Defensive Practice

Security Labs

Learning security through hands-on configuration.

I practice defensive security as part of becoming a stronger full-stack developer. This page documents hands-on work with authentication, RBAC, validation, OWASP testing, and network-defense labs. I am not presenting myself as a security expert; I use these labs to build safer development habits.

Security Awareness

Practical security areas I keep close to my full-stack work: access control, input handling, testing reports, and defensive network fundamentals.

These labs are presented as practice evidence, not expert claims. They show the habits I am building around safer application development.

Defensive Web Security

OWASP Top 10
OWASP ZAP
Validation
Secure Defaults

Identity and Access

JWT Authentication
RBAC
Password Hashing
Session Boundaries

Networking Foundations

TCP/IP
HTTP Headers
CSRF Protection
Firewall Concepts

Risk Discovery

Test Reports
XSS Prevention
SQL Injection Prevention
Threat Thinking

Hands-on Labs

Simulated environments where I practice network defense, intrusion detection, and vulnerability testing.

JWT + RBAC Security Practice

Identity & Access

Scenario: Built authentication and authorization flows to practice safer access boundaries in web applications.
Evidence/Action: Implemented role-based route restrictions, hashed passwords, and session checks in a demo application.
Learning Focus:Identity boundaries, user roles, and secure login habits.
JWT
RBAC
Bcrypt
Protected Routes
Completed

CSRF Protection and Validation Practice

Web Security

Scenario: Practiced request validation and CSRF defenses for forms and authenticated actions.
Evidence/Action: Added token checks, input validation, and safer request handling patterns in web app practice work.
Learning Focus:Reducing common form, session, and input-handling risks.
CSRF Tokens
Validation
Security Headers
Completed

OWASP ZAP Testing Practice

Web Security

Scenario: Used OWASP ZAP to scan local or demo applications and review common web security findings.
Evidence/Action: Generated scan results, reviewed alerts, and used findings to improve application configuration and validation.
Learning Focus:Finding common web issues and translating reports into practical fixes.
OWASP ZAP
Manual Review
OWASP Top 10
Completed

OPNsense / Suricata NIDPS Lab

Network Defense

Scenario: Configured a defensive network lab to practice firewall rules, IDS/IPS behavior, and suspicious traffic review.
Evidence/Action: Created filtering rules, reviewed alerts, and tested detection behavior with simulated traffic.
Learning Focus:Network defense fundamentals, packet inspection, and rule-based detection.
OPNsense
Suricata
Firewall Rules
Virtual Lab
Completed

SQL Injection Detection / Restriction Lab

Web Security

Scenario: Practiced identifying SQL injection risk and applying safer query and validation patterns.
Evidence/Action: Tested unsafe input paths, restricted risky patterns, and documented safer database access habits.
Learning Focus:Database input safety and defensive query handling.
SQL
Parameterized Queries
Validation
OWASP Testing
Completed

Certificates & Badges

Verified security learning records and badges.

ISC2 Candidate

ISC2 via Credly

"Demonstrates commitment to the cybersecurity profession and adherence to the ISC2 Code of Ethics."

Digital Badge
Verified

Introduction to Critical Infrastructure Protection

OPSWAT Academy

"Covered fundamentals of protecting critical infrastructure, IT vs. OT environments, and specific industrial cyber threats."

Certificate of Completion
Verified

Currently Learning

Planned or in-progress learning goals, kept separate from verified certificates.

Cyber Threat Intelligence Certificate

Monash University / OpenLearning

"Future objective to deepen understanding of threat actor behaviors and intelligence gathering."

Certificate of Completion
Planned

Introduction to Cybersecurity

Cisco Networking Academy

Certificate of Completion
Planned

FCF Cybersecurity

Fortinet

Certificate of Completion
Planned

Let's connect

Open to teams and technical roles where I can contribute, learn from feedback, and keep growing.

Email MeGitHub