There must be a clear learning route first! Then, from the shallower to the deeper, step by step, you can get all the skills of network security. There is no need to grasp all of them. Once you have determined a direction, you can start
For Xiaobai who is new to network security, whether it is self-study or class, there is a major prerequisite, which is to master the basic knowledge of security.
Because network security involves a wide range of knowledge, many terms, and a lot of theoretical knowledge, we need to devote a lot of time and energy to study and master the basic knowledge of network security, security concepts and definitions, common security standards, etc.
The following books (with video reading effect are the best) should be read at least once. At first you may feel that the theoretical part is in the clouds, but if you stick to it, you will find that in the future study, this part Accumulation is very important.
Here I recommend 2 books: "Computer System Security", "Introduction to Computer Network Security", "In-depth Analysis of Web Security", "150 Commands of Network Security Linux System"
After mastering the necessary theory, it is time to start learning skills. Combining specific skills with previous theories, you will feel enlightened.
【Help safe learning one by one, where all resources can be obtained one by one】
①Network security learning route
②20 penetration testing e -books ③357
pages of notes on security attack and defense ④50
interview guides on security attack and defense CTF capture the flag problem analysis
This part of the study mainly includes: computer programming language, protocol layer security.
Learn about the programs in the computer first. A program written in a primary language will be compiled into machine language and executed in the CPU, such as Visual C++. Because there is a one-to-one correspondence between machine language and assembly language.
Therefore, machine language can be converted into assembly language, a process called disassembly. The assembly language may be more readable, so that the program flow can be analyzed and its functions can be analyzed. This process is decryption (commonly known as cracking). The basis of decryption is based on the assembly language level, so friends who want to get involved in this field must learn assembly language.
Protocol layer security Protocol layer security mainly involves content related to the TCP/IP layered model, including the working principles and characteristics of common protocols, defects, protection or alternative measures, and so on. There are many reasons for systematically learning about TCP/IP. To properly implement firewall filtering, security administrators must have a deep understanding of the IP layer of TCP/IP and the TCP/UDP layer. Hackers often use a part of the TCP/IP stack to destroy network security, etc. So you must also clearly understand these contents.
Reference: "TCP-IP Detailed Explanation Volume 1: Protocol" (included in the opening book)
Once you have mastered the above basic knowledge and skills, you will no longer be a novice in network security. The next stage of study will make you a master in network security, understand theories by analogy, and be familiar with technology.
The first stage (must learn)
★Network Security Law of the People's Republic of China (including 18 knowledge points)
★Linux operating system (including 16 knowledge points)
★Computer network (including 12 knowledge points)
★SHELL (including 14 knowledge points)
★HTML/CSS (including 44 knowledge points)
★JavaScript (contains 41 knowledge points)
★Introduction to PHP (contains 12 knowledge points)
★MySQL database (contains 30 knowledge points)
★Python (contains 18 knowledge points)
Among them, the python part needs to master the following content to reach the junior and intermediate level
The second stage (must master)
■[Penetration and defense] of SQL injection (including 36 knowledge points)
■XSS related penetration and defense (including 12 knowledge points)
■Upload verification penetration and defense (including 16 knowledge points)
■|The file contains penetration and defense ( Contains 12 knowledge points)
■ CSRF penetration and defense (contains 7 knowledge points)
■ SSRF penetration and defense (contains 6 knowledge points)
■ XXE penetration and defense (contains 5 knowledge points)
■ Remote code execution penetration and defense ( Contains 7 knowledge points)
■… (contains... knowledge points)
the second stage
Phase III (Safety Management)
★ Penetration report writing (including 21 knowledge points)
★ Level protection 2.0 (including 50 knowledge points)
★ Emergency response (including 5 knowledge points)
★ Code audit (including 8 knowledge points)
★ Risk assessment (including 11 knowledge points) points)
★Security inspection (including 12 knowledge points)
★Data security (including 25 knowledge points)
Phase Four (Ascension Phase)
■Cryptography (including 34 knowledge points)
■Introduction to JavaSE (including 92 knowledge points)
■C language (including 140 knowledge points)
■C++ language (including 181 knowledge points)
■Windows reverse engineering (including 46 knowledge points)
■CTF capture the flag (including 36 knowledge points)
■Android reverse engineering (including 40 knowledge points)
But in the process of self-learning network security, it is difficult to solve two points:
1. It is difficult for you to have a real environment for practical operations, which is out of reach of ordinary people, let alone telecom-grade products and equipment;
2. The learning process It is difficult for you to get the items in it. At most, you can find some virtual or outdated ones on the Internet, and the actual effect is not great.
Fortunately, you are still young, interest is the best teacher, everything depends on human effort, all difficulties can be overcome as long as you think about it. Now that I've decided to go this way, let's start first, come on!
finally
In order to help you better learn about network security, the editor has prepared a set of introductory/advanced learning materials for network security for you. The contents are all notes and materials suitable for zero-based beginners. I understand, all the information is 282G in total. If you need a full set of network security introduction + advanced learning resource package, you can click to get it for free (if you encounter problems with scanning codes, you can leave a message in the comment area to get it)~
CSDN spree: "Introduction to Network Security & Advanced Learning Resource Pack" for free sharing
Network security source code collection + toolkit
Network
security interview questions
The last is the network security interview questions section that everyone is most concerned about.
The total data is 282G. If you need a full set of network security introduction + advanced learning resource package, you can click to get it for free ( If you encounter problems with scanning the code, you can leave a message in the comment area to get it)~
Video supporting materials & domestic and foreign network security books and documents
