Learn Computer Security: Best Websites

TL;DR

For beginners, TryHackMe is excellent for hands-on learning with guided rooms and virtual machines. Cybrary offers structured courses covering a wide range of topics. OWASP provides resources focused on web application security. Combine these for a solid foundation.

1. TryHackMe

TryHackMe is fantastic if you like learning by doing. It’s very beginner-friendly and walks you through practical exercises in a virtual machine environment. You don’t need to set up anything complicated on your own computer initially.

• What it offers: Guided rooms (learning paths), attack boxes (virtual machines to practice hacking), CTFs (Capture The Flag challenges).
• Cost: Free tier with limited access; paid subscriptions for more content.
• How to get started:
  1. Create an account at https://tryhackme.com.
  2. Start with the ‘Introductory Rooms’ or a beginner learning path like ‘Complete Beginner’.
  3. Connect to their virtual machine (usually via web browser).

2. Cybrary

Cybrary is more course-focused, offering structured learning paths and certifications in various cyber security domains.

• What it offers: Video courses, virtual labs (some require a subscription), certification preparation materials.
• Cost: Free tier with limited access; paid subscriptions for full content and labs.
• How to get started:
  1. Create an account at https://www.cybrary.it.
  2. Browse their course catalog and choose a beginner-level course (e.g., ‘Cyber Security 101’).

3. OWASP (Open Web Application Security Project)

OWASP is a community focused on improving the security of web applications. Their resources are more technical, but invaluable if you’re interested in web app hacking.

• What it offers: Documentation (e.g., OWASP Top 10 vulnerabilities), tools, projects, and guides.
• Cost: Completely free!
• How to get started:
  1. Visit https://owasp.org.
  2. Start with the ‘OWASP Top 10’ – understand the most common web application vulnerabilities.
  3. Explore their project pages for tools like ZAP (Zed Attack Proxy) for vulnerability scanning.

     # Example using ZAP to scan a website
     zap-cli quick-scan -t http://example.com

4. Other Useful Resources

• PortSwigger Web Security Academy: Excellent for learning web application security, with interactive labs. (https://portswigger.net/web-security)
• Hack The Box: More advanced platform; good after you’ve grasped the basics. (https://www.hackthebox.com)
• SANS Institute Reading Room: Whitepapers and articles on various cyber security topics. (https://www.sans.org/reading-room/)