Before learning any technology or knowledge, it is necessary to cultivate good learning habits, invest time and energy in research, develop interest and learning ability, and be able to solve problems through search engines. For learning network security, it is important to master learning methods because its knowledge is extensive and complex.
I previously saw a diagram called the "Three Steps to Efficient Work." Can we extend this to "Three Steps to Efficient Learning"? It can also be used to learn knowledge.
Through the diagram above, if applied to learning knowledge, it can also be divided into three parts: first, think; then, layout; and finally, review (summarize).
- First, think
- What
- What to do? What are the goals? What are the criteria?
- Why
- Why do it? What is the purpose and significance?
- How
- How to do it? What is the plan? How many resources are needed?
- What
Applying this to the field of learning network security, the following scenarios can be considered:
-
What?
- What is SQL injection vulnerability?
-
Why?
- Why does SQL injection vulnerability occur?
-
How?
- How to test for SQL injection vulnerability? How to fix SQL injection vulnerability?
By thinking before learning, understanding the basic principles can help us understand not only the facts but also the reasons behind them. For students starting to learn network security, there are many concepts and terms that may not be clear. Before starting to learn, it is important to understand the basic concepts and terms.
For example, the following is a red team intrusion path diagram from Chaitin, which contains various professional terms. It is recommended to create a personal glossary!
Similar to the example below:
After thinking, the next step is to start laying out the learning process.
-
Find methods
- Set up an environment? Practical experience?
-
Gather resources
- Learn through videos? Attend training courses? Study documents?
-
Review
- Summarize the knowledge learned
The above content roughly outlines the learning methods. The specific learning methods can be explored gradually, as everyone has different learning and living habits.
- For learning web basics, you can start with documents, such as the book "Web Security Learning Notes" (https://websec.readthedocs.io/zh/latest/), which provides a good understanding of fundamental knowledge.
- To learn about vulnerability processes and principles, you can think first about the process.
- What?
- Learn about vulnerability processes. What is the goal?
- Understand the process of vulnerability discovery.
- What are the criteria? OWASP Top 10.
- Learn about vulnerability processes. What is the goal?
- Why?
- Why learn?
- It is a fundamental course. A solid foundation is necessary for advancement.
- Goal: Be able to clearly explain vulnerability processes and principles.
- Why learn?
- How?
- How to learn?
- 1. Read books. 2. Watch videos
- How to learn?
Other recommended books
CTF books
Knowledge about operating systems:
- Linux
- Windows
- Read network security-related resources.
After understanding the basics, how to continue learning?
- Follow network security-related content on WeChat public accounts.
- Subscribe to RSS feeds for network security-related content.
- Read articles from others to build a network security knowledge system.
- Learn from GitHub.
During this process, remember to take notes and, if possible, set up a blog to share the learning process. Sharing is also a way of learning.
- Practical projects
After understanding the concepts, participate in network security projects to gain practical experience and improve technical skills.
- Vulnerability playground
渗透测试、红蓝攻防、代码审计基础环境搭建
-
CTF playgrounds
- CTFShow
- BUUCTF
- CTFHub
- Chaitin Cloud Mirror
- TryHackMe
- HackTheBox
- All labs | Web Security Academy
-
SRC vulnerability discovery
Recommended educational SRC:
- Join network security communities to learn from and communicate with other professionals in the field, gaining more knowledge and experience.
- T00ls
- Others
- Certification
Consider obtaining certifications to enhance skills.
- Information Security Engineer
- OSCP
- BSCP