Method 1: Learn programming first, and then learn Web penetration and tool use. Suitable for the crowd: small partners with a certain code foundation.
(1) basic part
The basic part needs to learn the following:
(1. 1) Computer Network:
Focus on learning OSI, TCP/IP model, network protocol, working principle of network equipment, etc. , and quickly read other content;
The recommended book "How the Internet is Connected _ Home Genqin" is concise and easy to understand, which is the gospel for beginners. If you feel unprofessional, you can learn the authoritative HTTP guide of turing design series;
(1.2)Linux system and command:
Because 70% of the Web servers in the market are running on linux system, if you want to learn how to infiltrate the Web system, you should at least be very familiar with the Linux system and learn the common operation commands.
Learning suggestion: Learn about 10% common commands that are suitable for 90% working scenarios. I like office software, master the most commonly used functions of 10%, and there is no problem in basic daily use. If you can't satisfy them, go and find relevant information. There are only 50-60 common linux commands, and many white people swallow them all and can't remember them at all.
Recommended books for hackers Linux basics; ;
(1.3)Web framework:
To be familiar with the content of the web framework, you only need to know the scripting languages such as HTML and JS in the front end, with emphasis on the php language in the back end. Remember not to learn a language according to the development ideas. PHP can read the code at least, and of course it will write the best, but it is not development, but it is not development. Say the important things three times.
Database:
You need to learn SQL syntax, and use MySQL, a commonly used database, to learn the corresponding database syntax, as well. Can understand some advanced syntax of SQL. If you don't have time to learn it completely, it won't affect your subsequent study. After all, you are not a database analyst, so you don't need to learn too much.
(2) Network security
(2. 1) network permeability
Master the principle, utilization, defense and other knowledge points of 10 common Web vulnerabilities ranked in the top of OWASP, and then practice in a certain range; Some Xiaobai may ask, where to find information, and suggest that you can buy more authoritative books directly, study with some free online video systems, and then practice with open source shooting ranges;
Recommended books white hat talk about Web security (Ali white hat hacker Shinto brother works)
Recommended shooting ranges Common shooting ranges can be searched on github platform, and the following shooting ranges are recommended: DVWA, bWAPP, upload-labs-master, SQL-lib-master, WebBug, Pikachu, etc. Some are comprehensive shooting ranges, and some are shooting ranges specifically aimed at a loophole;
(2.2) Tool learning
In the stage of Web penetration, you still need to master some necessary tools. There are many videos about Li Li, so choose some videos that explain clearly. Don't watch a lot of videos with one tool. Most videos are repetitive and waste time.
Main tools and platforms to be mastered: burp, AWVS, Appscan, Nessus, sqlmap, nmap, shodan, fofa, proxy tools ssrs, hydra, medusa, airspoof, etc. The above tools can be practiced by using the above open source shooting range, which is enough;
The practice is almost over. You can go to the SRC platform to infiltrate the real site and see if there is a breakthrough. If you need to bypass WAF, you need to study specifically for WAF, and there are not many postures. Study systematically and then sum up more experience. Go up a flight of stairs;
(2.2) Automatic infiltration
Automated infiltration needs to master a language and use it skillfully. It can be any language you are already familiar with. If you don't have a good grasp, I recommend learning python. Mainly because learning is simple, there are many modules, and it is convenient to write some scripts and tools.
Although not knowing how to automate infiltration will not affect entry and employment, it will affect career development. To learn python, you don't need to master many unnecessary modules or develop thousands of lines of code. Just write some tools and scripts in Python, from 10 lines to 1-200 lines. Generally speaking, the amount of code is extremely small relative to developers. For example, a simplified core code of domain name crawler code is 60.
Learn python grammar in a few days, and you can learn python grammar in the fastest day, because all languages are interlinked, but the fastest way to learn a language is to write code, and there is no other way. Next, you can try to write some common tools, such as crawler, port detection, packet core content extraction, intranet active host scanning and so on. , and searched many such codes on the Internet; Then write some POC and EXP scripts and practice at the shooting range. Some friends may ask again, what are POC and EXP? Go to Baidu by yourself and get into the good habit of doing it.
(2.3) Code audit
The content here requires high code ability, so if the code ability is weak, you can skip this part of learning first, without affecting the learning and development on the infiltration road.
However, if you want to go further in Web penetration, you need to be proficient in a background development language and recommend php, because websites developed by php occupy the largest proportion in the background. Of course, you are also proficient in python, asp, java and other languages. Congratulations, you have a good foundation.
As the name implies, code audit is to audit the source code of other people's websites or systems, and to audit whether there are loopholes in the system by auditing the source code or code environment (which belongs to the category of white-box testing).
So how to study specifically? The specific contents of learning are listed as follows:
Master some dangerous functions and security configuration of php;
Familiar with the process and method of code audit;
Master 1-2 code auditing tools, such as seay.
Master the commonly used functional audit methods; (It is recommended to audit AuditDemo to make you confident. )
General CMS framework audit (difficult); There is a foreign book Code Audit: Enterprise Web Code Security Architecture. Sure, you can browse it when you have time. It is suggested to find a systematic course of introduction to the course. Find AuditDemo on github, download the source code, build it in the local virtual machine, and then use tools and auditing methods to audit the 10 vulnerability in AuditDemo. The difficulty distribution conforms to the normal distribution and can be challenged.
As for the CMS framework audit, you can go to some CMS official website to download some historically flawed versions for auditing. You can use official website's user manual to learn the framework. For example, ThinkPHP3.2 version 3.2 has some loopholes, so you can try to look at the code. But remember not to look at the code as soon as you start, because the CMS framework has a large amount of code, and it is basically incomprehensible without a systematic learning framework first; After learning the framework, you can write a simple POC and audit the framework with tools according to the method of code audit. Actually, it's not as difficult as I thought. If you are a developer, congratulations, you already have the inherent advantages of code auditing.
Some people may ask, "My code is poor, can I not learn code auditing?" In fact, code audit is not a necessary condition for learning network security, and it is best to master it. If you can't master it, it won't affect your subsequent study and employment, but you need to choose a stage and practice it more professionally, such as web infiltration or intranet infiltration, or automatic infiltration;
(3) Intranet security
Congratulations, if you learn here, you can basically engage in a job related to network security, such as penetration testing, Web penetration, security services, security analysis and so on;
If you want to have wider employment and stronger technical competition, you need to re-learn the knowledge about intranet penetration;
The knowledge of intranet is a little bit difficult, which is related to the learning materials and shooting range on the market at present; The main contents of intranet learning mainly include: intranet information collection, domain penetration, proxy and forwarding technology, application and system authority promotion, tool learning, killing-free technology, APT and so on;
You can buy "intranet security attack and defense: a practical guide to penetration testing", which is well written. There are few books about intranet in China, taking the book catalogue as the main line and then practicing with tools and shooting range.
Where can I download it to the intranet shooting range? If you are strong enough and have a high computer configuration, you can build an intranet environment with virtual machines, which generally requires more than three virtual machines; You can also go abroad to find some intranet shooting ranges to use, and some shooting ranges that need to be charged are also possible;
(4) Infiltration and expansion
Infiltration expansion part is also closely related to specific work, which requires mastering as much as possible, mainly including log analysis, safety reinforcement, emergency response, equivalent safety assessment, etc. Among them, the first three parts are mainly mastered, and there are not many materials on this information network, and there are not many books and materials formed. You can learn through industry-related technical groups or industry-shared materials. Learning this step is basically successful, and it is relatively easy to learn knowledge such as log analysis, security reinforcement and emergency response.
Method 2: first understand Web penetration and tools, and then understand the people who are suitable for programming: small partners with weak or no code ability and other relatively poor foundations.
The foundation needs to be laid well, and then learning Web penetration such as linux system, computer network, a little Web framework and database still needs to be mastered in advance;
Php language, automatic penetration, code auditing and the like can be put at the end. After learning the previous knowledge, it will be relatively easy to learn a language after getting started.
Priority is given to method 2. For Xiao Bai, the code foundation is usually weak, and many Xiao Bai will fall into early language learning. Therefore, the recommended method 2 is more interesting and easy to maintain high learning motivation and enthusiasm. I won't talk about the specific learning content. Please refer to method 1.
Method 3: Choose some suitable people to study the course: small partners who need systematic study and enhance their actual combat ability.
According to your own conditions, if your self-study ability is poor, it is recommended to choose courses. There are many kinds of courses on all major platforms on the Internet, which can help you get started quickly, and then improve your study according to your own shortcomings, and finally reach the excellent level you want.
Learning books are recommended as follows:
Basic stage
Hacker Linux basics (Chinese translation)
Wireshark Network Analysis (Full Scan)
Proficient in Regular Expressions (Chinese 3rd Edition)
Graphic HTTP color version
[Introduction to Cryptography]. Yang Xin. Chinese second edition
How is the network connected _ home root piano
[PHP and MySQL programming (fourth edition)] W.Jason.Gilmore
Network penetration stage
Practical Guide to Penetration Test of Network Security Attack and Defense
White hat talks about network security
Web security depth
Automatic infiltration stage
Python programming is quick to get started-automating tedious work
Code audit stage
Code Audit: Enterprise Web Code Security Architecture
Infiltration stage of intranet
Intranet security attacks and defenses: a practical guide to penetration testing
Social engineering to prevent phishing fraud