How to develop a network security engineer

1. MYSQL5.7

MySQL is the most used database today and the first choice of many enterprises, and it will continue to be promoted in the next few years.

To learn MySQL, you need to pay attention to actual operations, and understand the various technologies in MySQL step by step, so that you can apply them in practical work.

If you want to enter the network security industry, you need to master the following knowledge points to learn MySQL5.7:

1. Database creation and deletion

2. Basic operation of data table

3. Use of operators

4. Use of MySQL functions

5. Data table query operation

6. Insertion, update and deletion of records

7. Create index

8. Create stored procedures and functions

9. Physical application

10. Trigger usage

11. Comprehensive management of user permissions

12. Data backup and restoration

13. Comprehensive management of MySQL logs

14. Fully optimize the MySQL server

2. Practical knowledge of hacker attack and defense

Hacking technology is not as we imagined, it is specially used to do things. If you want to gain a foothold in the network security industry, you must know what you know and what you know.

Knowing some basic hacking knowledge will allow you to see the essence of black industry transactions. From then on, you will not pay the tax of fools, you can fight against hackers, and avoid personal privacy violations. People who understand hacking techniques are different. In their eyes , your world is more mysterious, in your eyes, this world is more exciting.

To learn hacker attack and defense, you must understand the most basic network security knowledge and basic programming knowledge. You need to be able to use the shooting range attack and defense experiment environment, and use hacking tools to conduct offensive and defensive drills.

The learning method needs to be carried out step by step from the shallower to the deeper, and it is necessary to understand the relevant principles and cultivate hacker thinking.

If you want to build a solid foundation for hacker attack and defense technology, you need to master the following knowledge points.

a. Experimental environment deployment

1. Learn to use virtual machines
2. Common Service Deployment
3. Network simulator deployment network environment
4. Build a firewall environment
5. Scenarios and usage methods of network packet capture tools

b. Hacking process

1. how to target
2. How to find bugs
3. How to create a channel
4. How to obtain value information
5. How to Remove Traces and Backdoor Planting

c. Use of hacking tools

1. port scanning tool
2. data sniffing tool
3. Trojan Maker
4. remote control tool

d. Hacking method

1. data driven attack
2. forgery attack
3. Attacks on Information Protocol Weaknesses
4. arp attack
5. seize control of the system
6. remote control
7. Common Attack Commands

e. Operating system vulnerability attack and defense

1. Recognize common vulnerabilities of the operating system
2. How to take advantage of common system vulnerabilities to initiate intrusion

f. Password attack and defense

1. Understanding Encryption and Decryption
2. Common Ways to Crack Passwords
3. How to Crack the BIOS Password
4. How to Crack the System Login Password
5. How to Crack Office Document Passwords
6. How to Crack the Password of a Compressed File
7. How to Crack Wifi Password
8. FTP server password cracking
9. QQ offensive and defensive learning
10. Email offensive and defensive learning

g. Hacker programming learning

1. Scanner writing
2. Attack programming
3. Brute force cracking program writing
4. Virus and Trojan horse programming
5. remote control programming

h. Learning and using "black and gray production" tools

1. Account tools
2. Swipe order brush volume tools
3. Second Grab Tools
4. crawling tools
5. Positioning tools

3. Python basics and introduction

The legendary Python, which is in full swing, claims to have high production efficiency, a large demand for talents, and a wide range of applications

, so many people are learning, as a person who wants to work in network security, can you not learn? With the market's demand for talent and technology, Python has become a must-know programming language, which is used in various fields and is often used to write EXP and POC scripts in the network security industry.

The following list of knowledge allows you to master the basic content of Python, which can lay a solid foundation for artificial intelligence and development, or target web crawlers, and apply the basic content in security attack and defense.

1. Python installation and use
2. Python output
3. Python input
4. IF judgment statement and condition
5. variable name definition
6. String assignment
7. Common Assignment Types
8. Properties contained in different types
9. loop statement
10. break and continue statements
11. Application of for loop
12. file object read
13. Writing to a file object
14. Module and Function Definitions
15. Function formal parameters actually participate in exception capture
16. Object-Oriented Programming
17. The crawler obtains the home page information
18. Regular expressions for reptiles
19. Reptile picture acquisition

4. SQL Injection Intensive Principle/Practical Combat/Bypass/Defense

SQL injection is a must-have weapon for network security experts. It is a must-learn item for information security enthusiasts and junior penetration testers. It inserts SQL commands into web forms to submit or enter query strings for domain names or page requests, and finally can To trick the server into executing malicious SQL commands. During the learning process, you need to master the basic principles of SQL vulnerabilities, the types of SQL injection and their respective construction and implementation methods, and understand and master SQL injection through explanations and experimental verification.

To become a network security penetration test engineer, the list of knowledge you need to master is as follows:

a. SQL Injection Vulnerability Elimination of Doubts

1. Business scenarios and hazards of SQL injection
2. What does SQL injection look like in a real website
3. Why SQL has so many categories
4. SQL injection experiment environment setup

b. Intensive lectures on SQL injection theory and practice

1. integer injection
2. Character injection (single quotes, double quotes, parentheses)
3. POST injection
4. Error injection
5. double injection
6. Boolean injection
7. time blind
8. Cookie injection
9. Referer injection
10. SQL injection to read and write files

c, SQL injection bypass skills

1. Bypass comment filter
2. Bypass and/or character filtering
3. Bypass whitespace filtering
4. Inline comment bypass
5. filter function bypass
6. wide byte injection
7. SQL injection defense

5. XSS Cross-Site Scripting Vulnerability Lecture/Principle/Practice/Defense

XSS is an essential skill for development engineers, operation and maintenance engineers, and security engineers. It needs to use theory + experiment + code analysis to learn. Understanding code, knowing how to bypass, and being able to protect are the basic goals of XSS learning. In addition, you need to use vmware

Kali virtual machine and Windows server.

a. To learn XSS, you need to determine your goals and master the following gains:

1. Find out what is XSS, XSS has several classifications, what is the basis for classification?
2. What can XSS do? Learn about cookies, click hijacking, obtaining target host information, keyloggers, intranet detection, XSS-DDoS, etc. through experiments;
3. Find out what the XSS vulnerability code is like? Read the code line by line to let you see through XSS;
4. How to bypass XSS? Nearly 20 bypass methods let you enjoy it;
5. Understand the defense methods of XSS, what are the differences between different types of XS defenses?

Finally, the list of knowledge points for learning XSS cross-site scripting is as follows:

b. Principle/harm of XSS cross-site scripting vulnerability

1. Introduction to the Principle of XSS Vulnerability
2. Introduction and Application of XSS Vulnerability Classification
3. XSS utilization method and application
4. In-depth understanding of the three classifications of XSS vulnerabilities through experiments

c. Use of XSS platform

1. XSS Platform - Open Source Project
2. XSS platform - BEEF

d. XSS code audit and bypass

1. XSS Vulnerability Environment Description
2. XSS bypass first experience
3. XSS event trigger bypass
4. XSS syntax escape
5. XSS whitelist bypass
6. HREF attribute bypass
7. XSS double write bypass
8. HTML Entity Encoding Bypass
9. special scene bypass
10. Bypass using hidden fields
11. HTTP header XSS
12. Angularjs bypass
13. Bypass using HTML syntax features
14. controllable variable bypass
15. XSS Bypass Quiz 1
16. XSS Bypass Quiz 2
17. XSS Vulnerability Defense

at last

From the perspective of the development of the times, the knowledge of network security is endless, and there will be more to learn in the future. Students must correct their attitudes. Since they choose to get started in network security, it is not just the level of entry, the stronger the ability The more opportunities there are.

Because the knowledge points in the introductory learning stage are relatively complicated, I will speak more generally. If you have any questions, you can consult me. I promise to know everything. You can also ask me for relevant information. My online disk A lot of information in it is eating ashes. Deduct 1 for the required comment area