Roadmap of Web 3 in Cybersecurity

In This article, I will share a path/roadmap with you through which I started to learn Blockchain Security.

✔️The only Roadmap you need

This Roadmap is not so big, This is organized and covers all essential topics that one needs to know in order to get into the field of Blockchain Security.

Elementary Topics:

• Familiarity with Linux OS

What is Linux?

• Understanding of commonly used bash commands

Linux Command Line Cheat Sheet

• Understanding of version control systems such as Git ,Github, Gitlab , etc

Git Tutorials and Training | Atlassian Git Tutorial

• What is CI/CD pipeline?

What is CI/CD?

• Learn JavaScript

The Modern JavaScript Tutorial

• Learn Python

Python Crash Course

• Good understanding of Object Oriented programming

What is object-oriented programming? OOP explained in depth

• Familiarity with Package Managers (npm, yarn, pnpm, pip)

What is a package manager and why should you use one?

Basics of Internet:

• Good understanding of Networking concepts

Networking Articles - dummies

• How a Web Browser works

What is a web browser?

• What is DNS (What happens behind the scenes when you type google.com in web browser)

GitHub - alex/what-happens-when: An attempt to answer the age old interview question "What happens…

• What is HTTP Protocol and how it works

An overview of HTTP - HTTP | MDN

• What are HTTP Request and Response headers

HTTP headers - HTTP | MDN

• What is RPC Protocol

Remote Procedure Call (RPC) Protocol in Distributed System

• Familiarity with Browser’s developer tools

Chrome Dev Tools Cheat Sheet | ShortcutFoo

• Web2.0 (how a typical Web2.0 application is packaged and deployed)

Web 2.0 - Wikipedia

Existing Authentication/Authorization models in Web2.0 applications

• SSO — Single Sign On

How Does Single Sign-On (SSO) Work? | OneLogin

• OAuth — Open Authorization

What is OAuth? How the open authorization framework works

• JWT Authentication

• Token Based Authentication

What Is Token-Based Authentication?

• Session Based Authentication

Session vs Token-Based Authentication

• Basic Authentication

https://www.ibm.com/docs/en/cics-ts/5.2?topic=concepts-http-basic-authentication

• What is HTTP Caching.

https://www.cloudflare.com/en-in/learning/cdn/what-is-caching/

Web 2.0 Security:

OWASP Top 10:

• Broken Access Control vulnerabilities

A01 Broken Access Control - OWASP Top 10:2021

• Cryptographic Failures

A02 Cryptographic Failures - OWASP Top 10:2021

• Injection vulnerabilities

A03 Injection - OWASP Top 10:2021

• Insecure Design

A04 Insecure Design - OWASP Top 10:2021

• Security Misconfigurations

A05 Security Misconfiguration - OWASP Top 10:2021

• Vulnerable and Outdated Components

A06 Vulnerable and Outdated Components - OWASP Top 10:2021

• Identification and Authentication Failures

A07 Identification and Authentication Failures - OWASP Top 10:2021

• Software and Data Integrity Failures

A08 Software and Data Integrity Failures - OWASP Top 10:2021

• Security Logging and Monitoring Failures

A09 Security Logging and Monitoring Failures - OWASP Top 10:2021

• Server-Side Request Forgery

A10 Server Side Request Forgery (SSRF) - OWASP Top 10:2021

1. Learn Blockchain Basics

Blockchain Facts: What Is It, How It Works, and How It Can Be Used

What is Asymmetric Cryptography? Definition from SearchSecurity

Elliptic-curve cryptography - Wikipedia

Blockchain Explained

What is the Double Spending Problem with Bitcoin? | SoFi

Consensus Algorithms in Blockchain - GeeksforGeeks

Proof of Work vs Proof of Stake: What's The Difference?

How Does Bitcoin Mining Work?

What Is a 51% Attack?

2. Learn Ethereum Basics

What is Ethereum? | ethereum.org

Ethereum — The World Computer

GitHub - ethereumbook/ethereumbook: Mastering Ethereum, by Andreas M. Antonopoulos, Gavin Wood

Bitcoin vs. Ethereum: What's the Difference?

What is #Ethereum ($ETH)?

Sale of the Century: The Inside Story of Ethereum's 2014 Premine

What Is Ether? Is It the Same as Ethereum?

Transactions | ethereum.org

Ethereum accounts | ethereum.org

Ethereum wallets | ethereum.org

Ethereum accounts | ethereum.org

Proof-of-work (PoW) | ethereum.org

Home | Ethereum Improvement Proposals

A guide to Ethereum's ERC standards

ERC-20 Token Standard | ethereum.org

ERC-721 Non-Fungible Token Standard | ethereum.org

Turing completeness - Wikipedia

Ethereum Virtual Machine (EVM) | ethereum.org

3. Smart Contracts

What Are Smart Contracts?

What Is a Smart Contract (Explained with Real World Examples)

Introduction to smart contracts | ethereum.org

Smart contract languages | ethereum.org

Life cycle of Smart contract development

Learn - OpenZeppelin Docs

4. Solidity

Solidity - Solidity 0.8.17 documentation

#1 Solidity Tutorial & Ethereum Blockchain Programming Course | CryptoZombies

Welcome to Remix's documentation! - Remix - Ethereum IDE 1 documentation

Types - Solidity 0.8.7 documentation

What you need to know about `msg` global variables in Solidity

Expressions and Control Structures - Solidity 0.8.7 documentation

Contract ABI Specification - Solidity 0.5.3 documentation

JSON-RPC API | ethereum.org

web3.js - Ethereum JavaScript API - web3.js 1.0.0 documentation

Solidity by Example

5. Learn Testing Frameworks

Foundry:

Foundry Book

Hardhat:

Documentation | Ethereum development environment for professionals by Nomic Foundation

Brownie:

Brownie - Brownie 1.19.1 documentation

Truffle Suit:

Home - Truffle Suite

Infura:

Ethereum API | IPFS API & Gateway | ETH Nodes as a Service

OpenZeppelin:

OpenZeppelin | Contracts

Dapptools:

dapp.tools

6. Learn Basics of Finance

Binance Academy

Learn Crypto - The Best Crypto Course on the Internet!

Options, swaps, futures, MBSs, CDOs, and other derivatives | Khan Academy

7. DEFI and DEFI Attack Vectors:

Learn Crypto - The Best Crypto Course on the Internet!

DeFi Deep Dive - Explaining DeFi Attack Vectors and Prevention - Moralis Academy

8. Learn Libraries & Token Standards which are commonly used:

GitHub - OpenZeppelin/openzeppelin-contracts: OpenZeppelin Contracts is a library for secure smart…

Token Standards | ethereum.org

9. Learn Smart Contract Security

Visualization Tools

Solidity Visual Developer - Visual Studio Marketplace

GitHub - ConsenSys/surya: A set of utilities for exploring Solidity contracts

GitHub - raineorshine/solgraph: Visualize Solidity control flow for smart contract security…

GitHub - ethereum/evmlab: Utilities for interacting with the Ethereum virtual machine

GitHub - fergarrui/ethereum-graph-debugger: Ethereum solidity graph plain debugger. To have the…

GitHub - blockchainsllc/piet

Linters & Formatters

GitHub - duaraghav8/Ethlint: (Formerly Solium) Code quality & Security Linter for Solidity

GitHub - protofire/solhint: Solhint is an open source project created by https://protofire.io. Its…

10. Learn Vulnerabilities in Smart Contract

• What is Integer Overflow and Underflow

SWC-101 · Overview

• What is Floating Pragma

SWC-103 · Overview

• What is Unchecked call return value

SWC-104 · Overview

• What is Unprotected SELFDESTRUCT Instruction

SWC-106 · Overview

• What is Reentrancy

SWC-107 · Overview

• State Variable Default Visibility

SWC-108 · Overview

• What is Uninitialized Storage Pointer

SWC-109 · Overview

• Use of Deprecated Solidity Functions

SWC-111 · Overview

• DoS with Failed Call

SWC-113 · Overview

• Authorization through tx.origin

SWC-115 · Overview

• Signature Malleability

SWC-117 · Overview

• Weak Sources of Randomness from Chain Attributes

SWC-120 · Overview

• Missing Protection against Signature Replay Attacks

SWC-121 · Overview

• Lack of Proper Signature Verification

SWC-122 · Overview

• Insufficient Gas Griefing

SWC-126 · Overview

• DoS With Block Gas Limit

SWC-128 · Overview

• Hash Collisions With Multiple Variable Length Arguments

SWC-133 · Overview

• Message call with hardcoded gas amount

SWC-134 · Overview

• What is Junk code (Code With No Effects)

SWC-135 · Overview

• What is Unencrypted Private Data On-Chain

SWC-136 · Overview

11. Learn Smart contract bugs & Best Security Practices

Overview · Smart Contract Weakness Classification and Test Cases

Audit Techniques & Tools 101

Security Pitfalls & Best Practices 201

Security Pitfalls & Best Practices 201

12. Learn CTF and do the challenges

Openzeppelin’s Ethernaut

Ethernaut

Capture The Ether

Capture the Ether

Damn Vulnerable DeFi

Damn Vulnerable DeFi

Paradigm CTF-2021

GitHub - paradigmxyz/paradigm-ctf-2021: Official repository for Paradigm CTF 2021

Ciphershasta

Cipher Shastra

Smart Contract CTF

Smart Contract CTF

13. Read Reports (Audit Reports):

• QuillAudits

GitHub - Quillhash/QuillAudit_Reports: QuillAudits Smart Contracts, deFi, NFT, tokens,Dao , Dex and…

• Openzeppelin blogs

Security Audits - OpenZeppelin blog

• Consensys Audit

Public Smart Contract Audits and Security Reviews | ConsenSys Diligence

• Code4rena Audit Reports

Security Audit Reports

• Secureum Audit Findings 101

Audit Findings 101

• Secureum Audit Findings 201

Audit Findings 201

13. Learning through several stuffs:

Newsletters :

Blockthreat

Blockchain Threat Intelligence

HashingBit

QuillHash

Immunefi

Immunefi

Discord Communities:

Immunefi

Discord - A New Way to Chat with Friends & Communities

Secureum

Join the Secureum Discord Server!

QuillAudits

Join the quillAudits Discord Server!

Blogs:

Immunefi

Immunefi - Medium

Coinmonk

Coinmonks

TrailOfBits

Trail of Bits Blog

Secureum

Secureum

Openzeppelin

Security Audits - OpenZeppelin blog

QuillAudits

QuillAudits Team - Medium

[-] Bug Bounty in Web3

Immunefi

Immunefi

Code4rena

Code4rena

Hakenproof

HackenProof

Hackerone

HackerOne | #1 Trusted Security Platform and Hacker Program

✨ Bonus

For your convenience in tracking your progress while following the above roadmap, I am sharing a publicly readable version of Notion notes of @0xAsm0d3us, which you can copy it to your own Notion notebook as a template for tracking your progress. Also, follow him on Twitter as the above links is the part of this blog. I just make a roadmap after gathering links from all of the internet so it can help you learn better.

Blockchain Security Checklist

Additional Resources

• Ethereum Homestead Documentation

Home | ethereum.org

• Ethereum Community guides and resources

Learn Hub | ethereum.org

• Solidity Documentation

Solidity - Solidity 0.8.7 documentation

• Solidity, Blockchain, Smart Contract Course

• DeFi Developer Road Map

GitHub - OffcierCia/DeFi-Developer-Road-Map: DeFi Developer roadmap is a curated Web3.0 Developer…

• Scott Sunarto Web3 Handbook

Scott Sunarto | Working in Web3: The Handbook

• Find some resources on Web3 Hacking with Tweets of Adrian Hetman

Any type of comments are welcome. Thank you for your time :)).

Happy Hacking !!!

If you enjoyed reading the article do clap and follow:

Twitter: https://twitter.com/i_amsphinx

LinkedIn: https://www.linkedin.com/in/pathakabhi24/

GitHub: https://github.com/pathakabhi24

If you find this helpful, please click the clap 👏 button below a few times to show your support for the author 👇

🚀Join FAUN & get similar stories in your inbox each week