CyberCode Academy

By CyberCode Academy

Welcome to CyberCode Academy — your audio classroom for Programming and Cybersecurity.
🎧 Each course is divided into a series of short, focused episodes that take you from beginner to ad... more

Download on the App Store

Download on the App Store

Get it on Google Play

FAQs about CyberCode Academy:

How many episodes does CyberCode Academy have?

The podcast currently has 213 episodes available.

CyberCode Academy episodes:

November 12, 2025Course 1 - BurpSuite Bug Bounty Web Hacking from Scratch | Episode 3: Burp Suite: Web Security Testing and Target Scope Configuration
In this lesson, you’ll learn about:
Burp Suite — definition & purpose: a Java-based web-application penetration testing framework by PortSwigger used to discover attack vectors and security flaws.
Supported platforms & editions: runs on Windows, macOS, and Linux; available as a Free (Community) edition with limited features and a paid Professional edition with full capabilities.
Overall architecture & UI model: a collection of specialized tools organized in tabs (Proxy, Target, Scanner, Intruder, Spider, Repeater, Decoder, Comparer, etc.) that work together in a user-driven workflow.
Key components & what they do:
Proxy (interception): capture and modify HTTP/S traffic between browser and server.
Scanner: perform automated security tests and produce findings/reports (Professional feature).
Intruder: automated attacks such as fuzzing, brute-forcing, or parameter manipulation.
Spider: crawl the application to map pages and discover endpoints.
Repeater: manually resend and tweak requests to observe server behavior.
Decoder: encode/decode and analyze encoded or encrypted strings (e.g., tokens, session IDs).
Comparer: diff two responses to highlight differences.
Workflow role: how these tools combine — use Proxy/Spider for discovery, Scanner/Intruder for automated checks, Repeater/Decoder/Comparer for manual verification and PoC development.
Defining scope (legal & safe testing): why and how to define in-scope targets to avoid unintended or illegal testing; configure scope in the Target → Scope settings.
Scope configuration fields: protocol (any / HTTP / HTTPS), host or IP (single host, domain, or range), port, and file/path criteria.
Using regular expressions in scope rules: express precise conditions with regex tokens (e.g., ^ start, $ end, \ escapes) to include or exclude specific hosts, ports, or file paths.
Effect of scope on Burp operations: scope rules control which requests/actions Burp will perform or allow — properly defined scope limits risk and ensures testing stays within authorized boundaries.
Practical recommendation: always define conservative scope first, validate rules with test requests, and document authorization before launching intrusive tests.

You can listen and download our episodes for free on more than 10 different platforms:
https://linktr.ee/cybercode_academy
...more
15min
November 11, 2025Course 1 - BurpSuite Bug Bounty Web Hacking from Scratch | Episode 2: Program Types, Methodologies, and the Path to Becoming a Hunter
In this lesson, you’ll learn about:
Bug bounty programs: their purpose and structure as platforms rewarding ethical hackers for discovering and responsibly disclosing security vulnerabilities.
Program types:
Public programs — open to anyone, often including both white hat and black hat hackers; no certification required.
Private programs — invite-only, restricted to trusted and skilled researchers with proven track records; typically limited to certified white hat professionals.
Bug bounty methodologies: how professional hunters plan and execute effective testing strategies.
1. Scope analysis: identifying and confirming in-scope assets before testing.
2. Target selection: focusing on valid and relevant assets to save time.
3. Automated reconnaissance: using scanners to assess whether targets have been tested recently.
4. Application review: selecting targets that match your expertise (e.g., Python, Ruby on Rails).
5. Fuzzing: sending varied payloads to discover vulnerabilities like SQL injection or XSS; also helps map backend structures.
6. Exploitation & PoCs: crafting clear Proof of Concepts to demonstrate impact, improve validation speed, and increase bounty rewards.
Becoming a bug bounty hunter:
No formal certification or age requirement, but a deep understanding of web and mobile app technologies is essential.
Start small — focus on web targets before moving to large, complex programs.
Practice in safe virtual labs using intentionally vulnerable apps.
Study how bug bounty platforms operate and avoid over-targeted companies (e.g., Google, Microsoft).
Network with experts, attend security conferences, join communities, and collaborate in teams for better results.
Maintain a continuous learning mindset — stay updated on new tools, blogs, and attack techniques to remain competitive.

You can listen and download our episodes for free on more than 10 different platforms:
https://linktr.ee/cybercode_academy
...more
13min
November 11, 2025Course 1 - BurpSuite Bug Bounty Web Hacking from Scratch | Episode 1: Installing Burp Suite, OWASP BWA, and Bee-Box (Bwapp)
In this lesson, you’ll learn about:
Setting up a web security testing lab to practice web application security, pentesting, and exploiting common web vulnerabilities.
Burp Suite — installation & overview: Java requirement (Oracle Java), download from portswigger.net, available editions: Community (free, limited/no scanners/payloads) and Professional (paid, includes passive/active scanners and built-in payloads), and installation options (Windows executables or cross-platform JAR).
OWASP Broken Web Applications (BWA): purpose as a vulnerable VM for learning and testing; requires VirtualBox and is imported as a ready OS image (no new VM creation); includes apps like WebGoat and Mutillidae; default VM credentials (root / OWSP DWA).
Bee-Box (Bwapp) VM: Bee-Box ships with bwapp (deliberately insecure web app) for hands-on practice; covers OWASP Top 10 flaws and other common issues; practice modes (low/medium/high); downloaded from SourceForge and run in virtualization software (e.g., VMware); access via VM IP and default bwapp creds (B / bug).
Practical workflow: use Burp Suite as the main inspection/proxy tool against the vulnerable VMs (BWA, Bee-Box) to practice discovery, exploitation, and remediation techniques.
Learning goal / metaphor: this episode provides your core toolkit — the primary assessment tool (Burp Suite) and two practice targets (BWA and Bee-Box) for safe, repeatable skill development.

You can listen and download our episodes for free on more than 10 different platforms:
https://linktr.ee/cybercode_academy
...more
15min

FAQs about CyberCode Academy:

How many episodes does CyberCode Academy have?

The podcast currently has 213 episodes available.