CyberCode Academy

CyberCode Academy

Welcome to CyberCode Academy — your audio classroom for Programming and Cybersecurity. 🎧 Each course is divided into a series of short, focused episodes that take you from beginner to advanced level — one lesson at a time. From Python and web development to ethical hacking and digital defense, our content transforms complex concepts into simple, engaging audio learning. Study anywhere, anytime — and level up your skills with CyberCode Academy. 🚀 Learn. Code. Secure. You can listen and download our episodes for free on more than 10 different platforms: https://linktr.ee/cybercode_academy

Author

CyberCode Academy

Category

Education

Podcast website

www.spreaker.com

Latest episode

Jul 11, 2026

Where to listen?

Podcasts in the app Replaio Radio Coming soon

Podcasts are coming to the app soon. Install now and be the first to see a whole new take on podcasts

Get it on Google Play Install for free Android 5M+ downloads · 4.8 rating iOS soon

Episodes

Course 3 - Mastering Nuclei for Bug Bounty | Episode 4: Headers, Body, Raw Requests, and Response Matching 12.11.2025

In this lesson, you’ll learn about: Custom headers in templates: define headers: as key–value pairs (e.g., User-Agent, X-Forwarded-Host, or custom headers like X-Test: hello world) to tag or alter requests. Request bodies: use the body: block to send POST/PUT payloads (e.g., search=apple) required by many vulnerable endpoints. Cookie reuse / session handling: enable cookie reuse: true to persist c...

Course 3 - Mastering Nuclei for Bug Bounty | Episode 3: Scanning Lists, Metrics, Template Writing, and Proxying 12.11.2025

In this lesson, you’ll learn about: Feeding targets to Nuclei: enumerating subdomains (e.g., Subfinder), validating live hosts with HTTPX, and supplying host lists to Nuclei via STDIN or the -l flag; importance of prepending http:// / https:// when needed. Tool maintenance: updating Nuclei from the terminal using nuclei -update to get the latest templates and fixes. Real-time monitoring: enabling...

Course 3 - Mastering Nuclei for Bug Bounty | Episode 2: Controlling Scans, Traffic Tuning, and Custom Template Development 12.11.2025

In this lesson, you’ll learn about: Controlling Nuclei template selection — include templates by tags (e.g., xss, tech, enginex), severity (info, low, medium, high, critical), or author; and exclude specific templates/tags/severity with exclusion flags to avoid noisy results. Performance tuning & safe scanning — tune rate-limit (requests/sec), bulk-size (parallel hosts per batch), and -C (conc...

Course 3 - Mastering Nuclei for Bug Bounty | Episode 1: Nuclei: Installation, Template Setup, and First Scan 12.11.2025

In this lesson, you’ll learn about: Nuclei — definition & purpose: a template‑based automated vulnerability scanner written in Go, designed for fast, customizable scanning, mass hunting, and CI/CD integration. Claims & note: community descriptions sometimes state very low false‑positive rates; always validate findings in-scope before reporting. Supported template types: HTTP, DNS, TCP, and...

Course 2 - API Security Offence and Defense | Episode 4: Aggressive Attacks, Traditional Vulnerabilities and Exploitation of Staging APIs 12.11.2025

In this lesson, you’ll learn about: Aggressive Attacks on APIs Denial of Service (DoS): Flooding servers to disrupt service; Layer 7 attacks mimic normal users. Brute Force: Guessing secrets like passwords, JWTs, tokens, or 2FA codes. Mitigation: Rate limiting, authentication for heavy processes, short expiration for secrets, complex codes, caching, load balancing, restricting direct IP access. Ta...

Course 2 - API Security Offence and Defense | Episode 3: OAuth Protocol: Standards, Authorization Flows, Attacks, and Real-World Case Study 12.11.2025

In this lesson, you’ll learn about: OAuth — purpose & distinction: an authorization protocol that grants third-party apps scoped access to user resources without sharing user credentials; it’s about authorization, not authentication. OAuth 1.0a — core concepts & flows: Concepts: Consumer Key/Secret, Nonce, Signed requests (HMAC‑SHA1). Flows: one‑legged (trusted apps), two‑legged (token exc...

Course 2 - API Security Offence and Defense | Episode 2: Authentication Methods and Security: Basic, Digest, and JSON Web Tokens (JWT) 12.11.2025

In this lesson, you’ll learn about: Authentication & Authorization Fundamentals: Authentication: Identifying the user. Authorization: Defining what actions an authenticated user can perform. Stateful vs. Stateless: Stateful: Session cookies store session data on the server. Stateless: Tokens are validated without server-side session storage. Basic and Digest Authentication: Basic Auth: HTTP-ba...

Course 2 - API Security Offence and Defense | Episode 1: API Fundamentals: Standards, Versioning, and Investigative Techniques 12.11.2025

In this lesson, you’ll learn about: APIs — Definition & Evolution: API (Application Programming Interface): A mechanism originally designed to allow software to access operating system libraries; now primarily used for data exchange between servers, web apps, mobile apps, and frontend frameworks like React or Vue. Evolution of API standards: XML-RPC: Early XML-based method, complex and insecur...

Course 1 - BurpSuite Bug Bounty Web Hacking from Scratch | Episode 12: Cookies, Sessions, and Session Management Manipulation Vulnerability 12.11.2025

In this lesson, you’ll learn about: HTTP is stateless: every request is independent, so web apps must implement state mechanisms to track users. Cookies — client-side state: small text files (≈4 KB) stored in the browser holding prefs, auth data, and often session IDs; key attributes: Domain, Path, Expires, Secure (HTTPS-only), and HttpOnly (not accessible to JavaScript). Sessions & Session ID...

Course 1 - BurpSuite Bug Bounty Web Hacking from Scratch | Episode 11: Injection and Directory Path Traversal Attacks. 12.11.2025

In this lesson, you’ll learn about: Critical Web Security Vulnerabilities — Overview: Focus on Injection Attacks and Directory Path Traversal Attacks, two high-risk categories in web applications. Injection Attacks — definition & mechanism: Occur when untrusted input is sent to an interpreter (SQL, OS commands, HTML, CSS, or JavaScript), altering program execution. Can lead to data theft, data...

Course 1 - BurpSuite Bug Bounty Web Hacking from Scratch | Episode 10: XSS: Overview, Security Level Testing, and Real-World Attacks 12.11.2025

In this lesson, you’ll learn about: Definition of Cross-Site Scripting (XSS): A client-side web vulnerability where an application executes user-supplied JavaScript instead of treating it as text. It typically occurs in user input areas such as search fields, comment boxes, or feedback forms. Main Types of XSS: Reflected XSS (Non-persistent): The malicious input is not stored in the database. It o...

Course 1 - BurpSuite Bug Bounty Web Hacking from Scratch | Episode 9: Understanding and Finding SQL Injection Vulnerabilities 12.11.2025

In this lesson, you’ll learn about: SQL Injection (SQLi) — definition & importance: what SQL is (Structured Query Language) and why data-driven apps are high-value targets for injection attacks. Core mechanism: how attackers inject malicious input into dynamic SQL statements (queries built from runtime parameters) to alter logic — e.g., commenting out parts of a query or appending always-true...

Course 1 - BurpSuite Bug Bounty Web Hacking from Scratch | Episode 8: Exploiting Hidden Administrative Pages and Directory Listing 12.11.2025

In this lesson, you’ll learn about: Security Misconfiguration — overview: a broad class of vulnerabilities caused by insecure defaults, incorrect application logic, or poorly documented configuration choices. Why it matters: misconfigurations often expose sensitive functionality or data and are frequently exploitable with low effort, making them high-impact risks. Secret administrative pages (hidd...

Course 1 - BurpSuite Bug Bounty Web Hacking from Scratch | Episode 7: Insecure Direct Object Reference (IDOR): Understanding, Testing 12.11.2025

In this lesson, you’ll learn about: IDOR (Insecure Direct Object Reference) — definition: when user-supplied references (IDs) let attackers access or modify objects they’re not authorized to (files, records, accounts). Core mechanism: the app trusts the client-supplied identifier instead of enforcing authorization checks on the server side. Simple IDOR testing (numeric IDs): try adjacent or sequen...

Course 1 - BurpSuite Bug Bounty Web Hacking from Scratch | Episode 6: Broken Authentication and Session Management: Exploits and Defenses 12.11.2025

In this lesson, you’ll learn about: Broken Authentication and Session Management (BASM): A critical OWASP Top 10 vulnerability that arises from poor handling of user authentication and session controls. Common causes include developer negligence and insecure practices that allow attackers to hijack or reuse valid sessions. Key causes and developer mistakes: Exposing session IDs in the URL. Failing...

Course 1 - BurpSuite Bug Bounty Web Hacking from Scratch | Episode 5: Utilizing Burp Suite Decoder, Comparer, Sequencer, and Engagement Tool 12.11.2025

In this lesson, you’ll learn about: Burp Decoder — purpose & features: decode/encode request and response content (URL, HTML, Base64, ASCIIhex, etc.); smart-decode that detects likely encodings automatically; useful for deobfuscating payloads and analyzing encoded data. Burp Comparer — purpose & uses: visually diff two pieces of content (requests/responses) to highlight added, removed, or...

Course 1 - BurpSuite Bug Bounty Web Hacking from Scratch | Episode 4: Burp Suite Proxy: Configuration, Request Interception, and Repeater 12.11.2025

In this lesson, you’ll learn about: Burp Proxy tab — purpose & subtabs: Intercept (toggle request interception), HTTP History (record of proxied requests), and Options (listen address/port configuration). How the proxy works: Burp listens for browser traffic on a configured IP and port (default 127.0.0.1:8080); the browser must be configured for manual proxying to point to the same host/port....

Course 1 - BurpSuite Bug Bounty Web Hacking from Scratch | Episode 3: Burp Suite: Web Security Testing and Target Scope Configuration 12.11.2025

In this lesson, you’ll learn about: Burp Suite — definition & purpose: a Java-based web-application penetration testing framework by PortSwigger used to discover attack vectors and security flaws. Supported platforms & editions: runs on Windows, macOS, and Linux; available as a Free (Community) edition with limited features and a paid Professional edition with full capabilities. Overall ar...

Course 1 - BurpSuite Bug Bounty Web Hacking from Scratch | Episode 2: Program Types, Methodologies, and the Path to Becoming a Hunter 11.11.2025

In this lesson, you’ll learn about: Bug bounty programs: their purpose and structure as platforms rewarding ethical hackers for discovering and responsibly disclosing security vulnerabilities. Program types: Public programs — open to anyone, often including both white hat and black hat hackers; no certification required. Private programs — invite-only, restricted to trusted and skilled researchers...

Course 1 - BurpSuite Bug Bounty Web Hacking from Scratch | Episode 1: Installing Burp Suite, OWASP BWA, and Bee-Box (Bwapp) 11.11.2025

In this lesson, you’ll learn about: Setting up a web security testing lab to practice web application security, pentesting, and exploiting common web vulnerabilities. Burp Suite — installation & overview: Java requirement (Oracle Java), download from portswigger.net, available editions: Community (free, limited/no scanners/payloads) and Professional (paid, includes passive/active scanners and...

Listen to the CyberCode Academy podcast in Replaio

Radio and podcasts in one app - free, with no sign-up. Install today and do not miss the launch

Get it on Google Play

Replaio is not a podcast publisher; show names, artwork and audio belong to their authors and are distributed through public RSS feeds.