banner
lca

lca

真正的不自由,是在自己的心中设下牢笼。

How Beginners Can Learn Network Security

Before learning any technology or knowledge, it is necessary to cultivate good learning habits, invest time and energy in research, develop interest and learning ability, and be able to solve problems through search engines. For learning network security, it is important to master learning methods because its knowledge is extensive and complex.

I previously saw a diagram called the "Three Steps to Efficient Work". Can we extend it to "Three Steps to Efficient Learning"? It can also be used to learn knowledge.

image

From the above diagram, we can see that if applied to learning knowledge, it can also be divided into three parts: thinking first, then planning, and finally reviewing (summarizing).

  • Thinking first
    • what
      • What to do? What are the goals? What are the criteria?
    • why
      • Why do it? What is the purpose and significance?
    • how
      • How to do it? What is the plan? How many resources are needed?

Applying it to the field of learning network security, the following scenarios can be considered:

  • what?

    • What is SQL injection vulnerability?
  • why?

    • Why does SQL injection vulnerability occur?
  • how?

    • How to test for SQL injection vulnerability? How to fix SQL injection vulnerability?

By thinking before learning, understanding the basic principles can help us not only know the facts but also understand the reasons behind them. For students who are new to network security, there are many concepts and terms that may not be clear. Before starting to learn, it is important to understand the basic concepts and terms.

Here is a red team intrusion path diagram from Chaitin, which contains various professional terms. You can create your own glossary of professional terms!

image

Similar to the following example:

image

After thinking, you can start planning your learning.

  • Find methods

    • Set up an environment? Hands-on practice?
  • Gather resources

    • Learn through videos? Attend training courses? Study documents?
  • Review and summarize

    • Summarize the knowledge learned

The above content roughly describes the learning method. The specific learning methods can be explored gradually, as everyone has different learning and living habits.

  1. For learning web basics, you can start with documentation, such as the book Web Security Learning Notes, which can help you learn the fundamental principles.

image

  1. Learning vulnerability processes and principles can start with "thinking first".
  • what?
    • Learn the vulnerability process, what is the goal?
      • Understand the process of vulnerability discovery.
      • What are the criteria? OWASP Top 10.
  • why?
    • Why learn?
      • It is a basic course, and a solid foundation is necessary for advancement.
      • Goal: Be able to clearly explain the vulnerability process and principles.
  • how?
    • How to learn?
      • 1. Read books. 2. Watch videos.

Other recommended books

image

image

image

image

CTF books

image

image

image

Knowledge about operating systems:

  • Linux
  • Windows
  1. Read network security-related resources

After understanding the basics, how can we continue learning?

  • Follow network security-related content on WeChat public accounts.
  • Subscribe to network security-related content through RSS feeds.
  • Read articles by others to build a network security knowledge system.
  • Learn on GitHub.

During this process, remember to take notes and, if possible, set up a blog to share your learning process. Sharing is also a way of learning.

  1. Practical projects

After understanding the concepts, participate in network security projects to gain practical experience and improve technical skills.

  • Vulnerability playground

Recommended SRC education

https://src.sjtu.edu.cn/

  1. Join network security communities to learn from and communicate with other professionals in the field, and gain more knowledge and experience.
  • T00ls
  • Others
  1. Certification

Consider obtaining certifications to enhance skills.

  • Information Security Engineer
  • OSCP
  • BSCP
Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.