Digital Storytelling ✦ Storywriter ✦ SOC Analyst Tier 2 ✦ Penetration Tester ✦ Web Developer

I’m a cybersecurity enthusiast and system-focused builder who enjoys exploring how digital systems work beneath the surface — from networks and security architecture to web technologies and creative digital projects.

CURIOSITY
SYSTEM THINKING
CYBERSECURITY
CREATIVITY
PHILOSOPHY

I’m a cybersecurity analyst

and system-focused builder.

I’m driven by curiosity—understanding how technology works beneath the surface.

From networks to application logic, I explore the structure behind digital systems.

I focus on

cybersecurity analysis, penetration testing, and web development.

I examine systems closely—how they’re built, where they fail, and why.

I believe the best

builders are not just technical—but thoughtful.

Understanding a system matters more than just using it.

I aim to create work that reflects both logic and imagination.
Developer, CyberSecurity Enthusiast and Digital Storyteller

NAME AND LASTNAME

Edie Sibanda

EMAIL

ediesibanda0010@gmail.com

LOCATION

Zimbabwe and South Africa

CONTACTS


SA : +27 640 893 160
ZIM :+263 789 691 613

Download CV/Resume
This section showcases a collection of projects and technical explorations focused on cybersecurity and system architecture. From analyzing network behavior to experimenting with security vulnerabilities, each project represents hands-on learning.
Table of Content
This section outlines the tools and lab environments I use to analyse systems, perform security testing, and study how vulnerabilities emerge in controlled conditions.
01
Kali Linux
Primary security testing environment
02
Parrot OS
Alternative penetration testing platform
03
Windows
Testing and compatibility analysis
04
Ubuntu Server
Lab-based server simulations
01
Namp
Network scanning and service enumeration.
02
Netcat
Manual connection testing and interaction
03
Wireshark
Packet-level network traffic analysis
04
TCPdump
Command-line packet inspection
01
Burpsuite
Intercepting and analyzing HTTP requests
02
Curl
Crafting and testing HTTP requests manually
03
Gobuster
Directory and endpoint discovery
04
Ffuf
Testing to discover hidden or unintended parts of a system
05
SQLmap
To detect and exploit SQl injection vulnerabilities in web applications
01
Metasploit framework
Vulnerabilities testing in lab environments
02
Searchsploit
Vulnerability reseach and exploit references
03
Hydra
authentication testing in controlled environments
01
Python
Scripting and automation
02
Bash
Command-line workflow and task automation
03
Git
Version control and project tracking
04
VS Code
Development and documentation
01
Oracle VirtualBox
Isolated virtual environments
02
Metasploitable
Vulnerable system analysis
03
DVWA
Web vulnerability testing
04
OWASP JUICE shop
Modern web application security testing
05
TryHackMe
Build foundational knowledge and guided skills,to learning concepts and techniques.
06
HackTheBox
Practice independent problem-solving and simulate real-world attack scenarios.
These projects showcase my approach to cybersecurity through hands-on exploration, strategic analysis, and problem-solving. Each project focuses on understanding systems from the ground up — identifying entry points, analyzing vulnerabilities, and observing system behavior — while emphasizing responsible methodology and real-world application.
01
title
Origin Server Exposure vs CDN
Analysis of exposure, security, and attack surface.
CDN
Server
View
02
overview
CDN Protection Layers
Learn how CDNs shield origin servers from attacks.
View
03
analysis
Network Defense Systems
Firewalls, DMZ, and modern infrastructure security.
View
This section focuses on understanding how web applications communicate, process input, and manange user sessions, and how these behaviors impact security.
01
HTTP Communication Model
02
Request Components & Behavior
03
Authe & Session Management
Web applications rely on HTTP/HTTPS for communication between client and server.

Each interaction follows a request–response cycle that defines how data is exchanged.

Methods like GET and POST determine how information is requested or submitted.

Understanding this model is essential for analyzing application behavior.
HTTP requests contain headers, parameters, and sometimes cookies that shape server interaction.

Headers can reveal technologies, policies, and server configurations.

Modifying request components can change how the application responds.

This helps in understanding logic and uncovering hidden behavior.
Authentication systems validate user identity through credentials submitted to the server.

Once verified, the server creates a session to maintain the user’s state.

Session tokens or cookies are used to persist authentication across requests.

Understanding session handling is key to analyzing access control mechanisms.



04
Surface Mapping (Enumeration)
05
Input Handling & Risk Areas
06
Server Response Behavior
Web applications expose multiple endpoints such as directories, APIs, and hidden routes.

Identifying these expands the visible attack surface of the application.

Enumeration helps reveal functionality not immediately visible on the interface.

This process forms the foundation for deeper security analysis.
Web applications process user input through forms, parameters, and request bodies.

Improper handling of this input can lead to unexpected behavior or vulnerabilities.

Validating and sanitizing input is critical for maintaining security.

Understanding this helps identify areas where applications may be at risk.
Server responses include status codes, headers, and content that reflect backend behavior.

Different responses can indicate access control, errors, or misconfigurations.

Analyzing these responses helps in understanding how the system processes requests.

It also provides insight into potential weaknesses in the application.
Review My Reports
This section showcases a collection of my cybersecurity write-ups,where I document and analyze real-world vulnerabilities and hands-on security challenges.
01
SQL Injection via Product Category Filter
The application is vulnerable to SQL injection in the product category filter parameter. By manipulating the category parameter, it is possible to perform a UNION-based SQL injection.
02
Blind OS Command Injection Leading to Remote Command Execution
User-controlled input is passed into a backend shell command without proper sanitization, allowing arbitrary command execution.
03
Authentication Bypass via Improper Session Enforcement
The application allows users to access protected account functionality before completing the second authentication factor. By directly requesting the account using the session cookie issued after primary authentication.
04
Horizontal Privilege Escalation via GUID-Based User ID
While exploring the user account pages, I found that the application allows users to access other users’ account data by manipulating a user ID parameter.
05
Directory Traversal Vulnerability Allowing Access to Sensitive Files
The application is vulnerable to directory traversal via a user-controlled file path parameter. When I can manipulate the file path to access files their not intended to access. This allows unauthorized reading of sensitive system files.
ANY OTHER THOUGHTS?
Digital Storytelling ✦ Storywriter ✦ SOC Analyst Tier 2 ✦ Penetration Tester ✦ Web Developer
I’m a cybersecurity enthusiast and system-focused builder who enjoys exploring how digital systems work beneath the surface.
CURIOSITY
SYSTEM THINKING
CYBERSECURITY
CREATIVITY
PHILOSOPHY
I’m a cybersecurity analyst and system-focused builder. From networks to application logic, I explore the structure behind digital systems.
I focus on cybersecurity analysis, penetration testing, and web development.

I examine systems closely—how they’re built, where they fail, and why.

I believe the best builders are not just technical—but thoughtful. Understanding a system matters more than just using it. I aim to create work that reflects both logic and imagination.

Developer,Cybersecurity Enthusiast and Digital Storyteller

NAME

Edie Sibanda
Email: ettnemxfacami671@gmail.com
Open to Work

Location

  • South Africa
  • Zimbabwe

Contact Me

  • +27 638 327 2627
  • +263 78 969 1613

This section showcases a collection of projects and technical explorations focused on cybersecurity and system architecture. From analyzing network behavior to experimenting with security vulnerabilities, each project represents hands-on learning.

Table of Content
1
2
3
4

This section outlines the tools and lab environments I use to analyse systems, perform security testing, and study how vulnerabilities emerge in controlled conditions.

01
Kali Linux
Primary security testing environment
02
Parrot OS
Alternative penetration testing platform
03
Windows
Testing and compatibility analysis
04
Ubuntu Server
Lab-based server simulations
01
Namp
Network scanning and service enumeration.
02
Netcat
Manual connection testing and interaction
03
Wireshark
Packet-level network traffic analysis
04
TCPdump
Command-line packet inspection
01
Burpsuite
Intercepting and analyzing HTTP requests
02
Curl
Crafting and testing HTTP requests manually
03
Gobuster
Directory and endpoint discovery
04
Ffuf
Testing to discover hidden or unintended parts of a system
05
SQLmap
To detect and exploit SQl injection vulnerabilities in web applications
01
Metasploit framework
Vulnerabilities testing in lab environments
02
Searchsploit
Vulnerability reseach and exploit references
03
Hydra
authentication testing in controlled environments
01
Python
Scripting and automation
02
Bash
Command-line workflow and task automation
03
Git
Version control and project tracking
04
VS Code
Development and documentation
01
Oracle VirtualBox
Isolated virtual environments
02
Metasploitable
Vulnerable system analysis
03
DVWA
Web vulnerability testing
04
OWASP JUICE shop
Modern web application security testing
05
TryHackMe
Build foundational knowledge and guided skills, to learning concepts.
06
HackTheBox
Practice independent problem-solving and simulate real-world scenarios.
Each project focuses on understanding systems from the ground up — identifying entry points, analyzing vulnerabilities, and observing system behavior
01
title
Origin Server Exposure vs CDN
Analysis of exposure, security, and attack surface.
CDN
Server
View
02
overview
CDN Protection Layers
Learn how CDNs shield origin servers from attacks.
View
03
analysis
Network Defense Systems
Firewalls, DMZ, and modern infrastructure security.
View
Review My Reports
This section showcases a collection of my cybersecurity write-ups,where I document and analyze real-world vulnerabilities and hands-on security challenges.
01
SQL Injection via Product Category Filter
The application is vulnerable to SQL injection in the product category filter parameter. By manipulating the category parameter, it is possible to perform a UNION-based SQL injection.
02
Blind OS Command Injection Leading to Remote Command Execution
User-controlled input is passed into a backend shell command without proper sanitization, allowing arbitrary command execution.
03
Authentication Bypass via Improper Session Enforcement
The application allows users to access protected account functionality before completing the second authentication factor. By directly requesting the account using the session cookie issued after primary authentication.
04
Horizontal Privilege Escalation via GUID-Based User ID
While exploring the user account pages, I found that the application allows users to access other users’ account data by manipulating a user ID parameter.
05
Directory Traversal Vulnerability Allowing Access to Sensitive Files
The application is vulnerable to directory traversal via a user-controlled file path parameter. When I can manipulate the file path to access files their not intended to access. This allows unauthorized reading of sensitive system files.
This section focuses on understanding how web applications communicate, process input, and manange user sessions, and how these behaviors impact security.
1

HTTP Communication Model

Web applications rely on HTTP/HTTPS for communication between client and server.

Each interaction follows a request–response cycle that defines how data is exchanged.

Methods like GET and POST determine how information is requested or submitted.

Understanding this model is essential for analyzing application behavior.
2

Request Components & Behavior

HTTP requests contain headers, parameters, and sometimes cookies that shape server interaction.

Headers can reveal technologies, policies, and server configurations.

Modifying request components can change how the application responds.

This helps in understanding logic and uncovering hidden behavior.
3

Authe & Session Management

Authentication systems validate user identity through credentials submitted to the server.

Once verified, the server creates a session to maintain the user’s state.

Session tokens or cookies are used to persist authentication across requests.

Understanding session handling is key to analyzing access control mechanisms.
4

Surface Mapping (Enumeration)

Web applications expose multiple endpoints such as directories, APIs, and hidden routes.

Identifying these expands the visible attack surface of the application.

Enumeration helps reveal functionality not immediately visible on the interface.

This process forms the foundation for deeper security analysis.
5

Input Handling & Risk Areas

Web applications process user input through forms, parameters, and request bodies.

Improper handling of this input can lead to unexpected behavior or vulnerabilities.

Validating and sanitizing input is critical for maintaining security.

Understanding this helps identify areas where applications may be at risk.
6

Server Response Behavior

Server responses include status codes, headers, and content that reflect backend behavior.

Different responses can indicate access control, errors, or misconfigurations.

Analyzing these responses helps in understanding how the system processes requests.

It also provides insight into potential weaknesses in the application.