If you are also planning to step into the network security industry, it is enough to bookmark this article (60G network security information for free)

Network security is not difficult, getting started with network security is even easier! Don't be fooled by its mysterious coat.

As long as you listen to my explanation carefully, although there is no guarantee that you will become a master, no matter how poor your learning ability is, you can still reach the entry level.

---------------------------------------------------------

Speaking of network security, some people may be unfamiliar with it, so I use another word to describe it: hacker (it seems inappropriate)

But not all hackers do bad things, there are many categories, such as the following:

White hat hackers: White hats are some core figures who are engaged in research and maintenance of computer security and network security in large companies or national security. They simulate hacker attack methods to protect against threats brought by attacks, and play a pivotal role in network information security. role.

Black hat hackers: Black hats specialize in the research of some vulnerabilities, viruses, and Trojan horses that can attack the network, so as to attack computers, networks and servers, resulting in information loss and network paralysis.

Red hat hackers: Red hats are different from white hats and black hats. Red hats are not restricted. They often study what they are interested in and use their own security protection and attack methods to maintain computer or network information security problems.

Script kiddies: Script kiddies are mainly people who are good at using hacking tools but can't program themselves.

The first generation of hackers: It originated from the English hacker, and it was commendable in the computer industry in the United States in the early days. They are all high-level computer experts, especially programmers, which can be regarded as a general term. ,

Hacker/breaker: It is a transliteration of "Cracker", which means "cracker". Engage in malicious cracking of commercial software, malicious intrusion into other people's websites, etc. Nearly synonymous with hackers, hackers and hackers are essentially the same, those who break into computer systems/software. There is not a very clear line between hacker and "cracker", but as the meaning of the two has become more and more blurred, the public's understanding of the meaning of the two has become less important.

Generally speaking, this is a group of people who like to study technology, and we cannot kill them with one stick.

Well, let's get back to the topic, the main theme of this article - where should a zero-based beginner learn network security (white hat hacker) start.

Before starting to learn, we must first understand the classification of network security positions, because the learning paths and learning methods of different positions are also different.

We do not list emerging technologies, even traditional security positions: security product engineer (or after-sales engineer), security consultant (pre-sales engineer), penetration test engineer, sales, security development engineer, security operation and maintenance engineer, emergency response engineer, Level protection assessor, safety service engineer. In general, there are so many positions, and other niche positions will not be listed one by one.

General job content or responsibilities of security positions

After-sales engineer: after-sales service of safety products, including delivery and implementation of safety products, after-sales support, product debugging and putting on shelves. For example, if a customer buys our firewall, we need to send someone to install and debug it. We can't let the customer install it by himself. This is the main job content of product engineers or after-sales engineers.

Pre-sales engineer: Mainly to assist the sales to complete the documentary. To put it plainly, it is to cooperate with the sales. One will do business relations (eat, drink, give gifts and treat guests) and the other will do technical solutions (solve customers’ pain points). Two people cooperate to win the project .

Penetration test engineer: This position is the dream of most people, and it's time to show your personal skills. It is mainly to simulate hackers to attack the target business system, so stop.

Sales: No more details, I guess you young people don’t care too much, but when you grow up, you will find out how nonsense your previous understanding of sales is.

Security development engineer: Well, if you are engaged in development, you must also understand security. For example, if you develop a web application firewall, you don’t even understand web attacks, so why do you develop it behind closed doors? Can it prevent it?

Security operation and maintenance engineer: An organization has purchased so many security products, and someone must do operation and maintenance, analyze the logs, and update the strategy. Regularly check the security of the business system and check whether there are any threats in the intranet. This is what the security operation and maintenance engineer should do.

Emergency Response Engineer: When a customer's business system is attacked, it is necessary to quickly locate the security problem, quickly restore the business system, and some even need to collect evidence and report to the police. (If the value of something stolen at home is too high, why don’t you call the police? Why are you so worried)

Graded protection assessor: According to the national requirements, important business systems need to be protected according to the security level. At present, the country has released the graded protection 2.0 standard, and the construction should be carried out according to this standard. The job of the graded protection assessor is to assist customers to check whether the business system meets the requirements of graded protection, and rectify immediately if they do not meet the requirements.

Security service engineer: Many companies include penetration test engineers as security service engineers, which is harmless. Waiters who don’t know security services and don’t know how to eat are to help customers do security work. The specific content includes common vulnerability scanning, baseline detection, penetration testing, network architecture sorting, risk assessment and other work content. The scope of security services is very large, covering almost all the above-mentioned positions.

Having said so many positions, kick out sales and development (most teenagers don't care about these two positions), let's divide other positions, in fact, there are three directions: safety product direction, safety operation and data analysis direction, safety Offensive and defensive and emergency direction. In addition to this direction, there is another direction that is not listed - the direction of safety management. Don't worry, young man, you won't be able to use this direction for a while. Which company foolishly asks a newbie to do safety management?

Throughout all industries, there has never been a manager recruited directly from graduates. If so, please remember to contact me, I have several cousins who will graduate from college soon, let them apply for the job.

So here comes the question? Is the learning content of these three directions the same?

It's obviously different, otherwise, what direction should I divide, and I'm full. This is the same as the division of Chinese and science in high school back then. Ask what to divide, because there are too many contents, and different people are good at different points. There are so many learning contents and so little time. Either compress the content or lengthen the time. Closer to home, what skills are needed for these three directions in actual work?

Security product direction: understand products, such as firewall, online behavior management, intrusion detection/protection, gatekeeper, vpn, database audit, bastion machine, anti-denial of service, cloud protection products, antivirus, access, web application firewall, virtualization security products and more.

Security operation and data analysis direction: security service, security evaluation, risk assessment, level protection, ISO 27000, log analysis, threat analysis, SOC operation, etc.

Security attack and defense and emergency direction: web attack and defense, system attack and defense, intranet penetration, emergency response, code audit, mobile apk monitoring, industrial control system security detection, etc.

Security product direction: Products are deployed on the network, so if you want to get started with the product, you must first get started with the network foundation (Cisco, Huawei, and H3C are all available). In one, you need to debug security policies, so you need to understand basic security knowledge and principles , to sum up, getting started with security products requires network foundation + basic attack and defense

Security operation and data analysis direction: It is necessary to operate the business system. It is necessary to know whether the security configuration of important business systems is a service requirement, to understand the operating system (windows, linux), to understand the middleware, and to understand the database. To understand, you need to understand the national policy requirements. Since it is a security threat analysis, you must understand the basic security knowledge and principles, and you can even verify the loopholes. To sum up, the requirements for getting started in the direction of security operation and data analysis: operating system + middleware configuration + database configuration + basic attack and defense

Security attack and defense and emergency direction: Since it is attack and defense, you must understand attack and certain programming language skills. If you want to log in to the system for emergency, you must understand the operating system, middleware, and database. Therefore, in summary, getting started requires operation System + middleware configuration + database + advanced attack and defense

Of course, as a product engineer, do you really need to understand the operating system? Obviously not, most security products in China are developed based on open source linux. As a security attack and defense engineer, don't you need to understand the network? You don’t need to go too deep, you don’t need to understand what ospf, what is the second layer, what is SDN, but you should understand the basic network, otherwise you can’t even understand the IP address, so go find someone.

So here comes the question again, as a newbie, what should I learn first, and then what should I learn?

Let’s take a look at a picture first (the content is too much, it’s densely packed and can’t be seen clearly after opening, if you need a detailed version, you can tell me in the comment area)

Does it look like a lot of pressure, don't be afraid, in fact, after dismantling, you will find that it is not difficult to learn.

Let me show you the web security learning route I made for my team members. It takes about half a year as a whole, depending on each person's situation:

(Friendly reminder: If you find it helpful, you can bookmark this answer, so as not to find it later)

1. Concepts related to web security (2 weeks)

Familiar with basic concepts (SQL injection, upload, XSS, CSRF, one-sentence Trojan horse, etc.).
Google/SecWiki through keywords (SQL injection, upload, XSS, CSRF, one-word Trojan horse, etc.);
Read "Mastering Script Hackers", although it is very old and has errors, it is still possible to get started;
Watch some infiltration notes/videos to understand the whole process of actual infiltration, you can Google (infiltration notes, infiltration process, intrusion process, etc.);

2. Familiar with penetration related tools (3 weeks)

Familiar with the use of AWVS, sqlmap, Burp, nessus, chopper, nmap, Appscan and other related tools.
To understand the purpose and usage scenarios of such tools, first use the software name Google/SecWiki;
Download the backdoor-free versions of these software for installation;
Learn and use, specific teaching materials can be searched on SecWiki, for example: Brup's tutorial, sqlmap;
Once you have learned these commonly used software, you can install Sonic Start to make a penetration toolbox;

3. Infiltration combat operation (5 weeks)

Master the entire stages of penetration and be able to independently penetrate small sites.
Look for infiltration videos on the Internet to watch and think about the ideas and principles, keywords (infiltration, SQL injection videos, file upload intrusion, database backup, dedecms exploits, etc.);
Find a site/build a test environment for testing by yourself, remember to hide yourself;
Thinking penetration is mainly divided into several stages, and what work needs to be done in each stage;
Study the types of SQL injection, injection principles, and manual injection techniques;
Research the principle of file upload, how to truncate, double suffix spoofing (IIS, PHP), parsing exploits (IIS, Nignix, Apache), etc.;
Study the principles and types of XSS formation, the specific learning method can be Google/SecWiki;
Study the method and specific use of Windows/Linux privilege escalation;

4. Pay attention to the dynamics of the security circle (1 week)

Pay attention to the latest vulnerabilities, security incidents and technical articles in the security circle.
Browse daily security technology articles/events through SecWiki;
Pay attention to practitioners in the security circle through Weibo/twitter (if you encounter a big cow’s attention or a friend’s decisive attention), take time to check it every day;
Subscribe to domestic and foreign security technology blogs through feedly/fresh fruit (not limited to domestic, usually pay more attention to accumulation), if you don't have a feed, you can look at the aggregation column of SecWiki;
Cultivate the habit of actively submitting security technical articles to link to SecWiki every day for accumulation;
Pay more attention to the latest list of vulnerabilities, and recommend a few: exploit-db, CVE Chinese library, Wooyun, etc., and practice when encountering public vulnerabilities.
Follow the topics or videos of domestic and international security conferences, and recommend SecWiki-Conference.

5. Familiar with Windows/Kali Linux (3 weeks)

Learn Windows/Kali Linux basic commands and common tools;
Familiar with common cmd commands under Windows, such as: ipconfig, nslookup, tracert, net, tasklist, taskkill, etc.;
Familiar with common commands under Linux, such as: ifconfig, ls, cp, mv, vi, wget, service, sudo, etc.;
Familiar with common tools under Kali Linux system, you can refer to SecWiki, "Web Penetration Testing with Kali Linux", "Hacking with Kali", etc.;
If you are familiar with the metasploit tool, you can refer to SecWiki, "Metasploit Penetration Testing Guide".

6. Server security configuration (3 weeks)

Learn server environment configuration, and be able to discover security problems in the configuration through thinking.
IIS configuration under Windows2003/2008 environment, pay special attention to configuration security and operation permissions;
The security configuration of LAMP in the Linux environment mainly considers running permissions, cross-directory, folder permissions, etc.;
Remote system reinforcement, restrict user name and password login, and restrict ports through iptables;
Configure software Waf to strengthen system security, and configure mod_security and other systems on the server;
The Nessus software is used to perform security detection on the configuration environment and discover unknown security threats.

7. Script programming learning (4 weeks)

Choose one of the scripting languages Perl/Python/PHP/Go/Java to learn programming of commonly used libraries.
Build a development environment and choose an IDE. The PHP environment recommends Wamp and XAMPP, and the IDE strongly recommends Sublime;
Python programming learning, learning content includes: grammar, regularization, files, network, multi-threading and other common libraries, recommend "Python Core Programming", don't read it;
Write the exploit of the vulnerability in Python, and then write a simple web crawler;
Learn PHP basic grammar and write a simple blog system, see "PHP and MySQL Programming (4th Edition)", video;
Familiar with the MVC architecture, and try to learn a PHP framework or Python framework (optional);
Understand Bootstrap's layout or CSS;

8. Source code audit and vulnerability analysis (3 weeks)

It can independently analyze script source code programs and find security problems.
Familiar with the dynamic and static methods of source code audit, and know how to analyze the program;
Find and analyze the vulnerabilities of open source programs from Wooyun and try to analyze them yourself;
Understand the causes of web vulnerabilities, and then search and analyze them through keywords;
Study the formation principles of web vulnerabilities and how to avoid such vulnerabilities from the source code level, and organize them into a checklist.

9. Security system design and development (5 weeks)

Be able to build your own security system and put forward some security suggestions or system architecture.
Develop some practical security gadgets and open source to reflect personal strength;
Establish your own security system and have your own understanding and opinions on company security;
Propose or join the architecture or development of large security systems;

Summarize:

This roadmap has been detailed to what content to learn every week and to what extent. It can be said that the web security roadmap I compiled is very friendly to newcomers. In addition, I also compiled corresponding I can also share some of the learning materials if you need them (confidential content cannot be shared), and you can tell me in the comment area if you need it!

1. The sections corresponding to each growth route have supporting tutorial notes source code provided:

2. Network Security Video Tutorial

Many friends don't like obscure text, and I have prepared a video tutorial for you, which has a total of 21 chapters, and each chapter is the essence of the current section.

3. SRC Documentation & Hacking Technology Books

The SRC documents & hacking technology books that everyone likes and cares about most are also included

4. Network protection action information

Among them, the corresponding information about the HW net protection operation has also been prepared, which can be equivalent to the gold finger of the competition!