1. Why choose Network Security?
In recent years, with the continuous implementation of a series of policies/regulations/standards such as "National Cyberspace Security Strategy", "Cyber Security Law" and "Network Security Level Protection 2.0", the status and salary of the cyber security industry have risen accordingly.
The next 3-5 years will be the golden development period of the security industry. If you enter the industry in advance, you can enjoy the development dividend of the industry.
2. Why is it said that the network security industry is the last dividend of the IT industry?
According to the "Internet Security Report" released by Tencent Security, the supply of cybersecurity talents in China is currently severely lacking. Every year, only more than 30,000 talents are trained in security majors in colleges and universities, and the gap in cybersecurity positions has reached 700,000, which is as high as 95%.
Moreover, we go to the recruitment website and search for job titles such as [Network Security], [Web Security Engineer], [Penetration Testing], and we can see that security positions have good salaries. Condition.
recommended books
web security books for beginners
- "CCNA Study Guide"
- "TCP/IP Detailed Explanation Volume 1"
- "LAN Switch Security"
- "Cisco Firewall"
- "Network Security Principles and Practice"
- "Network Security Technology and Solutions"
- "Huawei Firewall Technology Talk"
- "Cisco Network Hacker Exposure"
- "Wireshark Network Analysis Actual Combat"
- "Wireshark Packet Analysis Actual Combat"
- "DDoS Attack and Defense Depth Analysis"
- "Cisco VPN Complete Configuration Guide"
- "Cisco Security Intrusion Detection System"
Web Security/Penetration Testing Recommended Book List
- "White Hats Talk about Web Security"
- "Deep Analysis of Web Security"
- "Metaspolit Penetration Testing Demon Training Camp"
- "Web front-end security secret"
- "Web penetration testing using Kali Linux"
- "Hacking Attack and Defense Technology Collection Web Actual Combat"
- "BurpSuite Practical Guide"
- "SQL Injection Attack and Defense"
- "XSS cross-site scripting attack analysis and defense"
- "Advanced Guide to Internet Enterprise Security"
01. No age limit
In the IT industry, there are many positions in the IT industry where 35-year-olds are anxious, worrying about whether the company is willing to take on the problem, and network security depends on the ability to solve problems. The more years of employment, the richer the experience, the more valuable it is.
02. The educational threshold is relatively loose
At present, there are very few colleges and universities with majors in cyber security. First, there are very few schools offering cyber security majors. Second, even if cyber security majors are offered, there are very few students trained due to the shortage of teachers. And the requirements for age, major, and education are not so strict, and the job market is relatively tolerant.
03. The overall salary level is high
Compared with other IT industries, the starting salary of network security is higher. The starting salary is usually more than 7k, and the annual salary can reach up to one million. There is also the opportunity to earn a lot of part-time income.
Related website recommendation
The blogger's research direction is in the security field, and he may publish more articles in the circle in the future to improve the quality of articles.
1、FreeBuf
The most concerned global Internet security media platform in China, a community for enthusiasts to exchange and share security technologies, and a network security industry portal.
2. Watch the snow
Kanxue Forum is a software security technology exchange place, providing a technology exchange platform and resources for security technology enthusiasts.
3. My Love Cracked
Wuai Crack Forum is a non-profit technical forum dedicated to software security and virus analysis.
4. Alibaba Cloud Prophet Community
An open technology platform.
5. Tencent Xuanwu Security Lab
Various CVEs, vulnerabilities.
6、SecWiki
Security wiki, all kinds of security information.
The first stage: basic preparation 4~6 weeks
This stage is a must-learn part for all those who are preparing to enter the security industry. As the saying goes: if the foundation is not worked, the ground will shake
Stage Two: Web Penetration
Basic learning time: (1 week to 2 weeks)
① Understand the basic concepts: (SQL injection, XSS, upload, CSRF, one-sentence Trojan horse, etc.) to lay the foundation for subsequent WEB penetration testing.
② Check some web penetrations in some forums, and learn the idea of a case study. Every site is different, so the idea is the main one.
③ Learn the art of asking questions, and be good at asking questions if you don’t understand.
Time to configure the penetration environment: (3 weeks to 4 weeks)
① Understand the commonly used tools for penetration testing, such as (AWVS, SQLMAP, NMAP, BURP, Chinese kitchen knife, etc.).
② Download the backdoor-free versions of these tools and install them on your computer.
③ Understand the usage scenarios of these tools and know the basic usage. It is recommended to search on Google.
Infiltration actual operation time: (about 6 weeks)
① Search for actual penetration cases on the Internet, and gain an in-depth understanding of the use of SQL injection, file upload, and parsing vulnerabilities in actual combat.
② Build a vulnerability environment test by yourself, recommend DWVA, SQLi-labs, Upload-labs, bWAPP.
③ Understand the stages of penetration testing, and what actions need to be done in each stage: such as PTES penetration testing implementation standards.
④ In-depth study of manual SQL injection, find ways to bypass waf, and make your own scripts.
⑤ Study the principle of file upload, how to truncate, double suffix spoofing (IIS, PHP), parsing exploits (IIS, Nignix, Apache), etc., refer to: upload attack framework.
⑥ Understand the principles and types of XSS formation, practice in DWVA, use a cms with XSS vulnerabilities, install security dogs, etc. for testing.
⑦ Understand a sentence Trojan horse, and try to write a dog sentence.
⑧ Research on privilege escalation under Windows and Linux, Google keywords: privilege escalation
Stage Three: Advanced
How can I advance after I have already started and found a job? I have compiled a detailed learning route and tutorial video notes for you.
epilogue
The network security industry is like a river and lake, where people of all colors gather. Compared with many decent families with solid foundations in European and American countries (understand encryption, know how to protect, can dig holes, and are good at engineering), our talents are more heretics (many white hats may not be convinced), so in the future Talent training and In terms of construction, it is necessary to adjust the structure and encourage more people to do "positive" "system and construction" that combines "business" and "data" and "automation" in order to quench the thirst for talents and truly serve the society in an all-round way. Internet provides security.
Friends who want to get involved in hacking & network security, I have prepared a copy for everyone: the most complete network security information package on the entire network in 2023 for free! Pay attention to it (automatically sent in the background)