Among the many high-level learning route guidance, try to be a clear stream, explain everything that needs to be clearly explained, what to learn, and how far you have learned to enter the next stage of learning. These are the most important.
Before learning, we must first do a good job in the system planning of learning:
1. Among the positions that are currently in the mainstream of market demand, you have to choose a direction that you seem to be able to learn at present and is most interested in learning. If you have zero foundation, I personally recommend learning network security with zero foundation. You can get started in the direction of Web penetration. Compared with pwn, there are more tools for Web penetration, and it is easy for newbies to get started.
2. After the direction is selected, compare the relevant job requirements on the recruitment website to make statistics and approximate records of the learning content
3. Module-by-module plan, the time you study this module and the approximate goal of completion
4. List your possible learning errors and the corresponding plans for them
Not much nonsense, let's go to the specific learning route, for reference only:
1. Basic part
The basic part needs to learn the following contents:
1. Computer network:
Focus on learning OSI, TCP/IP model, network protocol, working principle of network equipment, etc., and quickly read other content
2. Linux system and commands:
Since 70% of the web servers currently on the market run on the Linux system, if you want to learn to penetrate the web system, you must at least be very familiar with the linux system. Common operating commands need to be learned.
Learning suggestions: Learning about 10% of the common commands is applicable to 90% of the work scenarios. Like office software, master the most commonly used 10% of the functions. There is no problem in basic daily use. If you don’t know it, go to Du Niang ; There are only 50-60 common linux commands. Many novices learn all the commands by swallowing them all, but they can't remember them! ! ! ! This way of learning is wrong
3. Web framework:
Familiar with the content of the web framework, the front-end HTML, JS and other scripting languages are enough, and the back-end PHP language is the focus of learning, remember not to learn the language according to the development idea, the minimum requirement for PHP is to be able to read the code, of course, it is best to write, But not development, but not development, but not development, important things say three times
4. Database:
You need to learn SQL syntax, and use the common database MySQL to learn the corresponding database syntax. The same is true. You can understand some advanced syntax of SQL. learn too deeply
2. Web Security
1. Web Penetration
Master the principles, utilization, defense and other knowledge points of more than 10 common web vulnerabilities ranked top by OWASP, and then match them with certain shooting range exercises. Some Xiaobai may ask, where to find information, it is recommended to buy a more authoritative book directly, learn with the free video system on the Internet, and then use the open source shooting range to assist in practice
Recommended book: White hats talk about Web security
There are many videos on the Internet about getting started with network security, but most of them focus on theoretical knowledge and lack actual combat. For Xiaobai, it is obscure and difficult to understand, and no one asks questions that he does not understand. I personally recommend the following set of videos. The content is not only easy to understand, but also includes shooting range exercises for each course. In this way, the theory can be confirmed in practice, deepen understanding, and continue to expand learning at the same time, which is very helpful for newcomers
2. Tool learning
In the stage of web penetration, you still need to master some necessary tools
The main tools and platforms to master: burp, AWVS, Appscan, Nessus, sqlmap, nmap, shodan, fofa, proxy tools ssrs, hydra, medusa, airspoof, etc. The practice of the above tools can be practiced with the above open source shooting range, which is enough up
The practice is almost done. You can go to the SRC platform to infiltrate the real site to see if there is a breakthrough. If it involves bypassing WAF, you need to study specifically for bypassing WAF. There are not many postures. Learn systematically and then summarize more Experience to the next level
3. Automated penetration
Automated penetration needs to master a language, and it needs to be used proficiently. It can be any language that you are already familiar with. If you don’t have a good command of one, then I recommend learning python. The main reason is to learn It looks simple, and there are many modules. It is very convenient to write some scripts and tools
To learn python, you don't need to master many unnecessary modules, and you don't need to develop thousands of lines of code. You only use it to write some tools and scripts, ranging from a few lines of code to 1-200 lines of code. Compared with the number of developers, there are no less. For example, the core code of a simplified domain name crawler code is only 1-20 lines
Learning suggestion: Learn the grammar of python in a few days. Friends who have code foundation may be able to learn the grammar of python in one day at the earliest, because the languages are all connected, but the fastest way to learn a language is to write code, there is no other Law. Next, you can try to write some common tools, such as crawlers, port detection, data packet core content extraction, intranet active host scanning, etc. You can search a lot of such codes online; then write some POC and EXP scripts to Shooting range for practice
4. Code Audit
The content here requires relatively high coding ability, so if the coding ability is weak, you can skip this part of the study first, without affecting the learning and development on the road of penetration.
But if you want to go further in Web penetration, you need to be proficient in a backend development language. PHP is recommended, because the websites developed with php in the backend occupy the largest number. Of course, you are also proficient in python, asp, java and other languages, congratulations , you already have a good foundation
Code audit, as the name implies, audits the source code of other people's websites or systems, and audits the system for vulnerabilities by auditing the source code or code environment (belonging to the category of white box testing)
So how do you learn it? The specific content of learning is listed as follows in order:
Master some dangerous functions and security configurations of PHP
Familiar with the process and methods of code auditing
Master 1-2 code auditing tools, such as seay, etc.
Master common functional auditing methods (I recommend auditing AuditDemo, which will make you confident)
Common CMS framework auditing (difficulty Big)
Code auditing is not a necessary condition for learning network security. It is best to master it, and it will not affect subsequent study and employment if you fail to master it. But you need to choose a stage and practice more professionally and proficiently, such as web penetration or intranet penetration. Or automated penetration
3. Intranet security
If you learn this, you can basically work in a job related to network security, such as penetration testing, web penetration, security services, security analysis, etc.
If you want to have a wider range of employment and stronger technical competition, you need to learn more about intranet penetration
The knowledge of the intranet is slightly more difficult, which has a certain relationship with the current learning materials and shooting ranges on the market; the main learning content of the intranet mainly includes: intranet information collection, domain penetration, proxy and forwarding technology, application and System privilege escalation, tool learning, anti-virus technology, APT, etc.
4. Penetration expansion
The penetration expansion part is also closely related to the specific job position, and it is required to master it as much as possible. It mainly includes log analysis, security reinforcement, emergency response, and other security evaluations; among them, the focus is on the first three parts, the data network of this piece There are not many online, and there are not many well-formed books and materials. You can learn from industry-related technical groups or materials shared by the industry. If you can learn this step, you have basically succeeded in getting started. Learning log analysis, security reinforcement, The knowledge of the three parts of emergency response is also relatively easy
In addition, if the coding ability is very weak, or there is no coding ability at all, and other friends with poor foundation, it is recommended to learn Web penetration and tools, and then learn programming
For novices, the code foundation is usually weak, and many novices will fall into learning the language in the early stage, so it is recommended to learn web penetration and tools first, which is also more interesting, and it is easy to maintain a high learning motivation and enthusiasm.
Learn the basics first, such as linux system, computer network, a little bit of web framework, database
Some content like php language, automated penetration and code auditing can be put at the end. After learning the previous knowledge, it is relatively easy to learn the language after learning the previous knowledge.
Xiaobai can refer to the following growth roadmap:
I also compiled some online security study materials
1. Objectives of the learning phase
2. Supporting video tutorial
3. Interview questions
4. Source code & installation package
