How much do you need to learn about cybersecurity?
How to get started with web security with zero foundation
Should I learn programming first or computer basics first for getting started with network security? This is a relatively controversial issue. Some people will suggest learning programming first, while others will suggest learning computer basics first. In fact, this is what you need to learn. And these are very important for learning network security. But for people with zero foundation or those who are eager to change careers, learning programming or computer foundation is difficult for them, and it takes too long.
The first stage: basic preparation 4~6 weeks
This stage is a must-learn part for all those who are preparing to enter the security industry. As the saying goes: if the foundation is not worked, the ground will shake
Stage Two: Web Penetration
Basic learning time: 1 week to 2 weeks:
① Understand the basic concepts: (SQL injection, XSS, upload, CSRF, one-sentence Trojan horse, etc.) to lay the foundation for subsequent WEB penetration testing.
② Check some web penetrations in some forums, and learn the idea of a case study. Every site is different, so the idea is the main one.
③ Learn the art of asking questions, and be good at asking questions if you don’t understand.
Time to configure the penetration environment : 3 weeks to 4 weeks:
① Understand the commonly used tools for penetration testing, such as (AWVS, SQLMAP, NMAP, BURP, Chinese kitchen knife, etc.).
② Download the backdoor-free versions of these tools and install them on your computer.
③ Understand the usage scenarios of these tools and know the basic usage. It is recommended to search on Google.
Infiltration actual operation time: about 6 weeks:
① Search for actual penetration cases on the Internet, and gain an in-depth understanding of the use of SQL injection, file upload, and parsing vulnerabilities in actual combat.
② Build a vulnerability environment test by yourself, recommend DWVA, SQLi-labs, Upload-labs, bWAPP.
③ Understand the stages of penetration testing, and what actions need to be done in each stage: such as PTES penetration testing implementation standards.
④ In-depth study of manual SQL injection, find ways to bypass waf, and make your own scripts.
⑤ Study the principle of file upload, how to truncate, double suffix spoofing (IIS, PHP), parsing exploits (IIS, Nignix, Apache), etc., refer to: upload attack framework.
⑥ Understand the principles and types of XSS formation, practice in DWVA, use a cms with XSS vulnerabilities, install security dogs, etc. for testing.
⑦ Understand a sentence Trojan horse, and try to write a dog sentence.
⑧ Research on privilege escalation under Windows and Linux, Google keywords: privilege escalation
The above is the introductory stage
Stage Three: Advanced
How can I advance after I have already started and found a job? See the picture below for details
Suggestions for beginners:
① Network security learning route
② 20 penetration testing e-books
③ 357-page notes on security attack and defense ④ 50
security
attack and defense interview guides
web security books for beginners
- "CCNA Study Guide"
- "TCP/IP Detailed Explanation Volume 1"
- "LAN Switch Security"
- "Cisco Firewall"
- "Network Security Principles and Practice"
- "Network Security Technology and Solutions"
- "Huawei Firewall Technology Talk"
- "Cisco Network Hacker Exposure"
- "Wireshark Network Analysis Actual Combat"
- "Wireshark Packet Analysis Actual Combat"
- "DDoS Attack and Defense Depth Analysis"
- "Cisco VPN Complete Configuration Guide"
- "Cisco Security Intrusion Detection System"
**Web Security/Penetration Testing Recommended Book List
- "White Hats Talk about Web Security"
- "Deep Analysis of Web Security"
- "Metaspolit Penetration Testing Demon Training Camp"
- "Web front-end security secret"
- "Web penetration testing using Kali Linux"
- "Hacking Attack and Defense Technology Collection Web Actual Combat"
- "BurpSuite Practical Guide"
- "SQL Injection Attack and Defense"
- "XSS cross-site scripting attack analysis and defense"
- "Advanced Guide to Internet Enterprise Security"
finally
In order to help you better learn about network security, the editor has prepared a set of introductory/advanced learning materials for network security for you. The contents are all notes and materials suitable for zero-based beginners. I understand, all the information is 282G in total. If you need a full set of network security introduction + advanced learning resource package, you can click to get it for free (if you encounter problems with scanning codes, you can leave a message in the comment area to get it)~
CSDN spree: "Introduction to Network Security & Advanced Learning Resource Pack" for free sharing
Network security source code collection + toolkit
Network
security interview questions
The last is the network security interview questions section that everyone is most concerned about.
The total data is 282G. If you need a full set of network security introduction + advanced learning resource package, you can click to get it for free ( If you encounter problems with scanning the code, you can leave a message in the comment area to get it)~
Video supporting materials & domestic and foreign network security books and documents
