18

I have been working in web development for a fair amount of time. I am looking at developing in either Python (Django etc.) or PHP. I am new to security. Where do I begin looking? What are basic things I should have in mind? Basically, how do I get started with this? Apart from web related security, what do I go through?

Scott Pack
  • 15,167
  • 5
  • 61
  • 91
ape
  • 281
  • 3
  • 5
  • Thanks a lot for the answer guys! It looks helpful to go through these sources. – ape May 22 '12 at 07:46

6 Answers6

10

There are so many things to do and read that it's impossible to list them all all here. However, here is a collection of links to questions on this site to get you started:

user1301428
  • 1,927
  • 1
  • 23
  • 28
6

Security is every where in this connected world. First of all, you should grab some security-related books to read, such as:

The Tangled Web: A Guide to Securing Modern Web Applications
The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws
The Shellcoder's Handbook: Discovering and Exploiting Security Holes
...

You should constantly update your information against this vast field via forums, Twitter, LinkedIn groups, ...

Last but not least, I think you should keep your enthusiasm, your curiosity in every digital system: how it works, how people interacts with it, how to break security mechanism, ...

Good luck!

anhldbk
  • 367
  • 1
  • 3
  • 10
4

Well both of us are surely in the same boat.

I will simply list down a few things which have helped me a lot in my past few months ever since i ventured in the field of security.

http://www.securitytube.net - you will great videos which will help in understanding the theory you read elsewhere

http://www.happyhacker.org - Again a great site for good reading stuff.

Visiting security.stackexchange.com regularly and reading the previous posts has also helped me a lot. It is awesome!!

www.metasploit.com & www.backtrack-linux.org - Metasploit and BackTrack are definitely not things to play around with. But any 'beginner' must know of the best-in-business things

www.insecure.org - nmap i another great tool which you will find here and may want to look at. The site also offers other great reading stuff.

www.offensive-security.com - you can save this one when you feel you are crossing past the 'beginner' stage. They have a great post on Metaspolit, and they offer professional courses as well.

Rory Alsop
  • 61,367
  • 12
  • 115
  • 320
pnp
  • 1,818
  • 2
  • 26
  • 42
4

If you are going for PHP you might like this great book

http://www.flazx.us/data/00/72/26/08/0072260858/0000.L.jpg

It explains the acts that might expose your application and makes it vulnerable.

also you might like the "programing " chapter of this book

http://ecx.images-amazon.com/images/I/61Q68M25K3L._SL500_AA300_.jpg

its a great start for beginners ,its divided into 4 parts: introduction,programing,networking ,cryptography

HSN
  • 1,188
  • 12
  • 23
  • 2
    19 deadly sins [2005] (the first link) has been updated to 24 deadly sins [2009] http://www.amazon.co.uk/Deadly-Sins-Software-Security-Programming/dp/0071626751/ref=pd_cp_b_0 – Cheekysoft May 24 '12 at 14:59
  • Wow thanks for telling bro ...looks like i need an update i think I'll get the new version – HSN May 24 '12 at 16:31
3

I did a blog post with a friend (@securityninja) on something similar - http://www.securityninja.co.uk/application-security/random-thoughts-on-education-learning-from-markofu/ - which you might find useful.

Additionally, Robin Wood has recently done some research on this topic. He presented it at BSides London recently and has posted his findings on his blog - http://www.digininja.org/projects/breaking_in_part_1.php.

There's a lot of information so I hope it's of help.

Mark Hillick
  • 2,124
  • 11
  • 14
1

Where do I begin looking?

Start by looking around you. Security is about people dealing with technology. What are the challenges your friends, family, and peers are having with keeping their information secure? What are some solutions to their problems.

What are basic things I should have in mind?

Information has value that we are trying to protect, but it's value is not the same to everyone and protection takes different forms: confidentiality, integrity, availability. Learn what type of information needs what type of protection. Sometimes the protection is legally required (personal, medical, financial, etc).

Basically, how do I get started with this?

Read articles or books on security that interest you. Participate in discussions and forums. If you find an area of interest with like-minded people, you won't be able to stop.

Apart from web related security, what do I go through?

Learn about networking, system administration, risk and mitigation, and most importantly good written and spoken presentation.

this.josh
  • 8,843
  • 2
  • 29
  • 51