Learning network security is a very challenging skill. When you learn network security by yourself, you often encounter various problems, which leads to confusion. Faced with this situation, solving the source problem is the key. Therefore, in the following discussion, we will first analyze the common problems of learning network security and provide solutions for everyone. Finally, three learning paths suitable for different groups of people will be introduced. I believe you will benefit a lot. The following are common problems and corresponding solutions:
The learning materials for web penetration are extensive and relatively easy to grasp, but the materials for intranet penetration are relatively scarce and require more accumulation of practical experience. Therefore, learning intranet penetration is more difficult.
In response to these problems, we suggest that you adjust your learning direction according to your own characteristics. The following are the learning paths for three different learning groups:
Beginners: You can start with web penetration and learn basic knowledge such as processes, tools, and vulnerabilities.
Students who already have the basics of web security: can gradually go deep into the direction of intranet security, understand attack methods and how to find loopholes, and at the same time continue to practice to accumulate practical experience.
Students with certain practical experience: You can try to do some real projects, or join some CTF teams, and realize the advancement of skills by communicating with other experts.
Let me talk about the first method first: learn programming first, then learn Web penetration and tool usage, etc.
Applicable people: small partners with a certain code foundation
1. Basic part The basic part needs to learn the following content
computer network:
Focus on learning OSI, TCP/IP model, network protocol, working principle of network equipment, etc., and quickly read through other content;
Linux system and commands:
Since 70% of the web servers currently on the market run on the Linux system, if you want to learn to infiltrate the web system, you must at least be very familiar with the linux system, and you need to learn common operating commands; learning suggestions: learn about 10% of the common ones The commands are applicable to 90% of work scenarios. Like office software, you can master 10% of the most commonly used functions. There is no problem with basic daily use. 60, a lot of novices learn all kinds of commands, and find that they can't remember! ! ! ! This method of learning is also wrong;
Web framework:
Familiar with the content of the web framework, the front-end HTML, JS and other scripting languages are enough, and the back-end PHP language is the focus of learning, remember not to learn the language according to the development idea, the minimum requirement for PHP is to be able to read the code, of course, it is best to write, But not development, but not development, but not development, important things are said three times;
database:
You need to learn SQL syntax, and use the common database MySQL to learn the corresponding database syntax. The same is true. You can understand some advanced syntax of SQL. learn too deeply;
From the perspective of the development of the times, the knowledge of network security is endless, and there will be more to learn in the future. Students must correct their attitudes. Since they choose to get started in network security, it is not just the level of entry, the stronger the ability The more opportunities there are. There are a lot of tools to use in the introductory learning stage. There are related tools related to network security in Duoyu browser that can be used online. If you need it, you can download and check it yourself.
