Hi everyone, this is Jay Chou.
Next, I will write a series of articles to sort out detailed learning steps and learning resource recommendations for network security.
Today's theme is-Web Security.
Web security is a very important part of network penetration. Today I will talk to you about how to master web security from a zero basis in three months.
The first month
first week of : HTML+CSS, learn basic web page format, learn to write basic web pages, forms, learn to use browser F12 to check elements, view source code
Recommended learning address:
second week : JavaScript basics, learn basic web programming, and combine with the knowledge of the first week
Recommended learning address: https://www.runoob.com/js/js-tutorial.html
third week : Learn HTTP protocol, understand the working principle of the Web, supplemented by the use of the packet capture software Wireshark, and learn HTTP in actual packet capture
Recommended study books:
HTTP:
Wireshark :
Week 4 : Learn about web servers, nginx and apache, learn to deploy and build a static website by yourself, and learn to view web logs.
Recommended learning address:
By the end of this first month, you already have basic web front-end knowledge.
Second month
Week 5 : Learn about dynamic web technology, the difference between CGI/Fast-CGI/PHP, and start to get in touch with PHP programming, and learn to handle simple web requests.
Recommended learning address:
Sixth week : Comprehensively learn PHP back-end development, master basic request processing, learn MySQL use, learn interface development, learn PHP framework and common CMS
Recommended learning address:
Seventh week : Learn about Cookie, Session, JWT and other technologies in Web development, front-end Storage, and learn what is cross-domain and what is CORS.
Recommended learning address: https://www.cnblogs.com/l199616j/p/11195667.html
https://blog.csdn.net/weixin_43893935/article/details/108385016
Week 8 : Learn about other web back-end development languages and frameworks, Python (Django/Flask), Java (SSM), C#···
recommended learning address:
By the end of the second month, you already have basic knowledge of the web backend.
The third month
Week 9 : Learn Linux operating system, system log, authority management, user management, firewall
Recommended study books:
Week 10 : Learn the core technologies of Web security: SQL injection, XSS attack, CSRF, file upload, one-sentence Trojan, WebShell
Recommended study books:
Week : Learn classic web frameworks and web application vulnerability attacks, learn social engineering, Google Hacking, and intelligence collection
Twelfth week : Learn the penetration testing framework and commonly used tools MetaSploit, Cobalt Strike, nmap, sqlmap...
Recommended learning address: MetaSploit: Full set of video https://www.bilibili.com/video/BV1MM4y1N7zp
Cobalt Strike:
https://blog.csdn.net/qq_26091745/article/details/98097401
By the end of the third month, you have the basic abilities of a basic Web security novice.
In the above content, you may have questions: will learn this in a week?
For example, learning Linux, we focus on using it. As for the lower-level technical knowledge of the Linux operating system, what memory management mechanism, and the principle of process threads, we don’t need to expand at this stage.
Another example is PHP learning. I really need to learn it carefully. It is enough to spend three months in it, but we can’t do this. Learn the basic grammar, be able to develop simple back-end programs, and understand what PHP back-end development is all about. , Just what the working principle is.
In short, when you first learn, don't get caught up in the details, but grasp the overall situation, otherwise you will easily get lost and be dissuaded.
What kind of learning route and resource recommendation do you want to see, or any confusion, welcome to tell me in the comment area, the most popular will be arranged in the next tweet.
Hi everyone, this is Jay Chou.
Next, I will write a series of articles to sort out detailed learning steps and learning resource recommendations for network security.
Today's theme is-Web Security.
Web security is a very important part of network penetration. Today I will talk to you about how to master web security from a zero basis in three months.
The first month
first week of : HTML+CSS, learn basic web page format, learn to write basic web pages, forms, learn to use browser F12 to check elements, view source code
Recommended learning address:
second week : JavaScript basics, learn basic web programming, and combine with the knowledge of the first week
Recommended learning address: https://www.runoob.com/js/js-tutorial.html
third week : Learn HTTP protocol, understand the working principle of the Web, supplemented by the use of the packet capture software Wireshark, and learn HTTP in actual packet capture
Recommended study books:
HTTP:
Wireshark :
Week 4 : Learn about web servers, nginx and apache, learn to deploy and build a static website by yourself, and learn to view web logs.
Recommended learning address:
By the end of this first month, you already have basic web front-end knowledge.
Second month
Week 5 : Learn about dynamic web technology, the difference between CGI/Fast-CGI/PHP, and start to get in touch with PHP programming to learn to handle simple web requests.
Recommended learning address:
Sixth week : comprehensively learn PHP back-end development, master basic request processing, learn MySQL use, learn interface development, learn PHP framework and common CMS
Recommended learning address:
Week 7 : Learn about Cookie, Session, JWT and other technologies in web development, front-end Storage, and learn what is cross-domain and what is CORS.
Recommended learning address: https://www.cnblogs.com/l199616j/p/11195667.html
https://blog.csdn.net/weixin_43893935/article/details/108385016
Week 8 : Learn about other web back-end development languages and frameworks, Python (Django/Flask), Java (SSM), C#···
recommended learning address:
By the end of the second month, you already have basic knowledge of the web backend.
The third month
Week 9 : Learn Linux operating system, system log, authority management, user management, firewall
Recommended study books:
Week 10 : Learn the core technologies of Web security: SQL injection, XSS attack, CSRF, file upload, one-sentence Trojan, WebShell
Recommended study books:
Week : Learn about classic web frameworks and web application vulnerability attacks, learn about social engineering, Google Hacking, and intelligence gathering
Twelfth week : Learn the penetration testing framework and commonly used tools MetaSploit, Cobalt Strike, nmap, sqlmap...
Recommended learning address: MetaSploit: Full set of video https://www.bilibili.com/video/BV1MM4y1N7zp
Cobalt Strike:
https://blog.csdn.net/qq_26091745/article/details/98097401
By the end of the third month, you have the basic abilities of a basic web security novice.
In the above content, you may have questions: will learn this in a week?
For example, learning Linux, we focus on using it. As for the lower-level technical knowledge of the Linux operating system, what memory management mechanism, and the principle of process threads, we don’t need to expand at this stage.
Another example is PHP learning. I really need to learn it carefully. It is enough to spend three months in it, but we can’t do this. Learn the basic grammar, be able to develop simple back-end programs, and understand what PHP back-end development is all about. , Just what the working principle is.
In short, when you first learn, don't get caught up in the details, but grasp the overall situation, otherwise you will easily get lost and be dissuaded.
What kind of learning route and resource recommendation do you want to see, or any confusion, welcome to tell me in the comment section, the most popular will be arranged in the next tweet.
Welfare
[High-definition PDF electronic version of this book]
Collecting and sorting is not easy, welcome to like and forward support, I thank you in advance.
**粗体** _斜体_ [链接](http://example.com) `代码` - 列表 > 引用。你还可以使用@来通知其他用户。