Web Security Roadmap

Programming

Programming is a crucial skill in the cybersecurity field, enabling professionals to create and automate tools for tasks like penetration testing and vulnerability scanning. Some important programming languages to learn for cybersecurity include:

• Python: Widely used for scripting and automation.
• Web languages like HTML, CSS, JavaScript, and PHP: Essential for understanding web applications and web-based attacks.

---

Network+

Network+ certification validates essential knowledge and skills needed to confidently design, configure, manage, and troubleshoot wired and wireless networks.

---

Linux+

Linux+ is a certification that validates competencies required of an early career system administrator supporting Linux systems.

---

eJPT

eJPT stands for eLearnSecurity Junior Penetration Tester. It is an entry-level certification teaching students how to perform penetration testing.

---

eWPT

eWPT stands for eLearnSecurity Web Application Penetration Tester. It focuses on teaching students how to perform penetration testing on web applications.

---

eWPTXv2

eWPTXv2 stands for eLearnSecurity Web Application Penetration Tester eXtreme version 2. It is an advanced certification teaching students how to perform penetration testing on advanced web applications and RESTful APIs.

---

APIsec

APIsec is a certification teaching students how to identify, assess, and mitigate security risks in APIs (Application Programming Interfaces).

---

Resources

Programming

• w3schools and/or
• Elzero Web School
  • HTML
  • CSS (Take a quick look)
  • Java Script
  • PHP
  • Laravel

Network+

• Free study material on YouTube
  • or
• Free Cybrary course
  • or
• Non-free Udemy course

Linux+

• Free study material on YouTube
  • or
• Free Cybrary course
  • and/or
• Non-free Udemy course
• Practice Linux

eJPT

• Free resources on Netriders Academy

eWAPT, eWAPTX

• Free study material on YouTube
  • Ibrahim Hegazy
    • and
  • Mohamed Sayed
    • and/or
  • Arab HackSploit
• Notes available on LinkedIn

APIsec

• The APIssec Certified Expert program

Practice Hacking

• OverTheWire Bandit (Linux)
• PortSwigger (eWAPT)(eWPTX)
• picoCTF (Network)(Linux)(eJPT)(etc)
• TryHackMe (Network)(Linux)(eJPT)(etc)
• Hack The Box (Network)(Linux)(eJPT)(etc)
• root-me (Network)(Linux)(eJPT)(etc)

Note Taking

• Obsidian (Great for the long run, and linking knowledge)
  • Tutorial
• Notion (Great for sharing, and all devices synchronization)
  • Tutorial (free)
  • Tutorial (non-free)(recommended)

---

Conclusion

The cybersecurity field is challenging and rewarding, requiring a strong foundation of knowledge and skills. The roadmap provides options for achieving this foundation, including certifications like Network+, Linux+, eJPT, and APIsec, along with programming and web language skills. Continuous learning and staying updated with industry developments are essential for success in this field.

---