Introduction to network security learning route, CSDN is the most complete! It is recommended to collect!

News 2023-06-11 20:10:35 views: null

foreword

The cybersecurity industry is becoming more and more popular, so I am full of curiosity about this field. But I'm also a complete layman, how hard is it to learn cybersecurity from scratch? The following is a summary of my experience.

Phase One: Getting Started My first step was to find a primer on cybersecurity. Recommend "Hacking Attack and Defense Technology Collection: Talking about Network Security", this book covers many basic concepts.

The second stage: building a knowledge system I was only interested in network security at the beginning, and I didn't even understand the basics of computers. It is recommended to invest time in learning basic courses such as operating systems, programming languages, computer networks, and databases to help you establish a knowledge system in the field of network security.

Phase 3: Learning Attack Techniques This is my favorite! Learning hacking techniques is at the core of learning in the field of cybersecurity. The process of learning techniques related to hacking can be divided into three stages:

1. Familiar with basic port scanning and vulnerability scanning tools.

2. Master web attack technology. Learn about XSS, SQL injection, CSRF, and more.

3. Master other attack types. Such as social engineering, DDoS, reverse engineering, etc. At this point, you might as well participate in some CTF competitions to practice.

Phase Four: Security Testing You also need to be familiar with modern applications and development patterns. Master the latest in web application technologies, RESTful APIs, website performance testing, security audits, and more. At the same time, learn to use modern security tools (such as vulnerability scanners , intrusion detection systems , etc.).

The fifth stage: keep up with the development of the industry The field of network security is very broad. There are security, penetration testing , emergency response and many other fields. If you want to go deep into this field, you need to choose a more professional direction. Keep up with the development of the industry and continue to learn higher-level knowledge.

Then, next, I will tell you how to get started with web security if you are engaged in the above real zero-based

Should I learn programming first or computer basics first for getting started with network security? This is a relatively controversial issue. Some people will suggest learning programming first, while others will suggest learning computer basics first. In fact, this is what you need to learn. And these are very important for learning network security. But for people with zero foundation or those who are eager to change careers, learning programming or computer foundation is difficult for them, and it takes too long.

How to get started?

Let's get down to the specific technical points, the network security learning route, the overall learning time is about half a year, depending on each person's situation.

If you refine the content you need to learn every week to this level, you still worry that you won’t be able to learn it, and you won’t be able to get started. In fact, you have learned it for two months, but you have to learn from east to west, what? The content is just a taste, and I haven't gone deep into it, so I have the feeling that I can't get into the door after studying for 2 months.

1. Concepts related to web security (2 weeks)

  • Familiar with basic concepts (SQL injection, upload, XSS, CSRF, one-word Trojan horse, etc.);
  • Google/SecWiki through keywords (SQL injection, upload, XSS, CSRF, one-word Trojan horse, etc.);
  • Read "Mastering Script Hackers", although it is very old and has errors, it is still possible to get started;
  • Watch some infiltration notes/videos to understand the whole process of actual infiltration, you can Google (infiltration notes, infiltration process, intrusion process, etc.);

2. Familiar with penetration related tools (3 weeks)

  • Familiar with the use of AWVS, sqlmap, Burp, nessus, chopper, nmap, Appscan and other related tools;
  • To understand the purpose and usage scenarios of such tools, first use the software name Google/SecWiki;
  • Download the backdoor-free versions of these software for installation;
  • Learn and use, specific teaching materials can be searched on SecWiki, for example: Brup's tutorial, sqlmap;
  • Once you have learned these commonly used software, you can install Sonic Start to make a penetration toolbox;

3. Infiltration combat operation (5 weeks)

Master the entire stages of penetration and be able to independently penetrate small sites. Look for infiltration videos on the Internet to watch and think about the ideas and principles, keywords (infiltration, SQL injection videos, file upload intrusion, database backup , dedecms exploits, etc.);

  • Find a site/build a test environment for testing by yourself, remember to hide yourself;
  • Thinking penetration is mainly divided into several stages, and what work needs to be done in each stage;
  • Study the types of SQL injection, injection principles, and manual injection techniques;
  • Research the principle of file upload, how to truncate, double suffix spoofing (IIS, PHP), parsing exploits (IIS, Nignix, Apache), etc.;
  • Study the principles and types of XSS formation, the specific learning method can be Google/SecWiki;
  • Study the method and specific use of Windows/Linux privilege escalation;

4. Pay attention to the dynamics of the security circle (1 week)

  • Pay attention to the latest vulnerabilities, security incidents and technical articles in the security circle;
  • Browse daily security technology articles/events through SecWiki;
  • Pay attention to practitioners in the security circle through Weibo/twitter (if you encounter a big cow’s attention or a friend’s decisive attention), take time to check it every day;
  • Subscribe to domestic and foreign security technology blogs through feedly/fresh fruit (not limited to domestic, usually pay more attention to accumulation), if you don't have a feed, you can look at the aggregation column of SecWiki;
  • Cultivate the habit of actively submitting security technical articles to link to SecWiki every day for accumulation;
  • Pay more attention to the latest list of vulnerabilities, and recommend a few: exploit-db, CVE Chinese library, Wooyun, etc., and practice when encountering public vulnerabilities.
  • Follow the topics or videos of domestic and international security conferences, and recommend SecWiki-Conference;

5. Familiar with Windows/Kali Linux (3 weeks)

  • Learn Windows/Kali Linux basic commands and common tools;
  • Familiar with common cmd commands under Windows, such as: ipconfig, nslookup, tracert, net, tasklist, taskkill
  • wait;
  • Familiar with common commands under Linux, such as: ifconfig, ls, cp, mv, vi, wget, service, sudo, etc.;
  • Familiar with common tools under the Kali Linux system, you can refer to SecWiki "Web Penetration Testing with Kali Linux", "Hacking with Kali", etc.;
  • Familiar with metasploit tools, you can refer to SecWiki, "Metasploit Penetration Testing Guide";

6. Server security configuration (3 weeks)

  • Learn server environment configuration, and be able to discover security problems in configuration through thinking;
  • IIS configuration under Windows2003/2008 environment, pay special attention to configuration security and operation permissions;
  • The security configuration of LAMP in the Linux environment mainly considers running permissions, cross-directory, folder permissions, etc.;
  • Remote system reinforcement, restrict user name and password login, and restrict ports through iptables;
  • Configure software Waf to strengthen system security, and configure mod_security and other systems on the server;
  • Use Nessus software to perform security detection on the configuration environment and discover unknown security threats;

7. Script programming learning (4 weeks)

  • Choose one of the scripting languages ​​Perl/Python/PHP/Go/Java to learn programming of commonly used libraries;
  • Build a development environment and choose an IDE. The PHP environment recommends Wamp and XAMPP, and the IDE strongly recommends Sublime;
  • Python programming learning, learning content includes: grammar, regularization, files, network, multi-threading and other common libraries, recommend "Python Core Programming", don't read it;
  • Write the exploit of the vulnerability in Python, and then write a simple web crawler ;
  • Learn PHP basic grammar and write a simple blog system , see "PHP and MySQL Programming (4th Edition)", video;
  • Familiar with the MVC architecture, and try to learn a PHP framework or Python framework (optional);
  • Understand Bootstrap's layout or CSS;

8. Source code audit and vulnerability analysis (3 weeks)

  • It can independently analyze script source code programs and find security problems.
  • Familiar with the dynamic and static methods of source code audit, and know how to analyze the program;
  • Find and analyze the vulnerabilities of open source programs from Wooyun and try to analyze them yourself;
  • Understand the causes of web vulnerabilities, and then search and analyze them through keywords;
  • Study the formation principles of web vulnerabilities and how to avoid such vulnerabilities from the source code level, and organize them into a checklist.

9. Security system design and development (5 weeks)

  • Be able to build your own security system and put forward some security suggestions or system architecture.
  • Develop some practical security gadgets and open source to reflect personal strength;
  • Establish your own security system and have your own understanding and opinions on company security;
  • Propose or join the architecture or development of large security systems;
  • Here you can refer to the following growth roadmap:

Here you can refer to the following growth roadmap:

 

at last

In order to help you better learn about network security, the editor has prepared a set of introductory/advanced learning materials for network security for you. The contents are all notes and materials suitable for zero-based beginners. I understand, all the information is 282G in total. If you need a full set of network security introduction + advanced learning resource package, please leave a message in the comment area!

Network security source code collection + toolkit

Cyber ​​Security Interview Questions

Finally, there is the network security interview question section that everyone is most concerned about.

Guess you like

Origin blog.csdn.net/2301_77157449/article/details/130888802
Recommended
The United States plans to restrict the export of large AI models to China and Russia
Apple to reach agreement with OpenAI to bring ChatGPT to iPhone
Ranking
whisper-webui installation tutorial is silky and easy to use
[Base] Laravel concepts laravel basis, the custom service provider: Contracts, ServiceContainer, ServiceProvider, Facades relations
Import torchvision error problem solving DLL: module not found
observer & watch & notify = pub & sub
A small turntable program [HTML + CSS + JS]
CorelDRAW 2018 shortcuts Daquan
Supervise el botón de menú para lograr un gatillo de presión prolongada
JS将时间秒转换成天小时分钟秒的字符串
RIP basic configuration
[Deleted] solution to a problem a few questions (Noip1994)
Daily
More
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)

Code World

© 2018 codetd.com