I. Introduction:
1. It is the same principle to learn any technology with zero foundation, that is, theory + practice.
For example, if you want to learn how to play basketball with zero foundation, you have watched a lot of teaching videos. These videos teach you how to dribble, how to shoot, how to break through, how to defend, etc., but can you learn to play basketball just by watching these instructional videos?
Does not! If you want to learn how to play basketball, you still need to practice on the court.
Therefore, beginners first remember before learning: the most important thing to learn about network security is to practice more actual combat. If your daily study time is 4 hours, then you should take at least 2 hours for practice.
Many beginners think they know it after reading the tutorial, but when they actually do the project, they find that they have no way to start. The root cause is that there are too few practical operations and not enough practice. Only by practicing more can you understand how to use it.
2. Zero-based self-study It is very important to choose a good learning route!
In order to pursue speed, many video tutorials on the Internet start directly from the tools, ignoring the importance of the basics. The truth is that before learning cyber security, you must first learn the basics
The picture is too big and a bit blurry! ! If you need to learn the pdf version of the route, you can follow the blogger to get it automatically! ! !
2. Basic stage
1. Basic computer knowledge
Network Security Law of the People's Republic of China (including 18 knowledge points)
Linux operating system (including 16 knowledge points)
Computer network (including 12 knowledge points)
SHELL (including 14 knowledge points)
HTML/CSS (including 44 knowledge points)
JavaScript (contains 41 knowledge points)
Introduction to PHP (contains 12 knowledge points)
MySQL database (contains 30 knowledge points)
Python (contains 18 knowledge points)
The first step to getting started is to systematically learn basic computer knowledge, that is, to learn the following basic knowledge modules: operating system, protocol/network, database, development language, and common vulnerability principles.
After the previous basic knowledge is learned, it is time to practice.
Because of the popularization of the Internet and informatization, the website system has more external businesses, and the level of programmers is uneven and the configuration of operation and maintenance personnel, so there is more content to be mastered.
2. Penetration stage
Penetration and defense of SQL injection (including 36 knowledge points)
XSS related penetration and defense (including 12 knowledge points)
upload verification penetration and defense (including 16 knowledge points)
file contains penetration and defense (including 12 knowledge points)
CSRF Penetration and Defense (including 7 knowledge points)
SSRF Penetration and Defense (including 6 knowledge points)
XXE Penetration and Defense (including 5 knowledge points)
Remote Code Execution Penetration and Defense (including 7 knowledge points)
Master the principles, usage and defense of common vulnerabilities. In the web penetration stage, you still need to master some necessary tools.
The main tools and platforms to master: burp, AWVS, Appscan, Nessus, sqlmap, nmap, shodan, fofa, proxy tools ssrs, hydra, medusa, airspoof, etc. The practice of the above tools can be practiced with the above open source shooting range, which is enough up
3. Safety management (upgrade)
Penetration report writing (including 21 knowledge points)
level protection 2.0 (including 50 knowledge points)
emergency response (including 5 knowledge points)
code audit (including 8 knowledge points)
risk assessment (including 11 knowledge points)
security inspection (contains 12 knowledge points)
data security (contains 25 knowledge points)
It mainly includes the preparation of penetration reports, grading of network security level protection, emergency response, code audit, risk assessment, security inspection, data security, compilation of laws and regulations, etc.
This stage is mainly for those who have been engaged in network security-related work and need to be promoted to management positions.
If you only study to participate in engineering positions, you can learn or not at this stage.
4. Ascension stage (ascension)
Cryptography (contains 34 knowledge points)
Introduction to JavaSE (contains 92 knowledge points)
C language (contains 140 knowledge points)
C++ language (contains 181 knowledge points)
Windows reverse (contains 46 knowledge points)
CTF Capture the Flag ( Contains 36 knowledge points)
Android reverse (contains 40 knowledge points)
mainly includes cryptography, JavaSE, C language, C++, Windows reverse, CTF capture the flag, Android reverse, etc.
It is mainly aimed at the knowledge that needs to be improved to improve the advanced security architecture after already engaged in network security related work.
So it is very important for beginners to find a good video tutorial. Without even a good video tutorial, it is very difficult to learn network security well. Following some low-quality video tutorials to study, you can't find a job after learning, and you can only waste your time in vain.
If you can’t find a good tutorial, I’ve compiled a copy for you, the learning tutorial for this tutorial, (can be shared)
Follow the learning route of this tutorial to learn, master these knowledge points to the level of vulnerability mining, and find a 10-15 job without any problem. There is no way to post the link, if you need it: If you need to learn materials and tutorials, you can, like, bookmark and leave a message to tell the blogger, if you are too lazy to wait for a reply, you can pay attention and an automatic reply will be sent! ! !
Hacking tools & SRC technical documents & PDF books & web security, etc. (shareable)
3. Book list recommendation
Computer operating system:
【1】Coding: the language hidden behind the computer software and hardware
【2】In-depth understanding of the operating system【3】In-depth understanding of windows operating system
【4】Linux kernel and implementation
Programming development class:
【1】windows programming
【2】windwos core becomes
【3】Linux programming
【4】Unix environment advanced into
【5】IOS becomes
[6] The first line of code Android
【7】C programming language design
【8】C primer plus
[9] C and pointers
[10] C expert programming
[11] C traps and defects
[12] Assembly language (Wang Shuang)
【13】java core technology
【14】java programming ideas
【15】Python core programming
[16] Linux shell script strategy
[17] Introduction to Algorithms
[18] Compilation principle
[19] Compilation and decompilation technology practice
[20] The way to clean code
[21] Code Encyclopedia
[22] TCP/IP Detailed Explanation
【23】Rootkit: Lurkers in the gray area of the system
【24】Hacking Attack and Defense Technology Collection
【25】Encryption and decryption
【26】C++ Disassembly and Reverse Analysis Technique Revealed
[27] web security testing
【28】White hat talks about web security
【29】Proficient in script hacking
【30】Web front-end hacking technology secret
[31] Programmer's Application
【32】English Writing Handbook: Elements of Style
epilogue
The network security industry is like a river and lake, where people of all colors gather. Compared with many decent families with solid foundations in European and American countries (understand encryption, know how to protect, can dig holes, and are good at engineering), our talents are more heretics (many white hats may not be convinced), so in the future Talent training and In terms of construction, it is necessary to adjust the structure and encourage more people to do "positive" "system and construction" that combines "business" and "data" and "automation" in order to quench the thirst for talents and truly serve the society in an all-round way. Internet provides security.