Hacker News new | ask | show | jobs
Ask HN: Where to start reading on security?
4 points by mjdwitt 5260 days ago
I'm a CS student right now thinking about specializing in security. The problem I have, however, is that I don't know enough about security to know on which particular areas of security I want to focus. I only know enough to realize that it is in of itself a quite diverse field.

My question for all the security guys that hang around here is this: what books or blog should I start with if I want a general introduction to the field? I could just wait for the intro level course at my university, but I like to give myself a head start (especially on introductory courses) as I find that the repetition of teaching myself and being taught in class gives me a much more solid foundation in the material.
3 comments
mechanical_fish 5260 days ago
You're looking for this page on HN:

http://news.ycombinator.com/user?id=tptacek

Particularly the link that says "reading list."

link
mjdwitt 5260 days ago
Awesome, thanks a ton. The Amazon link is pretty much the mother lode.
link
tptacek 5259 days ago
To it, I would probably add "The Tangled Web" by Zalewsky.
link
yuvalo 5259 days ago
I really liked the "Stealing the network" book series. While it is fictional, the attacks are very realistic and there is much to learn from, even if its a bit outdated.

For me, understanding the attacker mindset is what makes a good security professional.

link
dtromero 5259 days ago
I enjoy listening to the Security Now podcast with Steve Gibson. He gives a great overview every week of the security issues/patches/exploits and also goes in depth into a variety of security related topics. His explanations are always easy to understand and interesting.

http://www.grc.com/securitynow.htm

link
lawnchair_larry 5259 days ago
It's hard to say this without sounding like one of those condescending security people, but I highly recommend avoiding that guy.

http://attrition.org/errata/charlatan/steve_gibson/

To balance that with something constructive, if you are already comfortable with software development, I'd suggest checking out these to get started with playing around:

https://www.corelan.be/index.php/2009/07/19/exploit-writing-... - Part 1, they go to 11.

https://google-gruyere.appspot.com/ - for web app sec

link
dtromero 5256 days ago
Those are some great links. Do you follow any security related podcasts? I don't work in security but like to stay relatively up to date.
link