A log of my learning, progress, and experiences during my cybersecurity internship. This document tracks the skills, tools, and vulnerabilities I've studied on a monthly basis.

My primary activity in September was consistently working through the PortSwigger Web Security Academy labs, which allowed me to apply theoretical knowledge to hands-on challenges. A major highlight was progressing through the Google Cybersecurity Professional Certificate on Coursera, which provided a broad and structured understanding of the cybersecurity landscape.

• Web Application Security: Deepened my understanding by working extensively on practical PortSwigger labs covering a range of common vulnerabilities.
• Vulnerability Analysis: Gained specific, practical knowledge of Server-Side Request Forgery (SSRF), Path Traversal, and various Business Logic Vulnerabilities.
• Comprehensive Cybersecurity Fundamentals: Acquired broad knowledge through the Google Cybersecurity Professional Certificate, covering topics from security frameworks and risk assessment to network security and threat intelligence.

• Server-Side Request Forgery (SSRF): Gained hands-on experience in identifying and exploiting SSRF vulnerabilities, understanding its impact on internal systems.
• Path Traversal: Learned to exploit file path traversal vulnerabilities to access restricted files and directories.
• Business Logic Vulnerabilities: Explored flaws in application logic that could be exploited for unintended purposes.

• Primary Tool: Continued extensive use of `Burp Suite` for all web application testing.
• Platforms & Challenges:
  • PortSwigger Web Security Academy: Focused on completing labs for SSRF, Path Traversal, and Business Logic Vulnerabilities.
  • Google Cybersecurity Professional Certificate: Actively progressed through modules on Coursera.
  • Specialization Task: Continued work on the assigned specialization task.

• 🔒 Status: All activities were conducted in controlled lab environments. No live vulnerabilities were reported.

This past month has been a period of intensive learning, building directly on the foundational knowledge I gained in late July. My journey progressed from reconnaissance to more advanced topics like Web Application, API, and even iOS Security, with a strong focus on practical application.

• Network Security: Gained a deeper understanding of network scanning and methodologies (CEH Module 4).
• Enumeration: Learned the principles and techniques of enumeration (CEH Module 5).
• Web Application Security: Studied advanced modules on web app architecture and common security flaws.
• Vulnerability Analysis: Acquired specific knowledge on the mechanics, impact, and mitigation of Cross-Site Request Forgery (CSRF).
• API & Mobile Security: Gained foundational knowledge of API security concepts and iOS application architecture.

• Cross-Site Request Forgery (CSRF): Gained hands-on experience in identifying and exploiting different types of CSRF vulnerabilities.
• Information Disclosure: Learned to identify vulnerabilities from network scanning and footprinting (e.g., open ports, service banners).
• API Security Risks: Introduced to common risks like insecure endpoints and improper data handling.

• Reconnaissance & Scanning: `knockpy`, `httpx`, `subfinder`, `Nmap`
• Web & API Testing: `Burp Suite`, `Postman`
• Information Gathering: `Google Dorks`
• Platforms & Challenges:
  • PortSwigger Web Security Academy: Completed labs focused on CSRF.
  • Try Hack Me: Completed rooms focusing on Web Fundamentals.
  • Internal Assignments: Worked on Task 2 (Advanced), Task 3, and Specialization Task 4.
  • Personal Lab: Set up a multi-VM lab for remote access and network practice.

• 🔒 Status: The primary objective was skill acquisition in a training environment. No live vulnerabilities were reported.