1. What is network security?
Network security can be classified based on attack and defense perspectives. The “red team” and “penetration testing” we often hear about study attack techniques, while the “blue team”, “security operations” and “security operations and maintenance” study defense. technology.
Regardless of the field such as network, web, mobile, desktop, cloud, etc., there are two sides of attack and defense. For example, web security technology includes both web penetration and web defense technology (WAF). As a qualified network security engineer, you should be both offensive and defensive. After all, only by knowing yourself and the enemy can you be victorious in every battle.
2. How to plan network security
If you are a newbie in the security industry, I suggest you start with network security or web security/penetration testing. First, the market demand is high, and second, it is relatively mature and easy to get started.
It is worth mentioning that when learning network security, you must first study the network and then security; when learning Web security, you must first study the Web and then security.
Security does not exist independently, but is an upper-layer application technology based on other technologies. Without this foundation, it is easy to turn into talking on paper and "knowing what is happening but not knowing why." It is also difficult to go far on a safe career path.
If you are originally engaged in network engineering operation and maintenance, you can choose to get started in the network security direction;
if you are originally engaged in program development, it is recommended to choose the Web security/penetration testing direction to get started.
Of course, after learning to a certain extent or having certain work experience, the coupling of technologies in different directions will become higher and higher, and you need to know a little bit in each direction.
According to the above network security skills list, it is easy to see that there are far more technologies that network security requires exposure to.
Common skills to learn:
| Peripheral scoring ability | Fishing remote control ability |
| domain penetration capability | Traffic analysis capabilities |
| Vulnerability mining capabilities | Code audit capabilities |
[Help with security learning one by one, all resources one by one]
①Network security learning route
②20 penetration testing e-books
③Security attack and defense 357 pages of notes
④50 security attack and defense interview guides
⑤Security red team penetration tool kit
⑥Network security essential books
⑦100 Practical cases of vulnerabilities
⑧ Internal video resources of major security companies
⑨ Analysis of past CTF capture the flag competition questions
[1 - Just leave a message in the comment area and tell me one by one]
3. There is a lot of knowledge about network security. How to arrange it scientifically and reasonably?
1. Basic stage
Cybersecurity Law of the People's Republic of China (including 18 knowledge points)
Linux operating system (including 16 knowledge points)
Computer network (including 12 knowledge points)
SHELL (including 14 knowledge points)
HTML/CSS (including 44 knowledge points)
JavaScript (including 41 knowledge points)
Introduction to PHP (including 12 knowledge points)
MySQL database (including 30 knowledge points)
Python (including 18 knowledge points)
The first step to get started is to systematically learn basic computer knowledge, that is, learn the following basic knowledge modules:
Operating systems, protocols/networks, databases, development languages, and common vulnerability principles .
After learning the previous basic knowledge, it is time to practice.
Because of the popularity of the Internet and informatization, website systems have a lot of external business, and the level of programmers and the configuration of operation and maintenance personnel vary, so there is a lot of content that needs to be mastered.
2. Penetration stage
SQL injection penetration and defense (including 36 knowledge points)
XSS related penetration and defense (including 12 knowledge points)
Upload verification penetration and defense (including 16 knowledge points)
File penetration and defense (including 12 knowledge points)
CSRF Penetration and Defense (including 7 knowledge points)
SSRF Penetration and Defense (including 6 knowledge points)
XXE Penetration and Defense (including 5 knowledge points)
Remote Code Execution Penetration and Defense (including 7 knowledge points)
Master the principles, uses, and defenses of common vulnerabilities. In the Web penetration stage, you still need to master some necessary tools.
The main tools and platforms to master: burp, AWVS, Appscan, Nessus, sqlmap, nmap, shodan, fofa, proxy tools ssrs, hydra, medusa, airspoof, etc. The above tools can be practiced using the open source shooting range above, which is enough Already;
3. Safety management (improvement)
Penetration report writing (including 21 knowledge points)
Level Protection 2.0 (including 50 knowledge points)
Emergency response (including 5 knowledge points)
Code audit (including 8 knowledge points)
Risk assessment (including 11 knowledge points)
Security inspection (Contains 12 knowledge points)
Data Security (Contains 25 knowledge points)
Mainly includes penetration report preparation, network security level protection grading, emergency response, code audit, risk assessment, security inspection, data security, compilation of laws and regulations, etc.
This stage is mainly for those who are already engaged in network security related work and need to be promoted to management positions. If you are only studying to take up engineering positions, you may or may not study at this stage.
4. Upgrade stage (upgrade)
Cryptography (including 34 knowledge points)
Introduction to JavaSE (including 92 knowledge points)
C Language (including 140 knowledge points)
C++ Language (including 181 knowledge points)
Windows Reverse (including 46 knowledge points)
CTF Capture the Flag Competition ( Contains 36 knowledge points)
Android reverse engineering (contains 40 knowledge points)
Mainly including cryptography, JavaSE, C language, C++, Windows reverse engineering, CTF capture the flag competition, Android reverse engineering, etc.
Mainly aimed at those who are already engaged in network security related work and need to improve their knowledge of advanced security architecture.
4. Network security learning route
If you really want to get started with web security through self-study, I suggest you take a look at the following learning roadmap, which details how long to learn each knowledge point and how to learn it. The total self-study time is about half a year, and it is effective in personal testing (there is a surprise at the end of the article) ):
1. Web security related concepts (2 weeks)
Familiar with basic concepts (SQL injection, upload, XSS, CSRF, one-sentence Trojans, etc.).
Google/SecWiki through keywords (SQL injection, upload, XSS, CSRF, one-sentence Trojan, etc.);
read "Mastering Script Hackers", although it is very old and has errors, but it is still possible to get started;
watch some penetration notes/videos to understand For the entire process of actual penetration, you can Google (penetration notes, penetration process, intrusion process, etc.);
2. Familiar with penetration related tools (3 weeks)
Familiar with the use of AWVS, sqlmap, Burp, nessus, chopper, nmap, Appscan and other related tools.
To understand the purpose and usage scenarios of this type of tool, first use the software name Google/SecWiki;
download the backdoor-free version of these software and install it;
learn and use it. Specific teaching materials can be searched on SecWiki, such as: Brup's tutorial, sqlmap;
wait for These commonly used software have learned how to install Sonic Startup to make a penetration toolbox;
3. Penetration practical operation (5 weeks)
Master the entire phase of penetration and be able to penetrate small sites independently.
Find penetration videos online and think about the ideas and principles, keywords (penetration, SQL injection videos, file upload intrusion, database backup, dedecms vulnerability exploitation, etc.); find your own site/build a test environment for testing, remember to hide
it Be yourself;
think about the main stages of penetration, and what work needs to be done at each stage, such as this: PTES penetration testing execution standards;
study the types of SQL injection, injection principles, and manual injection techniques;
study the principles of file upload, how Carry out truncation, double suffix spoofing (IIS, PHP), parsing vulnerability exploitation (IIS, Nignix, Apache), etc., refer to: Upload attack framework; study the principles and types of
XSS formation, specific learning methods can be found in Google/SecWiki, you can refer to: XSS ;
To study the methods and specific uses of Windows/Linux privilege escalation, you can refer to: Privilege Elevation; You can refer to: Open Source Penetration Testing Vulnerable Systems;
4. Pay attention to the dynamics of the safety circle (1 week)
Pay attention to the latest vulnerabilities, security incidents and technical articles in the security circle.
Browse daily security technology articles/events through SecWiki;
follow the practitioners in the security circle through Weibo/Twitter (if you encounter the attention of experts or friends who follow decisively), take time to read it every day; subscribe to
domestic and foreign security technologies through feedly/Xianguo Blog (don’t limit it to domestic, pay more attention to accumulation in daily life), if you don’t have a feed, you can check out the aggregation column of SecWiki; develop a
habit and actively submit links to security technology articles to SecWiki for accumulation every day; pay
more attention to the latest vulnerability list, and recommend a few One: exploit-db, CVE Chinese library, Wooyun, etc. If you encounter public vulnerabilities, practice them.
If you are interested in topics or videos of domestic and international security conferences, SecWiki-Conference is recommended.
5. Familiar with Windows/Kali Linux (3 weeks)
Learn basic Windows/Kali Linux commands and common tools;
be familiar with common cmd commands under Windows, such as: ipconfig, nslookup, tracert, net, tasklist, taskkill, etc.; be familiar with
common commands under Linux, such as: ifconfig, ls, cp, mv, vi, wget, service, sudo, etc.;
If you are familiar with common tools under the Kali Linux system, you can refer to SecWiki, "Web Penetration Testing with Kali Linux", "Hacking with Kali", etc.; If you are familiar with
metasploit tools, you can refer to SecWiki, "Metasploit" Penetration Testing Guide.
6. Server security configuration (3 weeks)
Learn server environment configuration and be able to discover security issues in the configuration through thinking.
For IIS configuration in Windows 2003/2008 environment, pay special attention to configuring security and running permissions. You can refer to: SecWiki-Configuration; For
LAMP security configuration in Linux environment, mainly consider running permissions, cross-directory, folder permissions, etc., you can refer to: SecWiki -Configuration;
remote system reinforcement, restricting user name and password login, and restricting ports through iptables;
configuring software Waf to enhance system security, configuring mod_security and other systems on the server, see SecWiki-ModSecurity;
performing security inspection on the configuration environment through Nessus software, and discovering unknown security threaten.
7. Script programming learning (4 weeks)
Choose one of the scripting languages Perl/Python/PHP/Go/Java and learn to program common libraries.
Set up a development environment and choose an IDE. Wamp and XAMPP are recommended for PHP environments. Sublime is highly recommended for IDEs. Some Sublime tips: SecWiki-Sublime;
Python programming learning. The learning content includes: grammar, regularity, files, networks, multi-threading and other common libraries. Recommend "Python Core Programming", don't read it all;
use Python to write exploits for vulnerabilities, and then write a simple web crawler, see SecWiki-crawler, video;
learn basic PHP syntax and write a simple blog system, see "PHP and MySQL Programming (4th Edition)", video;
be familiar with the MVC architecture, and try to learn a PHP framework or Python framework (optional);
to understand the layout or CSS of Bootstrap, you can refer to: SecWiki-Bootstrap;
8. Source code audit and vulnerability analysis (3 weeks)
Able to independently analyze script source code programs and discover security issues.
Be familiar with the dynamic and static methods of source code auditing, and know how to analyze programs, see SecWiki-Audit;
find vulnerabilities in open source programs from Wooyun to analyze and try to analyze them yourself;
understand the causes of web vulnerabilities, and then search them by keywords For analysis, see SecWiki-Code Audit, Advanced PHP Application Vulnerability Audit Technology;
study the formation principles of Web vulnerabilities and how to avoid such vulnerabilities from the source code level, and compile them into a checklist.
9. Security system design and development (5 weeks)
Be able to establish your own security system and put forward some security suggestions or system architecture.
Develop some practical security gadgets and open source them to reflect your personal strength;
establish your own security system and have your own understanding and insights into company security;
propose or join the architecture or development of large-scale security systems;
watch your own development~
at last
After sorting out your knowledge framework and knowing how to study, the next step is to fill the framework with content.
At this time, we have many choices, such as CSDN, Zhihu, and Bilibili. Many people are sharing their own learning materials, but I think a big problem here is incoherence and imperfection. Some of the tutorials shared for free are all piecemeal, with prefaces that do not match the subtitles, and you will get confused while learning. This is my personal experience after self-study.
If you really want to learn by yourself, I can share with you these tutorials that I have compiled and collected. They include not only web security , but also penetration testing and other content, including e-books, interview questions, pdf documents, videos and related courseware. Notes , I have already learned them all, please like, collect and leave a message in the comment area " Already followed "! You can share it with everyone for free! Friends who can't wait can also kick me directly from the platform! Or follow me and the background will automatically send it to everyone! After following, please pay attention to the background news!
My advice to my friends is to think clearly. There is no shortcut to self-study network security. In comparison, systematic network security is the most cost-effective way, because it can help you save a lot of time and energy costs. Hold on, now that you've been on this road, even though the future may seem difficult, as long as you grit your teeth and persevere, you will eventually get the results you want.
Network security learning materials and tutorials, follow to be automatically sent
2. Hacking tools & SRC technical documents & PDF books & web security, etc. (can be shared)
Recommended book list
Computer operating system:
【1】Coding: the language hidden behind computer software and hardware
【2】In-depth understanding of the operating system
【3】In-depth understanding of Windows operating system
【4】Linux kernel and implementation
Programming development category:
【1】 windows programming
【2】windwos core becomes
【3】Linux Programming
【4】Advanced transformation of unix environment
【5】IOS becomes
【6】The first line of code Android
【7】C programming language design
【8】C primer plus
【9】C and pointers
【10】C Expert Programming
【11】C Traps and Defects
【12】Assembly language (Wang Shuang)
【13】java core technology
【14】java programming ideas
【15】Python core programming
【16】Linuxshell script strategy
【17】Introduction to Algorithms
【18】Compilation principle
【19】Practical combat of compilation and decompilation technology
【20】How to clean your code
【21】Code encyclopedia
【22】Detailed explanation of TCP/IP
【23】Rootkit: Lurkers in the gray area of the system
【24】Hacker attack and defense technology guide
【25】Encryption and decryption
【26】C++ disassembly and reverse analysis technology revealed
【27】Web security testing
【28】White hat talks about web security
【29】Proficient in script hacking
【30】Web front-end hacking technology revealed
【31】Applications for programmers
【32】English Writing Handbook: Elements of Style
Special statement:
This tutorial is purely technical sharing! This tutorial is in no way intended to provide technical support to those with ill intentions! We also do not assume any joint liability arising from the misuse of technology! The purpose of this tutorial is to maximize everyone's attention to network security and take corresponding security measures, thereby reducing the economic losses caused by network security.