To Sheng Li
Links: https://www.zhihu.com/question/21914899/answer/39344435
Source: Know
Copyright belongs to the author. Commercial reprint please contact the author for authorization, non-commercial reprint please specify the source.
Web Security Engineer
- Web Security related concepts
Familiar with the basic concepts (SQL injection, upload, XSS, CSRF, a word trojan, etc.).
- Through keywords (SQL injection, upload, XSS, CSRF, a word trojan, etc.) to Google/secwiki;
- Read "Proficient script hacker", although very old also have errors, but the introduction is still possible;
- See some infiltration notes/video, understand the whole process of infiltration, can Google (infiltration notes, infiltration process, intrusion process, etc.);
- 3 weeks
Familiar with penetration related tools
Familiar with the use of Awvs, Sqlmap, Burp, Nessus, Chopper, Nmap, AppScan and other related tools.
- Understand the use of such tools and usage scenarios, first with the software name Google/secwiki;
- Download the software that is not available for installation;
- Study and use, the specific teaching materials can be searched on Secwiki, for example: Brup tutorial, Sqlmap;
- The few software to be used are learned to install the Sonic start to do a penetration toolbox;
- 5 weeks
Infiltration actual operation
Master the entire stage of penetration and be able to penetrate small sites independently.
- Penetrate the network to see and think about the ideas and principles of the video, keywords (infiltration, SQL injection video, file upload intrusion, database backup, dedecms exploit, etc.);
- Find your own site/build test environment for testing, remember to hide yourself;
- Thinking about infiltration is divided into several stages, each of which needs to do the work, such as this: PTEs penetration test execution standards;
- Study the types of SQL injection, injection theory, manual injection skills;
- Research the principle of file upload, how to truncate, double-suffix spoofing (IIS, PHP), parsing exploit (IIS, Nignix, Apache), etc., refer to: Upload attack framework;
- Study the principle and type of XSS formation, the specific learning method can be Google/secwiki, can refer to: XSS;
- To study the method and specific use of windows/linux, you can refer to: right to raise;
- can refer to: Open source penetration testing vulnerable systems;
- 1 weeks
Focus on Security Circle dynamics
Focus on the latest vulnerabilities, security incidents, and technical articles in the security circle.
- Browse Daily Security Technical articles/events through Secwiki;
- Through the weibo/twitter concerned about the safety circle practitioners (encounter Daniel's attention or close friends resolute attention), every day to draw time to brush;
- Through the feedly/fruit subscription domestic and foreign Security technology blog (not limited to domestic, usually pay more attention to accumulate), there is no source can see the secwiki of the aggregation column;
- Develop the habit, every day actively submit security technical articles linked to Secwiki to accumulate;
- More attention to the latest vulnerability list, recommended several: exploit-db, CVE Chinese Library, Wooyun, and so on, encountered public loopholes are to practice.
- Focus on national and international Security conference issues or video, recommend Secwiki-conference.
- 3 weeks
Familiarity with Windows/kali Linux
Learn Windows/kali Linux basic commands, common tools;
- Familiar with the common CMD commands under Windows, for example: Ipconfig,nslookup,tracert,net,tasklist,taskkill, etc.;
- Familiar with the common commands under Linux, such as: Ifconfig,ls,cp,mv,vi,wget,service,sudo, etc.;
- Familiar with Kali Linux system common tools, can refer to Secwiki, "Web penetration Testing with Kali Linux", "Hacking with Kali" and so on;
- Familiar with Metasploit tools, can refer to Secwiki, "Metasploit Penetration Test Guide".
- 3 weeks
Server Security Configuration
Learn the server environment configuration and find out the security issues with the configuration by thinking about it.
- windows2003/2008 Environment of IIS configuration, pay special attention to configure security and operation permissions, you can refer to: secwiki-configuration;
- Linux environment, the security configuration of lamp, mainly consider the operation permissions, cross-directory, folder permissions, etc., you can refer to: secwiki-configuration;
- Remote system reinforcement, restrict user name and password login, restrict port through iptables;
- Configure the software WAF to strengthen the system security, in the server configuration mod_security and other systems, see Secwiki-modsecurity;
- Security detection of configuration environment through Nessus software, unknown security threats found.
- 4 weeks
Scripting Programming Learning
Select one of the scripting language Perl/python/php/go/java to program the common libraries.
- Build development environment and choose ide,php Environment recommended Wamp and Xampp,ide strongly recommend Sublime, some Sublime tips: secwiki-sublime;
- Python programming learning, learning content includes: grammar, regular, file, network, multi-threaded and other common library, recommended "Python core programming", do not read ;
- Use Python to write the vulnerability of exp, and then write a simple web crawler, see secwiki-crawler, video;
- PHP Basic grammar to learn and write a simple blog system, see "PHP and MySQL Program design (4th edition)", video;
- Familiarize yourself with the MVC architecture and try to learn a PHP framework or Python framework (optional);
- Understand the layout of Bootstrap or CSS, you can refer to: secwiki-bootstrap;
- 3 weeks
Source Audit and vulnerability analysis
Can independently analyze the script source code program and find security issues.
- Familiar with the dynamic and static methods of source audit, and know how to analyze the program, see secwiki-Audit;
- From the Wooyun to find Open source Program Vulnerability Analysis and try to analyze their own;
- Understand the causes of web vulnerabilities, and then search through the keyword for analysis, see secwiki-Code Audit, Advanced PHP Application Vulnerability Audit technology;
- Study the principle of web vulnerability formation and how to avoid this kind of vulnerability from the source level, and organize into checklist.
- 5 weeks
Design and development of safety system
can establish its own security system, and can provide some security recommendations or system architecture.
- Develop some practical security gadgets and open source, reflect personal strength;
- Establish their own security system, the company's security has its own some knowledge and views;
- Propose or join the architecture or development of a large security system;
- Look at the development of their own ~
Safety Testing ===web learning routes for safety penetration