< Back to blog

My approach to learning more about cyber security

September 2025

I’ve made a plan/curriculum to cover the cybersecurity basics!

At first, it felt a bit overwhelming (there’s so much to learn) but I think I’ve got a solid outline to get started. I’ll be studying on my own using PortSwigger, YouTube, and any other rabbit hole I manage to fall into online.

Luckily, I also have my resident cyber security expert on standby who I’ve demanded gives me regular quizzes so I can test what I’ve learned and get help explaining anything that didn’t quite click. I’ve also been taking notes and using ChatGPT to turn them into quizzes to help the information stick.

THE OUTLINE

  1. Web Security Basics - HTTP vs HTTPS, Headers, Information Disclosure
  2. Authentication & Session Management
  3. Cross-Site Scripting (XSS)
  4. CSRF and CORS
  5. Access Control & Business Logic
  6. Injection Attacks
  7. Advanced Vulnerabilities - SSRF, Insecure Deserialization, File Upload Flaws

THEN...

After that, I’m planning to tackle some CTF (Capture the Flag) challenges and dive into bug bounty reports to study real-world attack logic. I’d also love to revisit one of my old web projects and see how I can improve its security. I’m sure I’ll find plenty of things to fix!

OH AND...

I also rewatched Ralph Breaks the Internet (or, as I prefer, Wreck-It Ralph 2) recently, and I got quite excited when Ralph and Vanellope first “enter” the Internet and get packaged into data. The whole interpretation of the online world is so fun and if you haven’t seen it yet, I 100% recommend it!

You can watch the clip here on YouTube.

I’m looking forward to seeing how much I’ll learn (and break!) over the next few weeks. If you’ve got any tips, favourite tools, or YouTube channels for learning web security then drop them my way.