Subdivision direction of network security engineers ：
Specialized in penetration testing
Specialized in safety analysis
Specialized in threat analysis
Specialized in forensics
Special maintenance , Reinforcement or something
on the whole , Main work of Network Security Engineer ：1. Analyze the current situation of network 2. In case of network attack or security incident, improve the service to help users recover the system , Investigate and obtain evidence
3. Some network architectures facing customers , Propose reasonable network security solutions 4. Responsible for coordinating a customized implementation of the solution , Deployment and development, etc .
Work of penetration test engineer ： It mainly focuses on network security and defense . First of all, have a certain understanding of the maintained site or network, that is, information collection ; Analyze the information obtained and get the general defense situation of the network ; Then it analyzes the vulnerability of the network , Generally, it includes vulnerabilities in the province of the system , Software vulnerabilities , Code level vulnerabilities ; Find loopholes for penetration （ Main technical application links ）; Then, after penetrating （ Enter server ） Steal information out to bypass security equipment ; Finally, eliminate the trace , Can't be Forensics .
Therefore, the network engineer in the direction of penetration is to simulate hackers , Attack the target server or network , This is a white box test （ The penetration engineer knows the relevant information of the site ）, Hack into the internal network or server with your own means , Finally, a report shall be given to Party A , The report points out the means of attack , It is recommended to deploy relevant products , It is suggested to take relevant measures to defend .
By a website
Small vulnerabilities began to gradually use various technical means to win the server corresponding to the website （ The website is built on the server ）. Upload the Trojan horse to the target server and execute it successfully , You can successfully win the target server . The essence of penetration testing is information collection .
1） Systematic learning penetration test process from simple to deep ： To get the password , Get administrator privileges , Get the highest permission of the target , Obtain all controllable permissions of the target intranet as an example
2） Master the principle of mainstream vulnerabilities , Utilization method ： injection , Cross Station , read , Ultra vires , upload , Request Forgery
3） Learning loopholes, mining thinking methods , Start vulnerability mining training for selected targets