Original: http://www.zhihu.com/question/21914899
Web Security related concepts
Familiar with the basic concepts (SQL injection, upload, XSS, CSRF, a word trojan, etc.).
Through keywords (SQL injection, upload, XSS, CSRF, a word trojan, etc.) to Google/secwiki;
Read "Proficient script hacker", although very old also have errors, but the introduction is still possible;
See some infiltration notes/video, understand the whole process of infiltration, can Google (infiltration notes, infiltration process, intrusion process, etc.);
3 weeks
Familiar with penetration related tools
Familiar with the use of Awvs, Sqlmap, Burp, Nessus, Chopper, Nmap, AppScan and other related tools.
Understand the use of such tools and usage scenarios, first with the software name Google/secwiki;
Download the software that is not available for installation;
Study and use, the specific teaching materials can be searched on Secwiki, for example: Brup tutorial, Sqlmap;
The few software to be used are learned to install the Sonic start to do a penetration toolbox;
5 weeks
Infiltration actual operation
Master the entire stage of penetration and be able to penetrate small sites independently.
Penetrate the network to see and think about the ideas and principles of the video, keywords (infiltration, SQL injection video, file upload intrusion, database backup, dedecms exploit, etc.);
Find your own site/build test environment for testing, remember to hide yourself;
Thinking about infiltration is divided into several stages, each of which needs to do the work, such as this: PTEs penetration test execution standards;
Study the types of SQL injection, injection theory, manual injection skills;
Research the principle of file upload, how to truncate, double-suffix spoofing (IIS, PHP), parsing exploit (IIS, Nignix, Apache), etc., refer to: Upload attack framework;
Study the principle and type of XSS formation, the specific learning method can be Google/secwiki, can refer to: XSS;
To study the method and specific use of windows/linux, you can refer to: right to raise;
can refer to: Open source penetration testing vulnerable systems;
1 weeks
Focus on Security Circle dynamics
Focus on the latest vulnerabilities, security incidents, and technical articles in the security circle.
Browse Daily Security Technical articles/events through Secwiki;
Through the weibo/twitter concerned about the safety circle practitioners (encounter Daniel's attention or close friends resolute attention), every day to draw time to brush;
Through the feedly/fruit subscription domestic and foreign Security technology blog (not limited to domestic, usually pay more attention to accumulate), there is no source can see the secwiki of the aggregation column;
Develop the habit, every day actively submit security technical articles linked to Secwiki to accumulate;
More attention to the latest vulnerability list, recommended several: exploit-db, CVE Chinese Library, Wooyun, and so on, encountered public loopholes are to practice.
Focus on national and international Security conference issues or video, recommend Secwiki-conference.
3 weeks
Familiarity with Windows/kali Linux
Learn Windows/kali Linux basic commands, common tools;
Familiar with the common CMD commands under Windows, for example: Ipconfig,nslookup,tracert,net,tasklist,taskkill, etc.;
Familiar with the common commands under Linux, such as: Ifconfig,ls,cp,mv,vi,wget,service,sudo, etc.;
Familiar with Kali Linux system common tools, can refer to Secwiki, "Web penetration Testing with Kali Linux", "Hacking with Kali" and so on;
Familiar with Metasploit tools, can refer to Secwiki, "Metasploit Penetration Test Guide".
3 weeks
Server Security Configuration
Learn the server environment configuration and find out the security issues with the configuration by thinking about it.
windows2003/2008 Environment of IIS configuration, pay special attention to configure security and operation permissions, you can refer to: secwiki-configuration;
Linux environment, the security configuration of lamp, mainly consider the operation permissions, cross-directory, folder permissions, etc., you can refer to: secwiki-configuration;
Remote system reinforcement, restrict user name and password login, restrict port through iptables;
Configure the software WAF to strengthen the system security, in the server configuration mod_security and other systems, see Secwiki-modsecurity;
Security detection of configuration environment through Nessus software, unknown security threats found.
4 weeks
Scripting Programming Learning
Select one of the scripting language Perl/python/php/go/java to program the common libraries.
Build development environment and choose ide,php Environment recommended Wamp and Xampp,ide strongly recommend Sublime, some Sublime tips: secwiki-sublime;
Python programming learning, learning content includes: grammar, regular, file, network, multi-threaded and other common library, recommended "Python core programming", do not read;
Use Python to write the vulnerability of exp, and then write a simple web crawler, see secwiki-crawler, video;
PHP Basic grammar to learn and write a simple blog system, see "PHP and MySQL Program design (4th edition)", video;
Familiarize yourself with the MVC architecture and try to learn a PHP framework or Python framework (optional);
Understand the layout of Bootstrap or CSS, you can refer to: secwiki-bootstrap;
3 weeks
Source Audit and vulnerability analysis
Can independently analyze the script source code program and find security issues.
Familiar with the dynamic and static methods of source audit, and know how to analyze the program, see secwiki-Audit;
From the Wooyun to find Open source Program Vulnerability Analysis and try to analyze their own;
Understand the causes of web vulnerabilities, and then search through the keyword for analysis, see secwiki-Code Audit, Advanced PHP Application Vulnerability Audit technology;
Study the principle of web vulnerability formation and how to avoid this kind of vulnerability from the source level, and organize into checklist.
5 weeks
Design and development of safety system
can establish its own security system, and can provide some security recommendations or system architecture.
Develop some practical security gadgets and open source, reflect personal strength;
Establish their own security system, the company's security has its own some knowledge and views;
Propose or join the architecture or development of a large security system;