1. What is network security?
Network security can be classified based on the perspective of attack and defense. The "red team" and "penetration testing" we often hear are research on attack technology, while the "blue team", "security operation" and "security operation and maintenance" are research on defense technology.
Regardless of the field of network, web, mobile, desktop, cloud, etc., there are two sides of attack and defense. For example, web security technology includes both web penetration and web defense technology (WAF). As a qualified network security engineer, you should be both offensive and defensive.
2. The Prospect of Network Security
There is a large demand for talents and a large market vacancy, such as the popularization of Internet of Things network applications and the popularization of 5G, etc., will increase the demand for network security positions.
In the long run, network security will only become more and more popular, and the rise of intelligent disciplines will definitely drive the development of new network security technologies.
Three future development directions of network security: network security (safety protection), cloud-native security, and the application of AI in network security (ChatGPT)
Large room for development:
Within the enterprise, network engineers are basically in a "double high" position, that is, high status and high salary. Wide range of employment, one specialty and many skills, practical experience applicable to various fields.
Great value-added potential:
Mastering the core network architecture and security technology of the enterprise has an irreplaceable competitive advantage. Career value With the enrichment of one's own experience and the maturity of project operation, the appreciation space is bullish all the way.
Long career life:
The focus of the work of network engineers is on the construction and maintenance of enterprise information, including technical and management work. The work is relatively stable. With the continuous growth of project experience and in-depth understanding of the industry background, the older you are, the more popular you will be.
Finally, I can tell you here with certainty: "Network security has good development prospects, and cutting-edge network security technologies are about to rise, or have already risen."
3. Network Security Skills Table
【Help security learning one by one, all resources one by one】
① Network security learning route
② 20 penetration testing e-books
③ 357-page security attack and defense notes
④ 50 security attack and defense interview guides
⑤ Security red team penetration toolkit
⑥ Network security essential books
⑦ 100 Vulnerability actual combat cases
⑧ internal video resources of major security companies
⑨ analysis of CTF capture the flag competition questions over the years
[——follow the automatic sending one by one]
4. There is a lot of knowledge about network security, how to arrange it scientifically and reasonably?
If you have decided to start learning network security, then I suggest you take a look at what I said below, specific to each knowledge point, the total self-study time is about half a year, and the personal test is effective (there is a surprise at the end of the article):
Phase 1: Security Basics
Network Security Industry and Regulations
Linux Operating System
Computer Network
HTML PHP Mysql Python Basic to Practical Mastery
Phase Two: Information Gathering
IP information collection
Domain name information collection
Server information collection
Web site information collection
Google hacking
Fofa network security mapping
Phase Three: Web Security
SQL Injection Vulnerability
XSS
CSRF Vulnerability
File Upload Vulnerability
File Inclusion Vulnerability
SSRF Vulnerability
XXE Vulnerability
Remote Code Execution Vulnerability Password
Brute Force Cracking and Defense
Middleware Parsing Vulnerability
Deserialization Vulnerability
Stage Four: Penetration Tools
MSF
Cobalt strike
Burp suite
Nessus Appscea AWVS
Goby XRay
Sqlmap
Nmap
Kali
The fifth stage: actual combat digging
Vulnerability mining skills
Src
Cnvd
public testing project
Popular CVE vulnerabilities reappear
Shooting range combat
Five, finally
The learning framework learning route has been fully formulated, and the next step is to follow the learning with resources.
Learning materials can be found on online platforms or major forums, but in my own experience, I feel that the materials I find are all piece by piece, and the preface does not match the postscript.
If you want to learn, I can share all my own learning notes, all knowledge points and all content, including e-books, interview questions, pdf documents, videos and related courseware notes, pay attention to the automatic sending in the background.
