If you are self-study, the direction of study is very important!
I have browsed through all the answers on Zhihu about self-study network security and zero-based entry network security. The biggest feeling is that it is "too complicated". After reading this, novices will only become more confused and still don't know how to do it, so I stopped here When writing answers from a novice's perspective, the answers should be simple and easy to understand, and tell them step by step what to do in a "fool-like" way.
The most direct way is to give them a very complete set of systematic video courses and tell them directly that you only need to learn and understand the content of this set of tutorials section by section and complete all the assignments and cases in the video tutorials. , complete all the items in the video tutorial, and you can find a job in a network security position. This is the simplest and clearest way.
1. Security basics (Linux+MySQL+Python)
The network security industry still has certain requirements for programming development. To give a simple example, if you want to penetrate a website, you must first know how to develop a website. You don’t even know the most basic SQL statements. Write, so why talk about doing sql injection?
Therefore, if you don’t have a certain understanding of various network communication protocols, cryptography, front-end and back-end, databases, servers, shell scripts, etc., how can you become an excellent hacker?
If you want to control a person, you must first understand him, then you can know his weaknesses, and finally you can use your methods.
But no matter which process, it takes a long time and energy to study and study.
The above part is the essential foundation for learning network security. This part of the content is not very difficult, nor does it have any logical difficulty. As long as you practice more and read more, this part of the content will become perfect with practice.
2. Introduction to security (hacking tools + vulnerability mining)
With the previous computer network and programming foundation, you can officially get started with network security at this stage.
Several typical attack methods in the field of network security: SQL injection, XSS, CSRF, SSRF, file upload vulnerabilities, etc. Each of them needs to be studied in detail, while learning the theory and practicing it.
By the way, here’s a friendly reminder:
Be careful not to use websites on the Internet to attack your studies!
Be careful not to use websites on the Internet to attack your studies!
Be careful not to use websites on the Internet to attack your studies!
This is illegal behavior. Say important things three times .
In the process of learning, you can build some websites containing vulnerabilities in the virtual machine, and practice with the websites you built. I will explain the specific actual shooting range to you later.
In addition to these attack methods, at this time we also need to have some simple understanding of commonly used penetration tools. This is also a section that most students are very interested in, because if you learn how to use these tools, you can be promoted to a script kiddie.
Including the use of AWVS, sqlmap, Burp, nessus, chopper, nmap, Appscan and other related tools.
Understand the purpose and usage scenarios of this type of tool, first use the software name Google/Baidu, and then download the backdoor-free version of these software to install;
Set a goal: Find a job in a $15K network security position
If you just want to be a script kiddie or learn to play casually, look no further. The following content is written for those who want to work in network security. It will take at least 3 months of study to complete.
I said at the top that for novices, the most friendly way is to give them the most complete set of video tutorials to learn from scratch, and then tell them: you only need to learn all the contents of this tutorial and learn all the If your assignments, cases, and projects are all written in code, you can find a job in network security. This is the simplest and crudest way for novices. If we write too professionally, they will only become more confused as they read. For novices, the simpler, the better. Fool-style learning is the most effective.
3. Security advancement (intranet penetration + DDos attack and defense + social engineering)
We have learned some web security attack methods before, but these alone are not enough. When we have traffic to attack the target, how to find the attack point and obtain the target information is crucial.
This information includes: what operating system the target is running, which ports are open, which services are running, what type of back-end service is, what version information is, etc., and what vulnerabilities can be exploited. Only by obtaining this information can we target Sexually formulated attack methods.
In addition, the external network environment and the internal network environment are different. Don't penetrate from the outside. You will be dumbfounded after entering inside. Therefore, the skills of collecting internal information are also a top priority, such as penetration testing architecture and windows passwords. Voucher collection and more.
In the true sense of network penetration, I think it should not only use some ready-made tools to dig out some ancient loopholes, but also have strong self-study, analysis, and problem-solving abilities, and then use eighteen martial arts to break through a certain network. site. There are many scripts and tools written by oneself, and new attack injection methods are discovered by oneself.
4. Core capabilities (security management + reverse anti-virus + code audit)
In the later stages of security attack and defense, if you want to become a security expert, you must not just stick to your own areas of expertise. You need to learn more about other areas of network security and expand your knowledge.
For example, level protection, emergency response, risk assessment, reverse anti-virus, code audit, binary vulnerability attack, Trojan horse technology, kernel security, mobile security, side channel attacks, etc. Of course, when learning, you don’t need to be as in-depth as students in professional fields. , but you need to dabble in it, enrich your knowledge, and build a comprehensive network security knowledge and skills stack.
5. Summary
There is a lot of content to learn about network security. I once wrote an article about network security technical knowledge points. People who commented below said that there was too much content and it was impossible to finish it. Later, I learned a lesson: it must be simple and crude for novices, and not too complicated. The more complicated it is, the more confused the novices will be. Therefore, the content I wrote this time is concise, and it is enough to learn these contents for the initial entry into the industry.
Finally
In order to help everyone learn network security better, the editor has prepared an introductory/advanced learning material for network security for everyone. The content in it is all notes and materials suitable for beginners with zero basic knowledge. It can be understood even if you don’t know programming. Understand, all the information is 282G in total. If friends need a complete set of network security introduction + advanced learning resource package, you can click to receive it for free (if you encounter problems with scanning the QR code, you can leave a message in the comment area to receive it)~
CSDN gift package: "Network Security Introduction & Advanced Learning Resource Package" free sharing
Network security source code collection + tool kit
Network
security interview questions
Finally, there is the network security interview questions section that everyone is most concerned about.
All the information is 282G in total. If friends need a full set of network security introductory + advanced learning resource packages, you can click to get it for free ( If you encounter problems with scanning the code, you can leave a message in the comment area to get it)~
Video supporting materials & domestic and foreign network security books and documents
