Preface
I studied Java in college, which was a back-end development position. The school taught front-end for a year, but Java was not taught much. The behavior of talking about learning this and teaching that made me disgusted. Many students were extremely disappointed with the college and felt that they could not see the future.
However, many students began to study on their own, unlike me who spent two years in my freshman and sophomore years. It wasn’t until the second half of my junior year that I suddenly realized that I was about to face an internship as a senior, but I didn’t have a good resume. In addition, in recent years The front-end and back-end environment is not good. Even if I try hard to start learning now, judging from the current market situation, the situation is still very serious. So I decisively chose to change careers and found a teacher to learn about network security.
I was quite confused at the time, so I explained the situation to my family, who encouraged me and supported me. After all, every programmer has a hacker dream in their heart, so I started to study network security by myself, which took me nearly half a year. I had too many problems during the process. I didn’t know how to solve problems when I was studying. The learning atmosphere was poor and it was difficult to persist in studying. The free materials were old and outdated and not systematic and coherent. Therefore, in order to improve, I also made up my mind and spent more than 8,000 oceans. Enrolled in a practical cyber security class.
My current internship salary is 7,000 per month. Although it is not very high, compared with the salary of 3,500 for self-study Java internship students, I am very satisfied.
1. Misunderstandings and traps in self-study network security learning
1. Don’t try to become a programmer first (programming-based learning) and then start learning
In my previous answers, I have repeatedly emphasized that you should not start learning network security based on programming. Generally speaking, learning programming not only has a long learning cycle, but also does not have much key knowledge that can be used after the actual transition to security.
If the average person want to learn programming well before starting to learn network security, it often takes a long time, and it is easy to give up halfway. Moreover, learning programming is just a tool and not the purpose. Our goal is not to become programmers. It is recommended that in the process of learning network security, you should make up for what you don’t know, so that it can be more purposeful and less time-consuming.
2. Don’t take deep learning as the first lesson
Many people are eager to learn network security well and solidly, so it is easy to push too hard and fall into a misunderstanding: deep learning is required for all content, but taking deep learning as the first lesson of network security is not What a great idea. Here’s why:
- [1] The black box nature of deep learning is more obvious, and it is easy to learn in one go.
- 【2】Deep learning has high requirements on oneself, is not suitable for self-study, and can easily lead to a dead end.
3. Don’t collect too much information
There are a lot of learning materials about network security on the Internet, and there are several gigabytes of materials that can be downloaded or viewed. And many friends have a "collecting habit", buying more than a dozen books at once, or collecting dozens of videos.
Many online learning materials are extremely repetitive and most of the content has not been updated a few years ago. During the introductory period, it is recommended to choose "small but refined" materials. Below I will recommend some learning resources that I think are good for beginners. Please read them patiently.
2. Some preliminary preparations for learning network security
1.Hardware selection
I am often asked, "Does learning network security require a computer with high configuration?" The answer is no. Computers used by hackers do not need high configuration, as long as they are stable. Because some programs used by hackers require low-end CPUs. It can run very well and does not take up much memory. Another thing is that hacking is done under DOS commands, so the computer can be used at its best! So, don't buy a new machine in the name of learning...
2.Software selection
Many people are confused about whether to use Linux, Windows or Mac to learn hacking. Although Linux looks very cool, it is not friendly to newcomers. Windows systems can also use virtual machines to install target machines for learning.
As for the programming language, Python is the first choice because of its good expansion support. Of course, many websites on the market are developed with PHP, so it is okay to choose PHP. Other languages include C++, Java...
Many friends will ask whether it is necessary to learn all languages? the answer is negative! To quote my sentence above: Learning programming is just a tool, not a purpose. Our goal is not to become programmers.
(An additional thing to mention here is that although learning programming cannot get you started, it can determine how far you can go on the road to network security, so it is recommended that you learn some basic programming knowledge by yourself)
3.Language ability
We know that computers were first invented in the West. Many terms or codes are in English. Even some existing tutorials were originally translated from the original English version. It usually takes a week for a vulnerability to be discovered and translated into Chinese. At this time difference, the loopholes may have been patched. And if you don’t understand some professional terms, you will have obstacles when communicating with other hackers about technology or experience, so you need a certain amount of English and hacker terms (you don’t need to be particularly proficient, but you need to be able to understand the basics)
For example: Broiler, Trojan, shell, WebShell, etc.
3. Network security learning route
1. Basic stage
中华人民共和国网络安全法 (包含18个知识点)
Linux操作系统 (包含16个知识点)
计算机网络 (包含12个知识点)
SHELL (包含14个知识点)
HTML/CSS (包含44个知识点)
JavaScript (包含41个知识点)
MySQL数据库 (包含30个知识点)
Python (包含18个知识点)2. Penetration stage
SQL注入的渗透与防御(包含36个知识点)
XSS相关渗透与防御(包含12个知识点)
上传验证渗透与防御(包含16个知识点)
文件包含渗透与防御(包含12个知识点)
CSRF渗透与防御(包含7个知识点)
SSRF渗透与防御(包含6个知识点)
XXE渗透与防御(包含5个知识点)
远程代码执行渗透与防御(包含7个知识点)3. Safety management (improvement)
渗透报告编写(包含21个知识点)
等级保护2.0(包含50个知识点)
应急响应(包含5个知识点)
代码审计(包含8个知识点)
风险评估(包含11个知识点)
安全巡检(包含12个知识点)
数据安全(包含25个知识点)4. Upgrade stage (upgrade)
密码学(包含34个知识点)
JavaSE入门(包含92个知识点)
C语言(包含140个知识点)
C++语言(包含181个知识点)
Windows逆向(包含46个知识点)
CTF夺旗赛(包含36个知识点)
Android逆向(包含40个知识点)Note: The first three stages are the focus of learning
4. Recommended learning materials
The learning framework has been sorted out. Now we just need information resources. I have compiled the information resource documents corresponding to all knowledge points here. If you don’t want to look for them one by one, you can refer to these materials!
Praise the collection comment area Message " Following Seeking "! You can share it with everyone for free! Friends who can't wait can also kick me directly from the platform! Or follow me and the background will automatically send it to everyone! After following, please pay attention to the background news!
Video tutorial
Data collection
Special statement:
This tutorial is purely technical sharing! This tutorial is in no way intended to provide technical support to those with ill intentions! We also do not assume any joint liability arising from the misuse of technology! The purpose of this tutorial is to maximize everyone's attention to network security and take corresponding security measures, thereby reducing the economic losses caused by network security.