Before learning any technology or knowledge, it is necessary to cultivate good learning habits, invest time and energy in research, develop interest and learning ability, and be able to solve problems through search engines. For learning network security, it is important to master learning methods because its knowledge is extensive and complex.
I previously saw a diagram called the "Three Steps to Efficient Work". Can we extend it to "Three Steps to Efficient Learning"? It can also be used to learn knowledge.
From the above diagram, we can see that if applied to learning knowledge, it can also be divided into three parts: thinking first, then planning, and finally reviewing (summarizing).
- Thinking first
- what
- What to do? What are the goals? What are the criteria?
- why
- Why do it? What is the purpose and significance?
- how
- How to do it? What is the plan? How many resources are needed?
- what
Applying it to the field of learning network security, the following scenarios can be considered:
-
what?
- What is SQL injection vulnerability?
-
why?
- Why does SQL injection vulnerability occur?
-
how?
- How to test for SQL injection vulnerability? How to fix SQL injection vulnerability?
By thinking before learning, understanding the basic principles can help us not only know the facts but also understand the reasons behind them. For students who are new to network security, there are many concepts and terms that may not be clear. Before starting to learn, it is important to understand the basic concepts and terms.
Here is a red team intrusion path diagram from Chaitin, which contains various professional terms. You can create your own glossary of professional terms!
Similar to the following example:
After thinking, you can start planning your learning.
-
Find methods
- Set up an environment? Hands-on practice?
-
Gather resources
- Learn through videos? Attend training courses? Study documents?
-
Review and summarize
- Summarize the knowledge learned
The above content roughly describes the learning method. The specific learning methods can be explored gradually, as everyone has different learning and living habits.
- For learning web basics, you can start with documentation, such as the book Web Security Learning Notes, which can help you learn the fundamental principles.
- Learning vulnerability processes and principles can start with "thinking first".
- what?
- Learn the vulnerability process, what is the goal?
- Understand the process of vulnerability discovery.
- What are the criteria? OWASP Top 10.
- Learn the vulnerability process, what is the goal?
- why?
- Why learn?
- It is a basic course, and a solid foundation is necessary for advancement.
- Goal: Be able to clearly explain the vulnerability process and principles.
- Why learn?
- how?
- How to learn?
- 1. Read books. 2. Watch videos.
- How to learn?
Other recommended books
CTF books
Knowledge about operating systems:
- Linux
- Windows
- Read network security-related resources
After understanding the basics, how can we continue learning?
- Follow network security-related content on WeChat public accounts.
- Subscribe to network security-related content through RSS feeds.
- Read articles by others to build a network security knowledge system.
- Learn on GitHub.
During this process, remember to take notes and, if possible, set up a blog to share your learning process. Sharing is also a way of learning.
- Practical projects
After understanding the concepts, participate in network security projects to gain practical experience and improve technical skills.
- Vulnerability playground
-
CTF playground
- CTFShow
- BUUCTF
- CTFHub
- Chaitin Mirror
- TryHackMe
- HackTheBox
- All labs | Web Security Academy
-
SRC vulnerability discovery
Recommended SRC education
- Join network security communities to learn from and communicate with other professionals in the field, and gain more knowledge and experience.
- T00ls
- Others
- Certification
Consider obtaining certifications to enhance skills.
- Information Security Engineer
- OSCP
- BSCP