Heya Everyone-
One thing you might check out is O'Reilly Safari
http://safari.oreilly.com. Here you pay a monthly subscription fee
and get access to several books. They have a 14 day trial so you can
try it out. I've found this is a great way to read a lot of books for
less cash. If I really like the book then I usually buy the hard copy
as well. Looks like they currently have 55 books right now
categorized as security books from many different publishers.
As for which books are good it all depends on what kind of security
you're looking at. Here are some of my favorites:
General Hacking Techniques with specific examples:
Hacking Exposed 4th ed
Social Engineering:
The Art of Deception - Kevin Mitnick (also great for policy writing)
Coding Security:
Writing Secure Code 2nd Ed
or
Exploiting Software : How to Break Code (a little more advanced)
Forensics:
Incident Response & Computer Forensics 2nd Edition
Wardriving:
Wardriving Drive, Detect, Defend
Wireless Security:
Maximum Wireless Security
Encryption:
Applied Cryptography
Threat/Risk Anaylsis:
Threat Modeling
Web Security:
Web Security -- Hack Notes (nice quick read, very condenced)
Network Security Monitoring
Snort
The Tao of Network Security
Shell Coding:
Shell Coder's Handbook
Also, if you want to practice web hacking give
http://www.owasp.org/index.jsp a look. You can download WebGoat from
them which will install a jsp server on your local computer with some
webpages to be hacked and some hacking lessons. They also have other
cool tools.
If you want to learn about some free tools look at nmap, nessus,
netcat, achilles, john the ripper, snort, metaspoloit, and kismet.
Another website that I don't believe was mentioned was the Open Source
Vulnerability Database (http://www.osvdb.org). After you get a little
knowledge under your belt you can volunteer with them and this gives
you a great opportunity to look over and learn about all kinds of
vulnerabilities. This volunteer work also counts for experince time
needed for many certifications.
Good luck,
Dave King
http://www.thesecure.net
On Tue, 31 Aug 2004 11:13:59 +0300, linux user <linuxteam@gmail.com> wrote:
Hi All,
Could you please let me know where should i start learning about
network, and web security, I have been using linux mainly for
several years, windows for a couple of years, and solaris from time to
time, I would like to consolidate my knoweldge regarding the above
operatings system through a deep exopsure to security. i am thinking
of books, mailing lists, and training courses, i also stumbled once on
a hacker group that would let you joing if you solve a puzzle, some
kind of message encryption, but i do not remmber the site any more,
the main objective is secure a career in network security.
TIA
ant ant
---------------------------------------------------------------------------
Computer Forensics Training at the InfoSec Institute. All of our class sizes
are guaranteed to be 12 students or less to facilitate one-on-one
interaction with one of our expert instructors. Gain the in-demand skills of
a certified computer examiner, learn to recover trace data left behind by
fraud, theft, and cybercrime perpetrators. Discover the source of computer
crime and abuse so that it never happens again.
http://www.infosecinstitute.com/courses/computer_forensics_training.html
----------------------------------------------------------------------------
