Skip to main content
Get started

Learning Paths

Curated routes through the material. Each step links into the knowledge base.

Beginner → Advanced

Web Application Pentester

A complete route from methodology and recon through the OWASP Top 10 and into reporting.

  1. Web App methodology & checklist
  2. API testing (REST & GraphQL)
  3. Secure code review (SAST)
  4. Configuration review
Intermediate

Cloud & Infrastructure

Assess cloud providers, containers and the surrounding infrastructure end to end.

  1. Cloud pentesting (AWS / Azure / GCP)
  2. Container & Kubernetes assessment
  3. Infrastructure security
  4. Network pentesting
Beginner → Intermediate

Mobile Security

Android and iOS application testing, from fundamentals to dynamic instrumentation.

  1. Mobile pentesting overview
  2. Thick client pentesting
  3. Forensic fundamentals
Advanced

Red Team & Internal

Active Directory, networks and the tradecraft for internal engagements.

  1. Active Directory pentesting
  2. Network pentesting
  3. OSINT
  4. Phishing assessment
Intermediate

AI / LLM Security

Test modern AI systems: LLM applications and the Model Context Protocol.

  1. LLM security assessment
  2. MCP security assessment
Intermediate

DevSecOps & Pipeline

Shift security left across CI/CD, threat modeling and software composition.

  1. DevSecOps
  2. CI/CD pentesting
  3. Threat modeling