There is a lot of knowledge about network security. How to arrange it scientifically and reasonably?
1. Basic stage
- Cybersecurity Law of the People's Republic of China (includes 18 knowledge points)
- Linux operating system (including 16 knowledge points)
- Computer Network (includes 12 knowledge points)
- SHELL (contains 14 knowledge points)
- HTML/CSS (including 44 knowledge points)
- JavaScript (including 41 knowledge points)
- Introduction to PHP (including 12 knowledge points)
- MySQL database (including 30 knowledge points)
- Python (including 18 knowledge points)
The first step to get started is to systematically learn basic computer knowledge, that is, learn the following basic knowledge modules:Operating system, protocol/network, database, development language , Common vulnerability principles.
After learning the previous basic knowledge, it is time to practice.
Because of the popularity of the Internet and informatization, website systems have a lot of external business, and the level of programmers and the configuration of operation and maintenance personnel vary, so there is more content that needs to be mastered.
2. Penetration stage
- SQL injection penetration and defense (including 36 knowledge points)
- XSS related penetration and defense (including 12 knowledge points)
- Upload verification penetration and defense (including 16 knowledge points)
- The document contains penetration and defense (including 12 knowledge points)
- CSRF penetration and defense (including 7 knowledge points)
- SSRF penetration and defense (including 6 knowledge points)
- XXE penetration and defense (including 5 knowledge points)
- Remote code execution penetration and defense (including 7 knowledge points)
Master the principles, uses, defenses and other knowledge of common vulnerabilities. In the Web penetration stage, you still need to master some necessary tools.
Main tools and platforms to master:burp, AWVS, Appscan, Nessus, sqlmap, nmap, shodan, fofa, proxy tools ssrs, hydra, medusa, airspoof etc. You can use the above open source shooting range to practice the above tools, which is enough;
3. Safety management (improvement)
- Penetration report writing (including 21 knowledge points)
- Level Protection 2.0 (includes 50 knowledge points)
- Emergency response (including 5 knowledge points)
- Code audit (including 8 knowledge points)
- Risk assessment (including 11 knowledge points)
- Safety inspection (including 12 knowledge points)
- Data security (including 25 knowledge points)
Mainly includespenetration report preparation, network security level protection classification, emergency response, code audit, risk assessment, security inspection, data security, and compilation of laws and regulationsetc.
- This stage is mainly for those who are already engaged in network security related work and need to be promoted to management positions.
- If you are only studying to take up engineering positions, you may or may not study at this stage.
4. Upgrade stage (upgrade)
- Cryptozoology (including 34 knowledge points)
- Introduction to JavaSE (including 92 knowledge points)
- C language (including 140 knowledge points)
- C++ language (including 181 knowledge points)
- Windows reverse engineering (including 46 knowledge points)
- CTF Capture the Flag Competition (including 36 knowledge points)
- Android reverse engineering (including 40 knowledge points)
Mainly includingcryptography, JavaSE, C language, C++, Windows reverse engineering, CTF capture the flag competition, Android reverse engineering, etc.
Mainly aimed at those who are already engaged in network security related work and need to improve their knowledge of advanced security architecture.
If you really want to get started with web security through self-study, I suggest you take a look at the following learning roadmap, which details how long to learn each knowledge point and how to learn it. The total self-study time is about half a year, and it is effective in personal testing (there is a surprise at the end of the article) ):
After sorting out your knowledge framework and knowing how to learn, the next step is to fill the framework with content.
We have many choices at this time, such as CSDN, Zhihu, and Bilibili. There are many people sharing their learning materials, but I think there is a big one here. The problem is that they are incoherent and incomplete. Most of the tutorials shared for free are just one piece here and there, with no preface and follow-up. You will get confused as you learn. This is my personal experience after self-study.
If you really want to learn on your own, I can share with you these tutorials that I have compiled and collected. They not only includeweb security, There are also penetration tests and other content, including e-books, interview questions, pdf documents, videos and related courseware Notes, I have already learned them all, like and collect in the comment area and leave a message "Already followed"! You can share it with everyone for free! Friends who can't wait can also kick me directly from the platform! Orfollow me and the background will automatically send it to everyone! After following, please pay attention to the background news!
My advice to my friends is to think clearly, There is no shortcut to self-learning network security. In comparison, system network security is the most economical Cost-effective way, because it can help you save a lot of time and energy costs. Hold on, now that you've been on this road, even though the future may seem difficult, as long as you grit your teeth and persevere, you will eventually get the results you want.
Network security learning materials and tutorials, follow to be automatically sent
Hacking tools & SRC technical documents & PDF books & web security, etc. (can be shared)
Recommended book list:
Computer operating system:
【1】Coding: the language hidden behind computer software and hardware
【2】In-depth understanding of the operating system
【3】In-depth understanding of Windows operating system
【4】Linux kernel and implementation
Programming development category:
【1】 windows programming
【2】windwos core becomes
【3】Linux Programming
【4】Advanced transformation of unix environment
【5】IOS becomes
【6】The first line of code Android
【7】C programming language design
【8】C primer plus
【9】C and pointers
【10】C Expert Programming
【11】C Traps and Defects
【12】Assembly language (Wang Shuang)
【13】java core technology
【14】java programming ideas
【15】Python core programming
【16】Linuxshell script strategy
【17】Introduction to Algorithms
【18】Compilation principle
【19】Practical combat of compilation and decompilation technology
【20】How to clean your code
【21】Code encyclopedia
【22】Detailed explanation of TCP/IP
【23】Rootkit: Lurkers in the gray area of the system
【24】Hacker attack and defense technology guide
【25】Encryption and decryption
【26】C++ disassembly and reverse analysis technology revealed
【27】Web security testing
【28】White hat talks about web security
【29】Proficient in script hacking
【30】Web front-end hacking technology revealed
【31】Applications for programmers
【32】English Writing Handbook: Elements of Style
Special statement:
This tutorial is purely technical sharing! This tutorial is in no way intended to provide technical support to those with ill intentions! We also do not assume any joint liability arising from the misuse of technology! The purpose of this tutorial is to maximize everyone's attention to network security and take corresponding security measures, thereby reducing the economic losses caused by network security.