foreword
Cybersecurity, by definition, without security, is not cyber. Nowadays, the security industry is developing rapidly, we call for professional inaugural personnel and college students, and you, do you think you are qualified to be a hacker?
This article is aimed at beginners and practitioners in all information security fields. It plans a detailed network security learning route for you, and attaches high-quality learning materials, so that you can quickly become a master of network security on the increasingly complicated network security track. A monthly salary of 10k is not a dream!
1. The current situation of network security
This article is for all partners who want to get involved in the field of network security or have already been involved but are still in a confused period. If your monthly salary reaches 30,000, then please leave.
If not, I hope you continue reading, because the turning point of your life will start from this article.
Network security, a word that has become popular in recent years. At present, with the strong support of policies, the cybersecurity capabilities of important industries have been steadily improved, and hundreds of thousands of people have poured into the track.
It is no exaggeration to say that if you can enter the company in the picture, your future will be stable.
2. How about the salary of Internet Security?
Whether the network security is good or not, we don't brag, we talk about the data.
Judging from the current market situation, the employment prospects of network security are very good. According to statistics in 2022, the gap in network security majors has grown to 1.4 million, while there are only 20,000 graduates of network security majors nationwide.
The graph below shows the growth trend of the network security market in recent years:
It is estimated that by 2026, the global network security market will reach hundreds of billions of dollars, and now the gap in network security is very large!
Let's take a look at the overall salary of the Internet security industry that everyone is most concerned about:
The monthly income is 26k, nearly 27k! Leaving out housing, meals and other miscellaneous items, 20,000 net goes into our wallet every month!
❔ Does anyone think the wallet is too big? ?
The salary of security development and security engineers is higher than that of penetration testing posts, and the salary is two to three times that of those with the same education.
The average monthly salary of a network security engineer is about 13k! ! This does not include the extra money we earned from infiltration and network protection in our own name! !
More importantly, the proportion of people between 20k and 30k is the largest. What does it mean?
Explain that if we learn better than these people, will the monthly salary of 30,000 to 50,000 still be a dream? Don't you need to tie your hands and feet to spend money or is it a dream? !
If you were skeptical about the cyber security industry before seeing these pictures, I ask you to believe it now.
3. How to become a master of network security (hacker)?
As more and more people see the big cake of Internet security, if we want to eat a big piece, we must become the top of the top
However, learning network security by yourself is equivalent to flying headless chickens, not to mention wasting time and energy. During the period of your blind study, others have already left you thousands of miles away.
Now is a good time to learn about Internet security, don't waste this opportunity! ! !
So what should we do?
The following is pure dry goods, be sure to read carefully! If you can't finish reading, you can like and bookmark for subsequent digestion!
1. Detailed learning route
Self-study network security is completely useless, you will learn blindly, learn PHP first, learn tools later, resulting in poor learning, knowledge points cannot be linked together, and in the end, you will only become a CV script boy.
The following is a high-quality online security learning route. Follow this picture, and I guarantee that you will learn more with less effort, faster than anyone else:
Recommend relevant learning websites (required):
CSDN:https://www.csdn.net/
Blog Park: https://www.cnblogs.com/
Rookie tutorial: https://www.runoob.com/
Liao Xuefeng's official website: https://www.liaoxuefeng.com/
2. Forum and learning materials (necessary for learning safety)
GitHub:https://github.com/
By being on GitHub, you can get a variety of benefits such as learning resources, practical opportunities, knowledge sharing, and security reviews.
Prophet Forum: https://xz.aliyun.com/
Jumping Candy: http://tttang.com/
seebug:https://www.seebug.org/
Anquanke: https://www.anquanke.com/
Readers of websites that have not been explained above need to explore and browse by themselves. After all, knowledge must be acquired actively, not forced to you.
3. Keep up with the trend of the times and use AI as an auxiliary tool for learning.
Take ChatGPT as an example. When we encounter difficulties in the process of learning Internet security, we usually encounter various problems. When no one can help, we can get knowledge and posture through Q&A ChatGPT
The following picture shows the answer of AI when XSS injection encounters problems:
4. Participate in multiple shooting ranges in depth and read relevant safety documents.
Network security shooting ranges are designed to help users learn and understand various network security vulnerabilities and attack techniques through practical operations. For those who study network security, actual combat is very important. The following security shooting ranges are strongly recommended:
SQLi-Labs (https://github.com/Audi-1/sqli-labs): A shooting range focused on SQL injection vulnerabilities. It provides a series of challenges with different difficulty levels to help users learn and practice SQL injection techniques.
DVWA (http://www.dvwa.co.uk/): DVWA is an intentionally designed vulnerable virtual machine used to practice web application security testing. It contains multiple security vulnerabilities such as injection vulnerabilities, cross-site scripting attacks (XSS), file inclusion vulnerabilities, etc.
Hack The Box (https://www.hackthebox.eu/): A popular online platform that offers a variety of virtual machines and challenges for users to test and improve their cybersecurity skills.
VulnHub (https://www.vulnhub.com/): A community-driven range platform that provides a variety of vulnerability-specific virtual machines for users to practice penetration testing and exploits.
XSS-Game (https://github.com/cure53/XSSChallengeWiki/wiki): An open source XSS practice platform that provides multiple XSS challenges with different difficulty levels, aiming to help users learn and master XSS techniques.
TryHackMe (https://tryhackme.com/): A browser-based shooting range platform that provides virtual machines and lab environments to help users learn network security and penetration testing.
5. Get in touch with competitions and platforms such as CTF and C4 (China University Computer Competition Network Technology Challenge).
There are many well-known CTF (Capture The Flag) competitions at home and abroad, which aim to promote the learning and actual combat of network security technology.
XCTF (https://adworld.xctf.org.cn/home): An online CTF competition sponsored by China National Network Security Talent Pool, held several times a year. It is one of the largest CTF events in China, attracting many security enthusiasts and professionals.
HCTF: The offline CTF competition hosted by Hangzhou Dianzi University gathered many participating teams from universities and enterprises, providing a platform for participants to exercise and communicate.
CTFtime (https://ctftime.org/): CTFtime is a global CTF competition platform that provides competition information, rankings and resource sharing for CTF enthusiasts.
These CTF events provide a platform to learn and demonstrate cyber security technology through competition mode and practical exercises.
At the same time, there are multiple CTF practice platforms in China for safety learners to practice, including high-quality CTF competition questions over the years, etc.
BUUCTF (https://buuoj.cn/): BUUCTF is a CTF practice platform founded by Beijing Union University dedicated to collecting various CTF competition questions and classifying challenges
Bugku (https://ctf.bugku.com/): There are WEB, MISC (miscellaneous), Crypto (password), Reverse, PWN topics, and sometimes AWD reappearance competitions
In it, you can exercise your attack and defense capabilities, and learn the latest security technologies and exploit methods.
At the same time, follow me, so that you have a new understanding, new harvest, and new progress on Internet Security
Four. Summary
Network security cannot be blindly self-taught, blindly confident, and blindly arrogant! ! Only by closely following the network security learning route in this article and making full use of the information given in this article, can you truly achieve fast lane overtaking and let you quickly become a master in the field of security!
The network security industry is like a river and lake, where people of all colors gather. Compared with many decent families with solid foundations in European and American countries (understand encryption, know how to protect, can dig holes, and are good at engineering), our talents are more heretics (many white hats may not be convinced), so in the future Talent training and In terms of construction, it is necessary to adjust the structure and encourage more people to do "positive" "system and construction" that combines "business" and "data" and "automation" in order to quench the thirst for talents and truly serve the society in an all-round way. Internet provides security.