The scope of network security is very large. Compared with the high threshold and high requirements in binary security and other directions, the Web security system is relatively mature. At this stage, any enterprise with its own website and security needs needs Web security engineers, and The salary is very considerable, so it has become the main development direction for many friends.
If you are also interested in Web security and want to learn more about this aspect, you may wish to collect this Web security study note, with a total of 327 pages and 11 chapters. The article details computer network protocols, information collection, Common vulnerabilities, intranet penetration, imperial technology, etc., the full text is comprehensive and easy to understand, covering zero-based students from < a i=3>Beginner to AdvancedCore knowledge points that need to be mastered,Extremely practical, Interested Friends can take a look.
Table of contents
-
Prologue
-
Computer Networks and Protocols
-
collect message
-
Common vulnerability attacks and defenses
-
Languages and frameworks
-
Intranet penetration
-
defense technology
-
Authentication mechanism
-
Tools and Resources
-
Manual quick reference
-
other
Computer Networks and Protocols
-
Network basics
-
UDP protocol
-
TCP protocol
-
routing algorithm
-
domain name system
-
HTTP standard
-
HTTPS
-
SSL/TLS
-
IPsec
Common vulnerability attacks and defenses
-
SQL injection
-
XSS
-
CSRF
-
SSRF
-
command injection
-
directory traversal
-
file reading
-
File Upload
-
File contains
-
XXE
-
template injection
-
Xpath injection
-
Logical loopholes/business loopholes
-
Configure security
-
middleware
-
Web Cache spoofing attack
-
HTTP request smuggling
Languages and frameworks
-
PHP
-
Python
-
Java
-
JavaScript
-
Golang
-
Ruby
-
ASP
Intranet penetration
-
Information collection - windows
-
persistence - windows
-
domain penetration
-
Information Collection - Linux
-
Persistence - Linux
-
trace cleaning
-
Comprehensive skills
-
Reference link
defense technology
-
Team building
-
Safe development
-
Threat intelligence
-
TO
-
risk control
-
Reinforcement check
-
defensive framework
-
honeypot technology
-
Intrusion detection rules
-
Emergency Response
-
Shuoyuan analysis
Authentication mechanism
-
sso
-
OAuth
-
JHT
-
Kerberos
-
SAML
How to learn hacking & network security
As long as you like my article today, my private network security learning materials will be shared with you for free. Come and see what is available.
1. Learning roadmap
There are a lot of things to learn about attack and defense. I have written down the specific things you need to learn in the road map above. If you can complete them, you will have no problem getting a job or taking on a private job.
2. Video tutorial
Although there are many learning resources on the Internet, they are basically incomplete. This is an Internet security video tutorial I recorded myself. I have accompanying video explanations for every knowledge point in the roadmap above.
The content covers the study of network security laws, network security operations and other security assessments, penetration testing basics, detailed explanations of vulnerabilities, basic computer knowledge, etc. They are all must-know learning contents for getting started with network security.
(They are all packaged into one piece and cannot be expanded one by one. There are more than 300 episodes in total)
Due to limited space, only part of the information is displayed. You need to click on the link below to obtain it.
3. Technical documents and e-books
I also compiled the technical documents myself, including my experience and technical points in participating in large-scale network security operations, CTF, and digging SRC vulnerabilities. There are more than 200 e-books. Due to the sensitivity of the content, I will not display them one by one.
Due to limited space, only part of the information is displayed. You need to click on the link below to obtain it.
4. Toolkit, interview questions and source code
"If you want to do your job well, you must first sharpen your tools." I have summarized dozens of the most popular hacking tools for everyone. The scope of coverage mainly focuses on information collection, Android hacking tools, automation tools, phishing, etc. Interested students should not miss it.
There is also the case source code and corresponding toolkit mentioned in my video, which you can take away if needed.
Due to limited space, only part of the information is displayed. You need to click on the link below to obtain it.
Finally, here are the interview questions about network security that I have compiled over the past few years. If you are looking for a job in network security, they will definitely help you a lot.
These questions are often encountered when interviewing Sangfor, Qi Anxin, Tencent or other major companies. If you have good questions or good insights, please share them.
Reference analysis: Sangfor official website, Qi’anxin official website, Freebuf, csdn, etc.
Content features: Clear organization and graphical representation to make it easier to understand.
Summary of content: Including intranet, operating system, protocol, penetration testing, security service, vulnerability, injection, XSS, CSRF, SSRF, file upload, file download, file inclusion, XXE, logical vulnerability, tools, SQLmap, NMAP, BP, MSF…
Due to limited space, only part of the information is displayed. You need to click on the link below to obtain it.