CyberCode Academy

CyberCode Academy

Welcome to CyberCode Academy — your audio classroom for Programming and Cybersecurity. 🎧 Each course is divided into a series of short, focused episodes that take you from beginner to advanced level — one lesson at a time. From Python and web development to ethical hacking and digital defense, our content transforms complex concepts into simple, engaging audio learning. Study anywhere, anytime — and level up your skills with CyberCode Academy. 🚀 Learn. Code. Secure. You can listen and download our episodes for free on more than 10 different platforms: https://linktr.ee/cybercode_academy

  1. 7h ago

    Course 40 - Web Scraping with Python | Episode 6: From Scrapy Framework Foundations to Professional Spiders

    In this lesson, you’ll learn about: building scalable scraping systems with Scrapy, mastering selectors in real time, and designing efficient, production-ready spiders1. What is Scrapy (and Why It Matters)?🔹 The Framework ApproachUse Scrapy Not just a library → a full scraping engineHandles:Requests schedulingData pipelinesMiddlewareConcurrency👉 Key Insight Scrapy follows the Hollywood Principle:“Don’t call us, we’ll call you” You define rules → Scrapy controls execution2. Project Setup with Scrapy CLI🔹 Initialize a Projectscrapy startproject myproject cd myproject scrapy genspider example example.com 🔹 Project Structure Overview spiders/ → your scraping logicitems.py → data modelspipelines.py → cleaning & storagesettings.py → configuration👉 Clean structure = scalable scraping system3. Mastering the Scrapy Shell🔹 Interactive Testing Toolscrapy shell "https://example.com" 🔹 Why It’s Powerful Test CSS selectors instantlyTest XPath queries in real timeDebug without running full spiders🔹 Handling 403 Forbidden ErrorsWebsites may block bots → fix using User-Agentscrapy shell -s USER_AGENT="Mozilla/5.0" "https://example.com" 👉 Key Insight Many blocks are superficial → mimic real browser behavior4. Building a Professional Spider🔹 Basic Spider Structureimport scrapy class ExampleSpider(scrapy.Spider): name = "example" def start_requests(self): urls = ["https://example.com"] for url in urls: yield scrapy.Request(url=url, callback=self.parse) def parse(self, response): for item in response.css("div.item"): yield { "title": item.css("h2::text").get(), "link": item.css("a::attr(href)").get() } 🔹 Key Concepts1. Inheritance Spider inherits from scrapy.SpiderGains built-in crawling behavior2. start_requests Entry point of the spiderSends initial HTTP requests3. parse Default callback methodExtracts and processes data4. Using yield Streams data instead of storing it all in memory👉 Benefit: FasterMemory-efficientScales to large datasets5. Data Cleaning in the Real World🔹 Common Problems Extra whitespaceBroken HTMLHidden commentsMissing attributes🔹 Cleaning Exampletitle = item.css("h2::text").get(default="").strip() 👉 Pro Tip Always assume: Data is messyStructure may change6. The “Brittle Web” ProblemWeb scraping is fragile because: Websites change structureContent loads dynamicallyAnti-bot protections evolve🔹 Practical Survival Tips Use incognito mode to test pagesSave HTML locally for debuggingWrite flexible selectorsAvoid over-specific paths7. Handling Dynamic Content🔹 ChallengeSome sites use JavaScript → Scrapy can’t see rendered content🔹 Solutions Reverse-engineer API callsUse headless browsers (if needed)Inspect network tab instead of HTML8. Big Picture Workflow Create project (Scrapy CLI)Explore site (Scrapy Shell)Build spider (class + methods)Extract data (selectors)Clean dataExport structured resultsMental ModelRequest → Response → Selector → Clean → Yield → Pipeline👉 Final Takeaway Scrapy transforms scraping from simple scripts into robust, production-grade systems—but mastering it means thinking like an engineer, not just a coder. You can listen and download our episodes for free on more than 10 different platforms: https://linktr.ee/cybercode_academy

    Course 40 - Web Scraping with Python | Episode 6: From Scrapy Framework Foundations to Professional Spiders
  2. 1d ago

    Course 40 - Web Scraping with Python | Episode 5: From Environment Setup to Pandas DataFrames

    In this lesson, you’ll learn about: setting up a professional Python scraping environment, extracting web data step-by-step, and transforming raw HTML into structured datasets1. Setting Up Your Development Environment🔹 Python Version ManagementUse pyenv Install and switch between Python versions بسهولةAvoid compatibility issues across projects🔹 Virtual Environments & DependenciesUse pipenv Create isolated environmentsManage dependencies like:requestsBeautifulSoup4pandas👉 Key Insight Clean environment = fewer bugs + reproducible projects🔹 Interactive DevelopmentUse JupyterLab Run code in cells step-by-stepInspect outputs instantlyExplore files and HTML visually2. Downloading & Inspecting Web Content🔹 Fetching HTML PagesUse Requestsimport requests url = "https://example.com" response = requests.get(url) html = response.text 🔹 Why Save Locally? Work offlineAvoid repeated requestsDebug faster🔹 Inspecting the PageUse: JupyterLab HTML viewerBrowser DevTools (Elements tab)👉 Goal: Locate the exact HTML structure of your target data (e.g., tables, divs)3. Extracting Data with BeautifulSoup🔹 Parsing HTMLUse BeautifulSoupfrom bs4 import BeautifulSoup soup = BeautifulSoup(html, "html.parser") 🔹 Using CSS Selectorstable = soup.select("table.wikitable")[0] rows = table.select("tr") 👉 This allows precise targeting of elements4. Cleaning the Data🔹 Fix Column Names Remove whitespaceReplace spaces with _clean_header = header.text.strip().replace(" ", "_") 🔹 Remove Unwanted Patterns (Regex)Use Regular Expressionimport re clean_text = re.sub(r"\[.*?\]", "", raw_text) 👉 Removes things like: [1], [citation needed]5. Structuring the Data🔹 Build a “List of Lists”data = [] for row in rows: cols = [col.text.strip() for col in row.select("td")] data.append(cols) 👉 Structure becomes:[ ["Name", "Age", "City"], ["John", "25", "NY"], ] 6. Creating a DataFrame🔹 Use PandasUse pandasimport pandas as pd df = pd.DataFrame(data[1:], columns=data[0]) 🔹 Why DataFrames Matter Easy filteringData analysisExport to CSV/Excel7. Full Workflow (Big Picture) Setup environment (pyenv + pipenv)Fetch HTML (Requests)Inspect structure (DevTools / Jupyter)Extract data (BeautifulSoup)Clean data (Regex + string ops)Structure data (lists)Analyze (Pandas DataFrame)Mental ModelRaw HTML → Parsed DOM → Extracted Elements → Clean Data → Structured Dataset → Analysis👉 Final Takeaway A successful scraping project is not just about extraction— it’s about building a clean, repeatable pipeline that turns messy web content into usable data. You can listen and download our episodes for free on more than 10 different platforms: https://linktr.ee/cybercode_academy

    Course 40 - Web Scraping with Python | Episode 5: From Environment Setup to Pandas DataFrames
  3. 2d ago

    Course 40 - Web Scraping with Python | Episode 4: Ethics, Risks, and the hiQ Precedent

    In this lesson, you’ll learn about: the legality and ethics of web scraping, the difference between scraping and hacking, and how to stay safe while collecting data1. What is Web Scraping (Revisited)?🔹 Definition: Web scraping is automated web browsing—using code to collect data just like a human would, but at scale👉 Key Insight If a human can view and copy it, a script can usually extract it faster2. Ethical Use: “Good Bots” vs “Bad Bots”🔹 Ethical (Good Bot) Use Cases Academic research (e.g., studying bias or trends)Search engine indexingPersonal automation projects👉 Example: Search engines rely on scraping to make websites discoverable🔹 Question to Ask Yourself Am I harming the website?Am I violating user privacy?Am I redistributing someone else’s content unfairly?👉 Ethics = intent + impact3. Scraping vs. Hacking (Critical Distinction)🔹 Scraping: Accessing publicly available dataNo bypassing authenticationNo system exploitation🔹 Hacking: Breaking into protected systemsBypassing login/authenticationExploiting vulnerabilities👉 Key Insight The line is clear: Public access = generally safe Unauthorized access = illegal4. Legal Risks You Should Understand🔹 Generally Safe Scraping public pagesPersonal or educational use🔹 Risky Areas Ignoring Terms of ServiceScraping behind login pagesRepublishing copyrighted dataOverloading servers (DoS-like behavior)👉 Even if not criminal, this can lead to: LawsuitsIP bansAccount suspension5. Real-World Case Study🔹 HiQ Labs vs LinkedIn👉 What happened: HiQ scraped public LinkedIn profilesLinkedIn tried to block them👉 Legal outcome: Courts ruled scraping public data is not hacking👉 Why it matters: Set a major precedent for scraping legality6. Personal vs Commercial Risk🔹 Low Risk (Personal Projects) Tracking prices on marketplacesHobby data collectionSmall-scale scripts🔹 High Risk (Commercial Use) Scraping large platforms likeAmazonFacebook👉 Why risky: Strong legal teamsStrict enforcementHigh financial stakes7. Practical Safety Guidelines🔹 Always follow these rules: Respect robots.txt (when applicable)Avoid sending too many requests (rate limiting)Don’t scrape private or sensitive dataDon’t bypass authentication systemsDon’t republish copyrighted content8. Big PictureWeb scraping is powerful—but comes with responsibility👉 Think of it as: A tool for innovationNot a shortcut for exploitationMental ModelCan access publicly → OK (usually) Need to bypass security → Not OK👉 Final Takeaway The internet is becoming a data goldmine, but success in scraping depends on staying ethical, legal, and respectful of boundaries You can listen and download our episodes for free on more than 10 different platforms: https://linktr.ee/cybercode_academy

    Course 40 - Web Scraping with Python | Episode 4: Ethics, Risks, and the hiQ Precedent
  4. 3d ago

    Course 40 - Web Scraping with Python | Episode 3: Mastering CSS, XPath, and Developer Tools

    In this lesson, you’ll learn about: how to extract precise data from web pages using selectors, how CSS and XPath differ, and how to apply them effectively with real browser tools1. What is Data Extraction (“SQL for the Web”)🔹 Core IdeaData extraction is about selecting exactly what you want from a web page—just like SQL queries select rows from a database.Using tools like Beautiful Soup, you can: Target specific elementsExtract clean textAutomate structured data collection👉 Key Insight The power is not in scraping everything— it’s in extracting only what matters2. Understanding HTML Structure🔹 The DOM Tree Concept Web pages are structured like a treeElements have:ParentsChildrenSiblings👉 Example: Title $10 3. CSS Selectors (Your First Tool)🔹 Basics Tag → divClass → .priceID → #main🔹 Combining Selectorssoup.select("div.product span.price") 👉 This means: Find span.priceInside div.product🔹 Why CSS is Powerful Simple and readableFast to writeWorks directly in browsers4. XPath (Advanced Targeting)🔹 What is XPath?Use XPath Treats HTML as a navigable treeMore flexible than CSS🔹 Key Syntax //div → find anywhere/div → direct child[@class="price"] → filter by attribute🔹 Example//div[@class="product"]//span[@class="price"] 🔹 When XPath Wins Complex structuresConditional logicTraversing up/down the tree5. CSS vs XPath (Quick Comparison)FeatureCSSXPathEase of useEasyMediumPowerModerateHighReadabilityHighLowerComplex queriesLimitedStrong👉 Rule of Thumb Start with CSSSwitch to XPath when needed6. Using Chrome Developer Tools🔹 Inspecting ElementsSteps: Right-click → InspectView HTML structureTest selectors live🔹 Pro Techniques1. Visual Debugging Temporarily change styles:background: orange; 👉 Confirms your selector targets the correct elements2. Copy Selectors Automatically Right-click element → Copy →CSS SelectorXPath3. Test in Consoledocument.querySelectorAll("div.product") 7. Real-World Extraction Scenarios🔹 Example: Wikipedia Tables Identify Loop through rowsExtract cells🔹 Example: Complex Graphs (SVG + JS)Challenges:Data not in visible HTMLRendered via JavaScriptStored inside SVG elements👉 Solution:Inspect deeplyCheck network requestsReverse-engineer data source8. Best Practices for Clean Extraction🔹 Stay OrganizedWork step-by-stepTest selectors incrementally🔹 Write Robust SelectorsAvoid:div > div > div > span Prefer:.product .price 🔹 Expect ChangeWebsites update frequentlyBuild flexible logic9. Mental ModelHTML → Selector → Extract → Clean → Structure👉 Final Takeaway Mastering data extraction is less about tools and more about thinking structurally—once you understand how the web is built, you can query it with precision just like a database. You can listen and download our episodes for free on more than 10 different platforms: https://linktr.ee/cybercode_academy

    Course 40 - Web Scraping with Python | Episode 3: Mastering CSS, XPath, and Developer Tools
  5. 4d ago

    Course 40 - Web Scraping with Python | Episode 2: From HTTP Basics to URL Hacking

    In this lesson, you’ll learn about: how automated data collection works, the fundamentals of HTTP, and how to build dynamic scraping workflows1. Human vs. Automated Browsing🔹 Human browsing: Click linksScroll pagesView imagesManually extract information🔹 Automated browsing (web scraping): Send requests to serversDownload raw HTMLParse structured dataStore results automatically👉 Key Insight Scraping is simply doing what humans do—but faster, consistently, and at scale2. The Foundation of the Web: HTTP🔹 Concept: Hypertext Transfer Protocol (HTTP) is the communication layer of the web🔹 Request–Response Cycle Client sends a requestServer processes itServer returns a response👉 Everything in web scraping is built on this cycle🔹 Important Components🔹 User-Agent Identifies the client (browser or script)Websites may block unknown or suspicious agents🔹 Core HTTP Methods🔹 GET Used to retrieve dataMost common in scraping🔹 POST Used to send dataRequired for:Login formsSearch filtersSubmissions👉 Key Insight Understanding GET and POST lets you replicate real user actions programmatically3. URL Structure & “URL Hacking”🔹 A URL contains: Scheme (https://)Host (domain)PathQuery parameters🔹 Query Strings Example?category=laptops&price=1000 Modify parameters to change resultsAccess filtered data without UI interaction👉 This is called URL manipulation (or URL hacking)🔹 Why it’s powerful: Skip manual navigationDirectly access datasetsAutomate large-scale queries4. Building Dynamic Scrapers🔹 Python Tools🔹 HTTP RequestsRequests Sends GET/POST requestsRetrieves page content🔹 Dynamic URL GenerationUsing Python f-strings:url = f"https://example.com/search?q={keyword}&page={page}" 👉 Allows: Looping through pagesChanging filters dynamicallyScaling data collection5. Simple Automation Flow Build URL with parametersSend request using RequestsReceive HTML responseExtract required dataStore for later use6. Big PictureThis approach transforms you from: A passive web user ➡️ intoAn automated data engineerMental ModelUser action → HTTP request → server response → parsed data → automation👉 Mastering HTTP + URLs = full control over web data extraction You can listen and download our episodes for free on more than 10 different platforms: https://linktr.ee/cybercode_academy

    Course 40 - Web Scraping with Python | Episode 2: From HTTP Basics to URL Hacking
  6. 5d ago

    Course 40 - Web Scraping with Python | Episode 1: From Business Profits to Practical Solutions

    In this lesson, you’ll learn about: how web scraping unlocks hidden web data, real-world applications, and the essential tools used to build scraping systems1. What is Web Scraping?🔹 Definition: Web scraping is the process of automatically extracting data from websites👉 Key idea It turns the internet into a massive, queryable database, even when no API exists2. Why Web Scraping Matters🔹 Problem: Most web data is: Not downloadableNot structuredLocked inside HTML pages🔹 Solution: Scraping allows you to: ExtractCleanStoreAnalyze👉 Key Insight Scraping = automated browsing + structured data extraction3. Real-World Applications🔹 Business Intelligence Talent analytics from public profilesWorkforce insights and hiring trendsExample: HiQ Labs Uses scraped public data to: Analyze employee skillsPredict turnover risks🔹 Marketing & Competitive Analysis Price monitoringCompetitor trackingLead generation👉 Companies use scraping to stay ahead in real-time markets🔹 Research & Data Science Academic datasetsSocial trendsPublic information aggregation🔹 Personal AutomationExample use case: Searching for the best Tesla dealAutomation can: Scrape car listingsCompare pricesInclude external costs (like flights)👉 Result: optimized decision-making with minimal effort4. Web Scraping Toolkit🔹 Basic HTTP RequestsRequests Sends HTTP requestsRetrieves raw HTML content🔹 HTML ParsingBeautiful Soup Extracts specific data from HTMLNavigates page structure🔹 Advanced CrawlingScrapy Handles large-scale scrapingBuilt-in pipelines and automation🔹 Browser AutomationSelenium Interacts with dynamic websitesHandles JavaScript-rendered contentSimulates real user behavior5. How Scraping Works (Simple Flow) Send request to a webpageReceive HTML contentParse and extract needed dataClean and structure the dataStore for analysis6. Big PictureWeb scraping enables: Data extraction where APIs don’t existAutomation of repetitive research tasksCreation of new data-driven productsMental ModelWeb page → HTML → parser → structured data → insights👉 Scraping transforms unstructured web content into usable intelligence You can listen and download our episodes for free on more than 10 different platforms: https://linktr.ee/cybercode_academy

    Course 40 - Web Scraping with Python | Episode 1: From Business Profits to Practical Solutions
  7. 6d ago

    Course 39 - NodeJS Security Pentesting and Exploitation | Episode 4: Manual and Automated Code Review Essentials

    In this lesson, you’ll learn about: auditing Node.js applications using manual code review techniques and automated static analysis tools to identify security vulnerabilities1. What is Node.js Application Auditing?🔹 Purpose: Systematically review a Node.js codebase to find security weaknesses before attackers do🔹 Two main approaches:Manual code reviewAutomated static analysis👉 Key idea Real security comes from combining both approaches2. Manual Code Review Strategy🔹 Focus areas during review:🔹 File and database operationsLook for unsafe reads/writesCheck uncontrolled file paths🔹 Cryptography usageWeak hashing (e.g., MD5)Disabled SSL verificationImproper encryption handling🔹 User input trackingFollow input from: request → processing → database → response👉 Key Insight Most vulnerabilities appear where input is not properly encoded or escaped🔹 Common resulting vulnerabilities:SQL InjectionCross-Site Scripting (XSS)Remote Code Execution (RCE)🔹 Reference knowledge base:OWASP Code Review Guide3. Automated Static Analysis (NodeJsScan)🔹 Tool: NodeJsScan🔹 What it does:Scans code without running it to detect security issues🔹 Key detection capabilities:1. Dangerous functionseval()OS command execution functions👉 Flags potential RCE paths2. Security misconfigurationsMissing CSP headersMissing HSTSMissing X-Frame-Options3. Dependency vulnerabilitiesUses Retire.jsDetects outdated or vulnerable libraries4. Custom rule supportAdd regex/string patternsConfigure rules in rules.xml4. Practical Workflow ExampleUsing vulnerable apps like NodeGoat:Tool scans entire codebaseFlags vulnerable linesShows file + exact line numberSpeeds up remediation process5. Big PictureSecurity auditing is about:Manual review → deep understanding Static analysis → fast detection at scale👉 Best practice: Use both together for complete coverageMental ModelCode → input flow tracking → unsafe sinks → automated scanning → verified findings You can listen and download our episodes for free on more than 10 different platforms: https://linktr.ee/cybercode_academy

    Course 39 - NodeJS Security Pentesting and Exploitation | Episode 4: Manual and Automated Code Review Essentials
  8. Jul 9

    Course 39 - NodeJS Security Pentesting and Exploitation | Episode 3: Hardening Code and Preventing Attacks

    In this lesson, you’ll learn about: securing Node.js applications through safe coding practices, HTTP security headers, ReDoS protection, and preventing information disclosure1. Secure Coding in Node.js🔹 Key idea: Secure Node.js applications require strict control over execution context and defaults.🔹 Strict ModeEnables safer JavaScript executionPrevents accidental global variablesForces explicit variable declarations👉 Key Insight Strict mode reduces “silent” security bugs caused by sloppy scope handling2. HTTP Security Headers (Defense Layer)🔹 Tool: Helmet.js🔹 What it does: Automatically sets important security headers in Express apps.🔹 Key headers it manages:Content Security Policy (CSP) → blocks malicious scriptsHTTP Strict Transport Security (HSTS) → forces HTTPSXSS Protection headers → reduces injection risks👉 Key Insight Headers act as a browser-level security shield3. Secure Cookies🔹 Important flags:HttpOnlyBlocks JavaScript access to cookiesSecureEnsures cookies are only sent over HTTPS👉 Key Insight Even if XSS happens, HttpOnly cookies cannot be stolen via JS4. Regular Expression Denial of Service (ReDoS)🔹 What it is: A performance attack exploiting bad regex patterns🔹 How it works:Complex input causes exponential backtrackingCPU usage spikesServer becomes unresponsive🔹 Common risk area:Email validationInput sanitization👉 Key Insight A “valid” input can still be a computational attack5. Preventing ReDoS Attacks🔹 Strategies:Avoid overly complex regex patternsLimit input lengthUse safe validation librariesBenchmark regex performance👉 Key Insight Security includes performance safety, not just access control6. Information Disclosure Risks🔹 Problem: Attackers learn stack/framework details from responses7. Hiding Technology Fingerprints🔹 Disable default headersRemove X-Powered-ByHide framework identity🔹 Tools:Express.jsExample:Default headers reveal backend technologyRemoving them reduces attack surface visibility8. Session Cookie Hardening🔹 Risk: Default cookies like connect.sid reveal framework usage🔹 Fix:Rename cookiesCustomize session identifiers👉 Key Insight Small naming details can expose backend stack9. Custom Error Handling🔹 Problem: Default errors expose:Stack tracesFile pathsInternal logic🔹 Fix:Use production-safe error handlersReturn generic messages only👉 Key Insight Errors should help users—not attackers10. Big PictureYou are learning how to:👉 Harden Node.js applications at multiple layers 👉 Prevent CPU-based DoS attacks (ReDoS) 👉 Reduce information leakage from HTTP responses 👉 Apply production-grade security middlewareMental ModelStrict mode → secure headers → safe cookies → regex safety → hidden fingerprints → controlled errors → hardened application surface You can listen and download our episodes for free on more than 10 different platforms: https://linktr.ee/cybercode_academy

    Course 39 - NodeJS Security Pentesting and Exploitation | Episode 3: Hardening Code and Preventing Attacks

About

Welcome to CyberCode Academy — your audio classroom for Programming and Cybersecurity. 🎧 Each course is divided into a series of short, focused episodes that take you from beginner to advanced level — one lesson at a time. From Python and web development to ethical hacking and digital defense, our content transforms complex concepts into simple, engaging audio learning. Study anywhere, anytime — and level up your skills with CyberCode Academy. 🚀 Learn. Code. Secure. You can listen and download our episodes for free on more than 10 different platforms: https://linktr.ee/cybercode_academy

You Might Also Like