foreword
I have been engaged in network security work for 5+ years, and have worked in several large companies, including security service, penetration test engineer, pre-sales, host defense and other positions, so I have a comprehensive understanding of this industry.
Let's start to get to the point, how to enter the network security industry step by step from a newcomer.
text
First of all, before you prepare to enter this industry, please ask yourself, there are tens of thousands of jobs in the world, why do you want to enter the security circle?
Maybe everyone has different reasons. Maybe it's because of their interest, and they have dreamed of being a hacker since they were young; maybe it's because the salary is relatively high; No matter what your reason is, as long as you are ready, please study hard. If you haven't already, figure out your motivations first.
Secondly, determine what you want to do, and what position you can do after learning network security.
Like traditional penetration test engineers, security service engineers, emergency response engineers, security development engineers, security operation and maintenance engineers, operation and maintenance engineers, operation and maintenance engineers
1. How to teach yourself hacking & network security
Hacker Zero-Basic Introductory Learning Route & Planning
1. Basic pre-knowledge
①Network foundation
②Linux foundation
The foundation is very important, don't underestimate the foundation. For any position on the Internet, you must learn the basics first, don’t try to become a fat man with one bite
2. Introductory core knowledge of network security
① Understand the relevant background, prospects and personnel needs of the industry.
②Learn laws and regulations related to network security.
③Simple network security foundation
3. Web Security Basics
①Web application security and risk
②Web application technology
③Offensive and defensive environment construction
④Information collection for penetration testing
4. Use of network security tools
①Indispensable tools for penetration testing
②Kali's MSF penetration testing
5. Basic knowledge of penetration testing
①SQL injection vulnerability attack and defense
②XSS vulnerability attack and defense
③Upload verification bypass
④File inclusion vulnerability
⑤CSRF attack and defense
⑥SSRF vulnerability
⑦XEE principle utilization defense
⑧Remote code and deserialization vulnerability
⑨Side note, cross-database, CDN bypass
⑩Brute force guessing, etc.
https://mp.weixin.qq.com/s?__biz=MzkwNDI0MDc2Ng==&mid=2247483680&idx=1&sn=e1666c9a4a67f1222d90780a0ed619b8&chksm=c08b4a31f7fcc327deef435a30bf c550b33b5975f2bcc18dfb2ee20683da66025c68253a4c79&token=1423804057&lang=zh_CN#rd6. Advanced penetration testing
①WAF bypass
②Webshell backdoor analysis
③Windows/linux privilege escalation
④Database privilege escalation
If you learn this, you can basically engage in a job related to network security, such as penetration testing, web penetration, security services, etc.
not enough? You can continue to explore:
7. Code audit
①PHP entry learning
②Function explanation
③JAVA basics
④JAVA code audit
8. Level protection
①Classified protection basis
②Classified protection requirements
9. Risk assessment
①Risk assessment basis
②Risk assessment implementation
10. Safety inspection
① Vulnerability scanning
② Policy inspection
Security inspection
11. Emergency response
①Intrusion investigation
②Log analysis
③Privilege maintenance
epilogue
The network security industry is like a river and lake, where heroes from various sects gather, including martial arts masters and low-level thieves. No matter what you are, as long as you want to go on in this river and lake, you must continue to learn and improve your skills, but The premise of learning is that you must know the law and abide by the law, and you must not go heresy, and adjust your own school to do positive things, so as to quench the thirst for talents and truly provide security for the comprehensive Internet of society.
Special statement:
This tutorial is purely technical sharing! The purpose of this tutorial is in no way to provide and technical support for those with bad motives! Nor does it assume joint and several liability arising from the misuse of technology! The purpose of this tutorial is to maximize everyone's attention to network security and take corresponding security measures to reduce economic losses caused by network security. ! !