CYSA+ study area.

Adventures in Cybersecurity: Chapter 4.

Software assessment tools, SDLC, code analysis, fuzzing, enumeration, and cloud assessment notes.

Home Keep going

Notes

Study material that needed a place to live.

Present me looking out for future me. Future me loses handwritten notes.

Assessment tools

Web vulnerability scanners assess web application security posture.
OWASP ZAP proxies requests and responses while analyzing web application behavior.
Nikto focuses on web server scanning.
Nessus, OpenVAS, and Qualys support vulnerability scanning workflows.

Software concepts

SDLC provides a predictable framework for requirements, reliability, cost, and delivery.
Static code analysis reviews code without executing it.
Dynamic code analysis reviews behavior while code executes.
Fuzzing injects invalid or unexpected input to test application reactions.

Enumeration and attack tooling

Nmap scans open ports and can perform additional network operations.
Responder can answer NBT and LLMNR name requests.
Aircrack-ng is a set of command-line tools for wireless testing.
Hashcat is a GPU-based hash cracking tool.

Cloud assessment

ScoutSuite, Prowler, and Pacu all live in the cloud assessment conversation. One collects and reports, one checks AWS benchmark gaps, and one exists because cloud mistakes deserve consequences.

Chapters

Keep moving.

The chapters are connected. So are most problems once you pull enough thread.

Chapter 1 Chapter 2 Chapter 3 Chapter 4