Cybersecurity for Software Engineers: A 90-Day Learning Journey
farhanashrafdev/90DaysOfCyberSecurity
As a software engineer, understanding cybersecurity isn't just a "nice to have" – it's becoming a crucial skill. This 90-day cybersecurity study plan offers a fantastic roadmap to integrate security into your development workflow and build more robust, secure applications. Here's why it's so valuable
Building Secure Software (DevSecOps)
By learning about common vulnerabilities, attack vectors, and secure coding practices, you can proactively build security into your applications from the ground up, rather than patching issues later. This aligns perfectly with DevSecOps principles.
Understanding System Security
Topics like Linux, Network+, and Security+ provide a fundamental understanding of how operating systems and networks are secured. This knowledge is vital when deploying and maintaining your applications in various environments.
Leveraging Python for Security
The plan includes Python, which is a powerful language for automating security tasks, writing scripts for vulnerability scanning, creating network tools, and analyzing security logs.
Cloud Security Expertise (AWS, Azure)
If your applications are deployed in the cloud, understanding cloud-specific security configurations and best practices (covered for AWS and Azure) is paramount to protect your infrastructure and data.
Logging and Monitoring (ELK Stack)
Learning about tools like Elasticsearch, Logstash, and Kibana (ELK) empowers you to set up robust logging and monitoring for your applications, helping you detect and respond to security incidents effectively.
Version Control Security (Git)
Understanding Git from a security perspective can help you manage code securely, prevent sensitive information from being committed, and understand potential risks in your source code management.
Thinking Like an Attacker
The "Hacking" section encourages you to explore ethical hacking techniques. This perspective is invaluable for identifying weaknesses in your own code and systems before malicious actors do.
In essence, this plan helps you evolve from just writing functional code to writing secure and resilient code, making you a more well-rounded and valuable engineer.
This repository is designed for self-paced learning, making it easy to dive in
Explore the Repository
Start by navigating to the main repository page on GitHub
90DaysOfCyberSecurity.
Review the LEARN.md File
The core of the study plan is detailed in the LEARN.md file within the repository. This document provides a structured, day-by-day breakdown of topics and curated resources for each area.
Choose Your Starting Point
While it's a 90-day plan, you don't necessarily have to start on Day 1 if you already have some foundational knowledge. You can pick and choose topics that are most relevant to your current skills and career goals as a software engineer.
Utilize the Resources
The LEARN.md provides links to various external resources, including
Certification Prep
Professor Messer's playlists for CompTIA Network+ and Security+.
Programming
Codecademy, SoloLearn, and "Learn Python the Hard Way" for Python.
Operating Systems
Ryan's Tutorials for Linux.
Tools & Concepts
Wireshark University for traffic analysis, tutorials for TCPdump, Suricata, Git, and ELK Stack.
Cloud Platforms
Getting started guides for AWS and Azure.
Hands-on Practice
Platforms like Cyber Talents, Hack the Box, and Vulnhub for practical hacking exercises.
Practice Consistently
The key to this plan is consistency. Dedicate a small amount of time each day to work through the tasks and resources.
While the repository itself primarily serves as a curated list of learning resources rather than a collection of direct code examples, the learning path will lead you to practical coding. Here's where you'd typically find and apply "sample code"
Python for Security Scripting
As you go through the Python section, you'll learn to write scripts for tasks such as
Network Scanning
Simple scripts using libraries like socket or scapy to scan ports or identify open services.
File Analysis
Scripts to parse log files, identify patterns, or perform basic data extraction.
Automation
Automating vulnerability checks or basic incident response tasks.
Example (Conceptual Python Snippet for a basic port scan)
# This is a conceptual example based on topics covered in the plan
import socket
def port_scan(target_host, port):
try:
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.settimeout(1) # Set a timeout for connection attempts
result = s.connect_ex((target_host, port))
if result == 0:
print(f"Port {port} on {target_host} is OPEN")
s.close()
except socket.error as e:
print(f"Error connecting to port {port}: {e}")
# Usage (you would apply this after learning the basics)
# target = "example.com"
# for p in range(1, 1025): # Scan common ports
# port_scan(target, p)
Traffic Analysis (Wireshark, TCPdump)
While not "code" in the traditional sense, you'll learn to use command-line tools like tcpdump with specific filters and expressions to capture and analyze network traffic. This is a form of practical "scripting" for network analysis.
Hacking Platforms (Hack The Box, Vulnhub)
These platforms provide vulnerable machines where you apply your knowledge, often involving writing or modifying scripts (e.g., Python, Bash) to exploit vulnerabilities, escalate privileges, or extract information.
The strength of this repository lies in guiding you to the right external resources where you can then dive deep into hands-on exercises and discover countless code examples relevant to each cybersecurity domain.