前言:
想自学网络安全(黑客技术)首先你得了解什么是网络安全!什么是黑客
网络安全可以基于攻击和防御视角来分类,我们经常听到的 “红队”、“渗透测试” 等就是研究攻击技术,而“蓝队”、“安全运营”、“安全运维”则研究防御技术。
无论网络、Web、移动、桌面、云等哪个领域,
都有攻与防两面性,例如 Web 安全技术,既有 Web 渗透,
也有 Web 防御技术(WAF)。作为一个合格的网络安全工程师,
应该做到攻守兼备,毕竟知己知彼,才能百战百胜。
一、自学网络安全学习的误区和陷阱
1.不要试图先成为一名程序员(以编程为基础的学习)再开始学习
行为:从编程开始掌握,前端后端、通信协议、什么都学。缺点:花费时间太长、实际向安全过渡后可用到的关键知识并不多。
很多安全函数知识甚至名词都不了解 unserialize outfile
2.不要把深度学习作为入门第一课
很多人都是冲着要把网络安全学好学扎实来的,于是就很容易用力过猛,陷入一个误区:就是把所有的内容都要进行深度学习,但是把深度学习作为网络安全第一课不是个好主意。原因如下:【1】深度学习的黑箱性更加明显,很容易学的囫囵吞枣
【2】深度学习对自身要求高,不适合自学,很容易走进死胡同
3.以黑客技能、兴趣为方向的自学误区:
行为:疯狂搜索安全教程、加入各种小圈子,逢资源就下,逢视频就看,只要是黑客相关的。缺点: 就算在考虑资源质量后的情况下,能学习到的知识点也非常分散,重复性极强。
代码看不懂、讲解听不明白,一知半解的情况时而发生。
在花费大量时间明白后,才发现这个视频讲的内容其实和自己看的其他知识点是一样的。
4.不要收集过多的资料
There are a lot of learning materials about network security on the Internet, and there are several gigabytes of materials that can be downloaded or viewed. And many friends have a "collecting habit", buying more than a dozen books at once, or collecting dozens of videos.
Many online learning materials are extremely repetitive and most of the content has not been updated a few years ago. During the introductory period, it is recommended to choose "small but refined" materials. Below I will recommend some learning resources that I think are good for beginners. Please read them patiently.
If you want to communicate together, you can click on the card below to
share the network security gift package: "Hacking & Network Security Introduction & Advanced Learning Resource Package" for free http://mp.weixin.qq.com/s?__biz=Mzg4MzkyNTA4Ng==&mid=2247483726&idx =1&sn=a0ba36a3ed6d4efc627d443eafcd5679&chksm=cf41487ff836c169c89dfbda7d3c70328b2d1f36724ea0f359f2b7336eeb789956509423864c#rd%E2%80%8B
From my learning experience, I think there are two factors that determine the success of self-study.
The first point is its own problem. Although there are many people who want to change careers to learn network security, there are only a small number of people who strongly want to change careers and learn well. Most people just try to learn network security, which is completely impossible. Therefore, the most critical point in whether you can learn cyber security and get a job is whether your desire is strong. I am a very strong type, because I can't stand the current working atmosphere, and I am envious of my friends who can get a monthly salary of 20,000 yuan in Beijing. These factors prompted me to study very hard. In addition, I can start watching videos and learn by myself from the time I get off work until 12 o'clock in the evening, so I can reach the level of employment within 6 months.The second point is that there is a big boss to guide you. If you have to explore the whole process by yourself, it will be very difficult. For a person who is not a professional, you will have "no idea where to start" from the beginning. Not to mention that it is difficult to solve the countless problems encountered in the learning process, because we will encounter countless problems in the learning process. Sometimes a small problem can bother us for several hours and cause our learning to fail. The efficiency is very low. If this happens too often, your confidence will be hit, you will feel that you are not suitable for learning network security, and you will eventually give up. And when a big boss gives you the answer, you will get the answer quickly, and you can understand why you are doing this and where the problem is, and your learning efficiency will be very high.
So the summary is to learn consciously and proactively on your own, plus a boss to guide you throughout the process. In fact, learning is such a simple thing. It is nothing more than these two key elements. Without one of them, it will be difficult to succeed.
Issues you must pay attention to when self-studying network security:
(1) Lay a good foundation
Beginners must pay attention to laying a good foundation. The reason why I was able to get a salary of 12K after only studying for 6 months is because I have a solid foundation. In fact, it is difficult for a beginner to develop a good foundation at the beginning. This is because I have a senior person to guide me throughout the learning process.
(2) Communication
Remember not to think that you can successfully self-study and reach a certain level without the guidance of many professionals. Therefore, it is especially important to get to know more big people. The circle can really determine what level we can achieve. If you can't find a suitable circle, I strongly recommend that you join the following network security technology discussion group. Getting to know more big guys will be beneficial to your career.
(3) Efficient learning
Go as fast as you can. If you have decided to change your career to learn Internet security, don’t procrastinate and put most of your energy into it. If you are the kind of person who spends three days fishing and two days drying the net, I advise you to do it as soon as possible. Don't waste time giving up. Wouldn't it be nice to take this time to exercise?
(4) Learning mentality
You must come to study with a determination to change careers. The strength of your own will determines whether you can successfully change careers.
Learning suggestions for beginners who are self-taught on network security:
1. Understand today's market, what major technologies you need to master to get a job quickly, and what talents current companies need. This is the direction and goal of your study.2. Systematic learning plan: There is an overall learning outline. You must know what you will learn every day, what exercises you will do to consolidate your knowledge, and what practical projects you should complete after completing a stage of study. Learn step by step. Do not learn blindly.
3. Guidance from a big boss: As a beginner, you must remember to find a big boss to guide you. It doesn’t matter even if you spend some money, as long as you can learn the technology well. Exploring on your own is basically a detour. Why do many people give up after learning for a month or two? It's because they don't know where the road is and they are confused, so they naturally give up easily. But if you have a big boss to guide you, he will make a detailed study plan for you, arrange everything for you, and answer your questions during the entire learning process. You will have clear ideas, simple and efficient learning.
If you need the following information, you can click on the plug-in below to obtain it.
Main learning content of network security:
1. Basic stage
Cybersecurity Law of the People's Republic of China (including 18 knowledge points)
Linux operating system (including 16 knowledge points)
Computer network (including 12 knowledge points)
SHELL (including 14 knowledge points)
HTML/CSS (including 44 knowledge points)
JavaScript (including 41 knowledge points)
Introduction to PHP (including 12 knowledge points)
MySQL database (including 30 knowledge points)
Python (including 18 knowledge points)
The first step to get started is to systematically learn basic computer knowledge, that is, learn the following basic knowledge modules: operating system, protocol/network, database, development language, and common vulnerability principles.
After learning the previous basic knowledge, it is time to practice.
Because of the popularity of the Internet and informatization, website systems have a lot of external business, and the level of programmers and the configuration of operation and maintenance personnel vary, so there is a lot of content that needs to be mastered.
2. Penetration stage
SQL injection penetration and defense (including 36 knowledge points)
XSS related penetration and defense (including 12 knowledge points)
Upload verification penetration and defense (including 16 knowledge points)
File penetration and defense (including 12 knowledge points)
CSRF Penetration and Defense (including 7 knowledge points)
SSRF Penetration and Defense (including 6 knowledge points)
XXE Penetration and Defense (including 5 knowledge points)
Remote Code Execution Penetration and Defense (including 7 knowledge points)
Master the principles, uses, and defenses of common vulnerabilities. In the Web penetration stage, you still need to master some necessary tools.
The main tools and platforms to master: burp, AWVS, Appscan, Nessus, sqlmap, nmap, shodan, fofa, proxy tools ssrs, hydra, medusa, airspoof, etc. The above tools can be practiced using the open source shooting range above, which is enough Already;
3. Safety management (improvement)
Penetration report writing (including 21 knowledge points)
Level Protection 2.0 (including 50 knowledge points)
Emergency response (including 5 knowledge points)
Code audit (including 8 knowledge points)
Risk assessment (including 11 knowledge points)
Security inspection (Contains 12 knowledge points)
Data Security (Contains 25 knowledge points)
Mainly includes penetration report preparation, network security level protection grading, emergency response, code audit, risk assessment, security inspection, data security, compilation of laws and regulations, etc.
This stage is mainly for those who are already engaged in network security related work and need to be promoted to management positions.
If you are only studying to take up engineering positions, you may or may not study at this stage.
4. Upgrade stage (upgrade)
Cryptography (including 34 knowledge points)
Introduction to JavaSE (including 92 knowledge points)
C Language (including 140 knowledge points)
C++ Language (including 181 knowledge points)
Windows Reverse (including 46 knowledge points)
CTF Capture the Flag Competition ( Contains 36 knowledge points)
Android reverse engineering (contains 40 knowledge points)
Mainly including cryptography, JavaSE, C language, C++, Windows reverse engineering, CTF capture the flag competition, Android reverse engineering, etc.
Mainly aimed at those who are already engaged in network security related work and need to improve their knowledge of advanced security architecture.
If you really want to get started with web security through self-study, I suggest you take a look at the following learning roadmap, which details how long to learn each knowledge point and how to learn it. The total self-study time is about half a year, and it is effective in personal testing (there is a surprise at the end of the article) ):
Network security learning materials and tutorials, follow to be automatically sent
If you really want to learn by yourself, I can share with you these tutorials that I have compiled and collected. They include not only web security, but also penetration testing and other content, including e-books, interview questions, pdf documents, videos and related courseware. Notes, I have already learned them all, please like, collect and leave a message in the comment area "Already followed "! You can share it with everyone for free! Friends who can't wait can also kick me directly from the platform! Or follow me and the background will automatically send it to everyone! After following, please pay attention to the background news !
Hacking tools & SRC technical documents & PDF books & web security, etc. (can be shared)
Recommended book list:
Computer operating system:
【1】Coding: the language hidden behind computer software and hardware
【2】In-depth understanding of the operating system
【3】In-depth understanding of Windows operating system
【4】Linux kernel and implementation
Programming development category:
【1】 windows programming
【2】windwos core becomes
【3】Linux Programming
【4】Advanced transformation of unix environment
【5】IOS becomes
【6】The first line of code Android
【7】C programming language design
【8】C primer plus
【9】C and pointers
【10】C Expert Programming
【11】C Traps and Defects
【12】Assembly language (Wang Shuang)
【13】java core technology
【14】java programming ideas
【15】Python core programming
【16】Linuxshell script strategy
【17】Introduction to Algorithms
【18】Compilation principle
【19】Practical combat of compilation and decompilation technology
【20】How to clean your code
【21】Code encyclopedia
【22】Detailed explanation of TCP/IP
【23】Rootkit: Lurkers in the gray area of the system
【24】Hacker attack and defense technology guide
【25】Encryption and decryption
【26】C++ disassembly and reverse analysis technology revealed
【27】Web security testing
【28】White hat talks about web security
【29】Proficient in script hacking
【30】Web front-end hacking technology revealed
【31】Applications for programmers
【32】English Writing Handbook: Elements of Style
Special statement:
This tutorial is purely technical sharing! This tutorial is in no way intended to provide technical support to those with ill intentions! We also do not assume any joint liability arising from the misuse of technology! The purpose of this tutorial is to maximize everyone's attention to network security and take corresponding security measures, thereby reducing the economic losses caused by network security.