Getting started with web security, Android security, binary security, industrial control security, or smart hardware security, etc., each field requires different skills. Of course, the difficulty of getting started with web security is relatively low, and it is also the first choice of many people. It mostly depends on your interests.
This article explains the general learning process of network security on the following questions
What are the main positions in network security
Classification of technical directions in the security field
Penetration testing learning route
How to get started quickly for beginners
1. What are the main positions in network security:
Penetration test engineer : mainly to simulate hackers to attack the target business system, click here
Security operation and maintenance engineer : An organization has purchased so many security products, and someone must do operation and maintenance, analyze the logs, and update the strategy. Regularly check the security of the business system and check whether there are any threats in the intranet. This is what the security operation and maintenance engineer should do
Emergency Response Engineer : When a customer's business system is attacked, it is necessary to quickly locate the security problem, quickly restore the business system, and some even need to collect evidence and report to the police. (If the value of something stolen at home is too high, why don’t you call the police? Why are you so worried)
Graded protection assessor : According to the national requirements, important business systems need to be protected according to the security level. At present, the country has released the graded protection 2.0 standard, and the construction should be carried out according to this standard. The job of the level protection assessor is to assist the customer to check whether the business system meets the requirements of level protection, and rectify it if it does not meet the requirements
Security development engineer : Well, if you are engaged in development, you must also understand security. For example, if you develop a web application firewall, you don’t even understand web attacks, so why do you develop it behind closed doors? Can it prevent it?
After-sales engineer : after-sales service of safety products, including delivery and implementation of safety products, after-sales support, product debugging and putting on shelves. For example, if a customer buys our firewall, we need to send someone to install and debug it. We can't let the customer install it by himself. This is the main job content of product engineers or after-sales engineers.
Pre-sales engineer : Mainly to assist the sales to complete the documentary. To put it plainly, it is to cooperate with the sales. One will do business relations (eat, drink, give gifts and treat guests) and the other will do technical solutions (solve customers’ pain points). Two people cooperate to win the project
Security service engineer : Many companies include penetration test engineers as security service engineers, which is harmless. Waiters who don’t know security services and don’t know how to eat are to help customers do security work. The specific content includes common vulnerability scanning, baseline detection, penetration testing, network architecture sorting, risk assessment and other work content. The scope of security services is very large, covering almost all the above-mentioned positions
2. In this security field, there are two main technical directions:
- Network Penetration Direction
- Binary Security Direction
Network Penetration Direction
This direction is more in line with most people's understanding of "hackers". They can hack mobile phones, computers, websites, servers, and intranets, and everything can be hacked (of course, it must be authorized, otherwise I will be hacked into oranges. don't care)
This direction is relatively easy to get started in the early stage, master some basic technologies, and pick up various ready-made tools to hack.
However, if you want to change from a script kiddy to a master hacker, the further you go in this direction, the more things you need to learn and master
Binary Security Direction
This direction mainly involves software vulnerability mining, reverse engineering, virus and Trojan horse analysis, etc., and involves operating system kernel analysis, debugging and anti-debugging, anti-virus and other technologies. Because we often deal with binary data, binary security is used to collectively refer to this direction over time.
The characteristic of this direction is: need to endure loneliness. It’s not as crazy and cool as the direction of network penetration. This direction spends more time in silent analysis and research.
Taking vulnerability mining as an example, it takes a lot of time just to learn various attack techniques. In this field, it may take months or even years to study a problem, which is definitely not something that ordinary people can persist. Not only that, success is not achieved through hard work, but more on talent.
People like the heads of Tencent’s major security laboratories, well-known TK leaders in the industry, and Wu Shi have already mastered the profound meaning of vulnerability mining and have mastered this stunt. They can think of new ways to play in their dreams. But geniuses like this are really rare and beyond the reach of most people.
If programmers are hard-working, then binary security research is hard-working Plus
The hottest thing on the market right now is the penetration engineer, which is also the dream of many people. Next, I will talk about the specific learning route as a penetration engineer.
3. Penetration testing learning route
1. Basic part
The basic part needs to learn the following:
1. Computer network:
Focus on learning OSI, TCP/IP model, network protocol, working principle of network equipment, etc., and quickly read other content
2. Linux system and commands
Since 70% of the web servers currently on the market run on the Linux system, if you want to learn to penetrate the web system, you must at least be very familiar with the linux system. Common operating commands need to be learned.
Learning suggestions: Learning about 10% of the common commands is applicable to 90% of the work scenarios. Like office software, master the most commonly used 10% of the functions. There is no problem in basic daily use. If you don’t know it, go to Du Niang ; There are only 50-60 common linux commands. Many novices learn all the commands by swallowing them all, but they can't remember them! ! ! ! This way of learning is wrong
3. Web framework
Familiar with the content of the web framework, the front-end HTML, JS and other scripting languages are enough, and the back-end PHP language is the focus of learning, remember not to learn the language according to the development idea, the minimum requirement for PHP is to be able to read the code, of course, it is best to write, But not development, but not development, but not development, important things say three times
4. Database
You need to learn SQL syntax, and use the common database MySQL to learn the corresponding database syntax. The same is true. You can understand some advanced syntax of SQL. learn too deeply
2. Web Security
1. Web penetration
Master the principles, utilization, defense and other knowledge points of more than 10 common web vulnerabilities ranked top by OWASP, and then match them with certain shooting range exercises
Recommended shooting ranges : Common shooting ranges can be searched on the github platform. The following shooting ranges are recommended: DVWA, bWAPP, upload-labs-master, SQL-lib-master, WebBug, pikachu, etc. Some are comprehensive shooting ranges, and some are specifically for certain vulnerabilities range
2. Safety tool learning
In the stage of web penetration, you still need to master some necessary tools
The main tools and platforms to master: burp, AWVS, Appscan, Nessus, sqlmap, nmap, shodan, fofa, proxy tools ssrs, hydra, medusa, airspoof, etc. The practice of the above tools can be practiced with the above open source shooting range, which is enough up
The practice is almost done. You can go to the SRC platform to infiltrate the real site to see if there is a breakthrough. If it involves bypassing WAF, you need to study specifically for bypassing WAF. There are not many postures. Learn systematically and then summarize more Experience to the next level
3. Automated penetration
Automated penetration needs to master a language, and it needs to be used proficiently. It can be any language that you are already familiar with. If you don’t have a good command of one, then I recommend learning python. The main reason is to learn It looks simple, and there are many modules. It is very convenient to write some scripts and tools
To learn python, you don't need to master many unnecessary modules, and you don't need to develop thousands of lines of code. You only use it to write some tools and scripts, ranging from a few lines of code to 1-200 lines of code. Compared with the number of developers, there are no less. For example, the core code of a simplified domain name crawler code is only 1-20 lines
Spend a few days to learn the grammar of python. Friends who have code foundation may be able to learn the grammar of python in one day at the earliest, because the languages are all connected, but the fastest way to learn a language is to write code, there is no other way; Next, you can try to write some common tools, such as crawlers, port detection, data packet core content extraction, intranet active host scanning, etc. You can search a lot of such codes online; then write some POC and EXP scripts to The shooting range is just for practice; some friends may have to ask again, what are POC and EXP, go there by yourself, and develop a good habit of doing it
4. Code Audit
The content here requires relatively high coding ability, so if the coding ability is weak, you can skip this part of the study first, without affecting the learning and development on the road of penetration.
But if you want to go further in Web penetration, you need to be proficient in a backend development language. PHP is recommended, because the websites developed with php in the backend occupy the largest number. Of course, you are also proficient in python, asp, java and other languages, congratulations , you already have a good foundation
Code audit, as the name implies, audits the source code of other people's websites or systems, and audits the system for vulnerabilities by auditing the source code or code environment (belonging to the category of white box testing)
So how do you learn it? The specific content of learning is listed as follows in order:
- Master some dangerous functions and security configurations of PHP
- Familiar with the process and method of code audit
- Master 1-2 code audit tools, such as seay, etc.
- Master the common functional audit method; (recommend auditing AuditDemo, let you have confidence)
- Common CMS framework audit (difficult)
CMS framework audit, you can go to some CMS official websites, download some historically vulnerable versions to audit, and use the official website’s user manual to learn the framework, such as ThinkPHP3.2 version has some loopholes, you can try to understand the code; but Remember not to look at the code as soon as you come up, because the code volume of the CMS framework is relatively large. If you don’t learn the framework systematically first, you will basically be in a state of incomprehension; ;In fact, it is not as difficult as you think. If you are a developer who changed careers, congratulations, you already have the inherent advantages of code auditing.
Then some friends asked again, my code is very poor, can I not learn code auditing, code auditing is not a necessary condition for learning network security, it is best to master it, and it will not affect subsequent study and employment if you fail to master it, but you need to choose At one stage, practice more professionally and proficiently, such as web penetration or intranet penetration, or automated penetration
3. Intranet security
Congratulations, if you learn this, you can basically work in a job related to network security, such as penetration testing, web penetration, security services, security analysis and other positions
If you want to have a wider range of employment and stronger technical competition, you need to learn more about intranet penetration
The knowledge of the intranet is slightly more difficult, which has a certain relationship with the current learning materials and shooting ranges on the market; the main learning content of the intranet mainly includes: intranet information collection, domain penetration, proxy and forwarding technology, application and System privilege escalation, tool learning, anti-virus technology, APT, etc.
4. Penetration and expansion
The penetration and expansion part is also closely related to the specific job position, and it is required to master it as much as possible. It mainly includes log analysis, security reinforcement, emergency response, etc.; among them, the focus is on the first three parts, and there are not many information on this area on the Internet. , and there are not many well-formed books and materials. You can learn through industry-related technical groups or materials shared by the industry. If you can learn this step, you have basically been considered a success in getting started. Learn log analysis, security reinforcement, and emergency response. knowledge is relatively easy
However, there are a lot of zero-based novices whose code foundation is usually weak, and many novices will fall into learning the language in the early stage, so it is recommended to learn web penetration and tools first, which is also more interesting and easy to maintain a high learning motivation and enthusiasm. Some content such as php language, automated penetration and code auditing can be put at the end. After learning the previous knowledge, it is relatively easy to learn the language after learning the previous knowledge.
I will not talk about the specific learning content, please refer to the above route!
finally
In order to help you better learn about network security, the editor has prepared a set of introductory/advanced learning materials for network security for you. The content in it is all notes and materials suitable for zero-based beginners. I understand, all the information is 282G in total. If you need a full set of network security introduction + advanced learning resource package, you can click to get it for free (if you encounter problems with scanning codes, you can leave a message in the comment area to get it)~
CSDN spree: "Introduction to Network Security & Advanced Learning Resource Pack" for free sharing
Network security source code collection + toolkit
Network
security interview questions
The last is the network security interview questions section that everyone is most concerned about.
The total data is 282G. If you need a full set of network security introduction + advanced learning resource package, you can click to get it for free ( If you encounter problems with scanning the code, you can leave a message in the comment area to get it)~
Video supporting materials & domestic and foreign network security books and documents
