Security Basics mailing list archives
Re: starting
From: krymson () gmail com
Date: 21 Feb 2008 22:13:12 -0000
This really depends on knowing yourself a bit, first. What do you already know? What are you interested in? What do you want to know to strive for? Getting a focus isn't something you *have* to do, but it certainly helps to have some areas you can say you're good at, and maintain many of the other areas beyond it. Trying to be good at all aspects of security will burn you out (unless you're 14 and have 8 years more of little responsibility!). I'd suggest people starting out gravitate first towards sources that blitz you with information. The Hacking Exposed series, in particular the main tome [1] is a great resource to blitz many topics. Not only does it blitz them, but it can be actionable in bite-size doses. Beyond that, branch out either into the network, desktops, servers, programming, Windows, Linux, web apps, database, wireless, mobile. The area with the least barriers to entry may be the web app space these days. For that, check out OWASP, get involved in a group if you have one local. Desktops are also a common starting point, jobwise. Sign up for several security blog RSS feeds and see what they talk about; find out if you prefer rubbing shoulders with analysts, managers, or the guys in the trenches. Don't just read! Comment and ask questions. A good single starting point is the Security Bloggers Network [2], but be open to adding people they link to, or commentor blogs that are not actively a part of that circle. Browse their link menus. If you prefer people more trenchlike, try Hak5's forums, perhaps? [3] If you prefer slightly more professional forums, give the SecurityCatalyst forums a try. [4] Attend a relatively inexpensive con to see firsthand some of the security culture. I suggest Defcon or Shmoocon to start out. Get a lab with some test systems. If you want to learn or are interested in web app sec, put up an IIS and Apache server each, put some pages on them. A huge part of being able to secure (or break!) things in our area, is first knowing how to administrate them. Get hands on, screw things up, fix them, tinker, play, be curious. Same thing goes for the other areas. Participate and ask questions. While places like the Full-Disclosure mailing list and some forums can be abrasive and abusive at times with heckler/troll kids hiding in the shadows, it does help to just be a part of the community rather than a silent lurker. Even if you're wrong, you'll be learning, and the people that matter truly do understand that. Someday you'll find that you've turned a corner and are no longer asking questions, but giving other people the answers. :) [1] http://www.amazon.com/Hacking-Exposed-5th/dp/0072260815/ref=pd_bbs_2?ie=UTF8&s=books&qid=1203632287&sr=8-2 [2] http://networks.feedburner.com/Security-Bloggers-Network [3] http://www.hak5.org [4] http://www.securitycatalyst.org/forums/ <- snip -> Hi! this is my first mail in this list. Sorry for begin to "noob" but i want to start reading and learning about securty holes, exploits, how to fix if or take advantage of then...well anything about web servers, proxy's, networks, etc..and i don't know where start. Can someone please recommend me some good text, book or web page? Many thanks, cheers!
Current thread:
- starting Ale (Feb 19)
- Re: starting Jon R. Kibler (Feb 20)
- Re: starting sparkzz (Feb 21)
- <Possible follow-ups>
- Re: starting krymson (Feb 21)