banner
lca

lca

真正的不自由,是在自己的心中设下牢笼。

How beginners can learn network security

Before learning any technology or knowledge, it is necessary to cultivate good learning habits, invest time and energy in research, develop interest and learning ability, and be able to solve problems through search engines. For learning network security, it is important to master learning methods because its knowledge is extensive and complex.

I previously saw a diagram called the "Three Steps to Efficient Work." Can we extend this to "Three Steps to Efficient Learning"? It can also be used to learn knowledge.

Through the diagram above, if applied to learning knowledge, it can also be divided into three parts: first, think; then, layout; and finally, review (summarize).

  • First, think
    • What
      • What to do? What are the goals? What are the criteria?
    • Why
      • Why do it? What is the purpose and significance?
    • How
      • How to do it? What is the plan? How many resources are needed?

Applying this to the field of learning network security, the following scenarios can be considered:

  • What?

    • What is SQL injection vulnerability?
  • Why?

    • Why does SQL injection vulnerability occur?
  • How?

    • How to test for SQL injection vulnerability? How to fix SQL injection vulnerability?

By thinking before learning, understanding the basic principles can help us understand not only the facts but also the reasons behind them. For students starting to learn network security, there are many concepts and terms that may not be clear. Before starting to learn, it is important to understand the basic concepts and terms.

For example, the following is a red team intrusion path diagram from Chaitin, which contains various professional terms. It is recommended to create a personal glossary!

image

Similar to the example below:

image

After thinking, the next step is to start laying out the learning process.

  • Find methods

    • Set up an environment? Practical experience?
  • Gather resources

    • Learn through videos? Attend training courses? Study documents?
  • Review

    • Summarize the knowledge learned

The above content roughly outlines the learning methods. The specific learning methods can be explored gradually, as everyone has different learning and living habits.

  1. For learning web basics, you can start with documents, such as the book "Web Security Learning Notes" (https://websec.readthedocs.io/zh/latest/), which provides a good understanding of fundamental knowledge.

image

  1. To learn about vulnerability processes and principles, you can think first about the process.
  • What?
    • Learn about vulnerability processes. What is the goal?
      • Understand the process of vulnerability discovery.
      • What are the criteria? OWASP Top 10.
  • Why?
    • Why learn?
      • It is a fundamental course. A solid foundation is necessary for advancement.
      • Goal: Be able to clearly explain vulnerability processes and principles.
  • How?
    • How to learn?
      • 1. Read books. 2. Watch videos

Other recommended books

image

image

image

image

CTF books

image

image

image

Knowledge about operating systems:

  • Linux
  • Windows
  1. Read network security-related resources.

After understanding the basics, how to continue learning?

  • Follow network security-related content on WeChat public accounts.
  • Subscribe to RSS feeds for network security-related content.
  • Read articles from others to build a network security knowledge system.
  • Learn from GitHub.

During this process, remember to take notes and, if possible, set up a blog to share the learning process. Sharing is also a way of learning.

  1. Practical projects

After understanding the concepts, participate in network security projects to gain practical experience and improve technical skills.

  • Vulnerability playground

渗透测试、红蓝攻防、代码审计基础环境搭建

Recommended educational SRC:

https://src.sjtu.edu.cn/

  1. Join network security communities to learn from and communicate with other professionals in the field, gaining more knowledge and experience.
  • T00ls
  • Others
  1. Certification

Consider obtaining certifications to enhance skills.

  • Information Security Engineer
  • OSCP
  • BSCP
Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.