Ask HN: Where to start reading on security?
I'm a CS student right now thinking about specializing in security. The problem I have, however, is that I don't know enough about security to know on which particular areas of security I want to focus. I only know enough to realize that it is in of itself a quite diverse field.
My question for all the security guys that hang around here is this: what books or blog should I start with if I want a general introduction to the field? I could just wait for the intro level course at my university, but I like to give myself a head start (especially on introductory courses) as I find that the repetition of teaching myself and being taught in class gives me a much more solid foundation in the material. You're looking for this page on HN: http://news.ycombinator.com/user?id=tptacek Particularly the link that says "reading list." Awesome, thanks a ton. The Amazon link is pretty much the mother lode. To it, I would probably add "The Tangled Web" by Zalewsky. I really liked the "Stealing the network" book series.
While it is fictional, the attacks are very realistic and there is much to learn from, even if its a bit outdated. For me, understanding the attacker mindset is what makes a good security professional. I enjoy listening to the Security Now podcast with Steve Gibson. He gives a great overview every week of the security issues/patches/exploits and also goes in depth into a variety of security related topics. His explanations are always easy to understand and interesting. It's hard to say this without sounding like one of those condescending security people, but I highly recommend avoiding that guy. http://attrition.org/errata/charlatan/steve_gibson/ To balance that with something constructive, if you are already comfortable with software development, I'd suggest checking out these to get started with playing around: https://www.corelan.be/index.php/2009/07/19/exploit-writing-... - Part 1, they go to 11. https://google-gruyere.appspot.com/ - for web app sec Those are some great links. Do you follow any security related podcasts? I don't work in security but like to stay relatively up to date.