Hot all over the Internet! A total of 327 pages of "Web Security Core Knowledge from Getting Started to Imprisonment", please take it away

Many friends say that they don't know how to enter the industry safely, and they don't know where to start learning. As a senior penetration engineer who has been in the industry for ten years, how can I let my fans not know that it is safe to enter the industry! For this reason, I opened up and sorted out the content when I first started studying (learn and learn from time to time, and consolidate it again). In addition to the theoretical study of security, you also need to apply the knowledge you have learned in the actual combat situation during the learning process, so that you can improve your skills faster and more firmly.

The " Web Security Study Notes " that I brought together today helped me win offers from Qi Anxin, Sangfor, and Anheng when I just graduated. It contains general content: computer basics, information collection, common vulnerability attack and defense, programming Language, intranet penetration, defense technology, tool resources, code audit, etc.

There are a lot of details in it. There are more than 300 pages of documents, and only some chapters can be picked out for introduction. Each small node has more detailed content! The following is the catalog of some knowledge points. Due to the space limitation of the platform, the detailed explanations on the sub-nodes cannot be fully displayed. To obtain all the detailed knowledge explanations of the following chapters, click the link below.

 

1. Introduction

• 1.1. Web Technology Evolution
• 1.1.1. Static pages
• 1.1.2. Multimedia stage
• 1.1.3. CGI stage
• 1.1.4. Ajax
• 1.1.5. MVC
• 1.1.6. RESTful
• 1.1.7. Cloud Services
• 1.1.8. Reference links
• 1.2. Evolution of Web offensive and defensive technologies
• 1.3. Security concept
• 1.3.1. The three most basic elements
• 1.3.2. Terminology

2. Basics: Computer and Network Protocols (Exhibition Part)

• 2.1. Network Basics
• 2.1.1. Composition of computer communication network
• 2.1.2. Communication protocol
• 2.1.3. OSI seven-layer model
• 2.2. UDP protocol
• 2.2.1. Main features
• 2.3. TCP protocol
• 2.3.1. Introduction
• 2.3.2. TCP state
• 2.3.3. Congestion Control
• 2.3.4. Reference links
• 2.4. DHCP protocol
• 2.4.1. Introduction
• 2.4.2. DCHP message format
• 2.4.3. Reference links
• 2.5. Routing algorithm
• 2.5.1. Introduction
• 2.5.2. Function of routing algorithm
• 2.5.3. Autonomous System AS (Autonomous System)
• 2.5.4. Two types of routing protocols
• 2.5.5. RIP
• 2.5.6. OSPF 

3. Information Collection

• • 3.1. Domain name information
  • 3.1.1. Whois
  • 3.1.2. Search Engine Search
  • 3.1.3. Third-party inquiries
  • 3.1.4. ASN information association
  • 3.1.5. Domain name correlation
  • 3.1.6. Use of website information
  • 3.1.7. Certificate Transparency
  • 3.1.8. Domain Transfer Vulnerability
  • 3.1.9. Passive DNS
  • 3.1.10. SPF record
  • 3.1.11. CDN
  • 3.1.12. Subdomain blasting
  • 3.2. Port information
  • 3.2.1. Common ports and their vulnerabilities
  • 3.2.2. Common port scanning methods
  • 3.2.3. Web services
  • 3.2.4. Batch Search
  • ...

4. Attack and defense of common vulnerabilities

• 4.1. SQL Injection
• 4.1.1. Injection classification
• 4.1.2. Injection Detection
• 4.1.3. Privilege Escalation
• 4.1.4. Database detection
• 4.1.5. Bypass techniques
• 4.1.6. SQL injection tips
• 4.1.7. CheatSheet
• 4.1.8. Reference Articles
• 4.2. XSS
• 4.2.1. Classification
• 4.2.2. Hazards
• 4.2.3. Same Origin Policy
• 4.2.4. CSP
• 4.2.5. XSS data source
• 4.2.6. Sink
• 4.2.7. XSS Protection
• 4.2.8. WAF Bypass
• 4.2.9. Techniques
• 4.2.10. Payload
• 4.2.11. Persistence
• ...

5. Language and framework

• 5.1PHP
• 5.2Python
• 5.3Java
• 5.4JavaScript
• 5.5 Golang
• 5.6Ruby
• 5.7ASP

6. Intranet penetration

• 6.1 Information Collection - Windows
• 6.2 Persistence - Windows
• 6.3 Information Collection - Linux
• 6.4 Persistence - Linux
• 6.5 Trace Cleanup
• 6.6 Comprehensive skills

 

7. Defense technology

• 7.1 Team building
• 7.2 Secure Development
• 7.3 Threat Intelligence
• 7.4ATT&CK
• 7.5 Risk Control
• 7.6 Reinforcement inspection
• 7.7 Defense Framework
• 7.8 Honeypot technology
• 7.9 Emergency Response
• 7.2 Traceability Analysis

8. Authentication mechanism

• 8.1OAuth
• 8.2JWT
• 8.3Kerberos
• 8.5SAML

 

9. Tools and Resources

• 9.1 Recommended resources
• 9.2 Related Papers
• 9.3 Information Collection
• 9.4 Social Engineering
• 9.5 Fuzz testing
• 9.6 Vulnerability Exploitation
• 9.7 Persistence
• 9.8 Defense
• 9.9 Operation and maintenance
• 9.10 Others

Manual Quick Reference

• 10.1 Blasting tools
• 10.2 Download Tool
• 10.3 Flow correlation
• 10.4 Sniffer Tools
• 10.5 Using SQLMap

11. Other

• 11.1 Code Audit
• 11.2WAF
• 11.3Unicode
• 11.4 Denial of service attack
• 11.5Docker

The 2023 new and upgraded version of "Web Security Study Notes" brought today , I hope it can be helpful to everyone!

The PDF version of this full version has also been uploaded. If you need it, friends can scan the QR code of CSDN official certification below on WeChat to get it for free [Guaranteed 100% free]