how to google, hacking isn’t for you :) ”

11. Career opportunities in Infosec

12. • THREAT HUNTER • RED TEAMER • DIGITAL FORENSIC ANALYST

    • PURPLE TEAMER • MALWARE ANALYST • CHIEF INFORMATION SECURITY [CISO] • BLUE TEAMER • SECURITY ARCHITECT & ENGINEER • INCIDENT RESPONSE TEAM MEMBER • CYBERSECURITY ANALYST • OSINT ANALYST • TECHNICAL DIRECTOR • CLOUD SECURITY ANALYST • SOC ANALYST • VULNERABILITY RESEARCHER & EXPLOIT DEVELOPER • APPLICATION PEN TESTER • DEVSECOPS ENGINEER • ANDROID PENTESTER • iOS PENTESTER • IOT PENTESTER • NETWORK PENTESTER Careers in Cyber Security

13. Certifications

14. Resources TryHackMe : https://tryhackme.com/ HackTheBox academy : https://academy.hackthebox.eu/catalogue/ OverTheWire :

    https://overthewire.org/wargames/bandit/ PortsWigger : https://portswigger.net/ Pentesterlab : https://pentesterlab.com/bootcamp/ Medium + InfoSec Write-ups : https://infosecwriteups.com/ Guiding Article for beginner: https://bit.ly/37E6AFv

15. Resources GitBooks: 1. https://book.hacktricks.xyz/ 2. https://gowsundar.gitbook.io/book-of-bugbounty-tips/ 3. https://pentestbook.six2dez.com/ 4. https://workbook.securityboat.in/

    5. https://kathan19.gitbook.io/howtohunt/

16. Any Questions ?

17. Thank You