30

I graduated this year and am working in the security domain. I want to explore security topics and don't have a strong background since it was not part of our curriculum. Can you list some good security blogs which explore various security strategies. It could be any kind of security like network security, information security, SOA security, Identity, access, authorization etc.

Note: for developer-oriented resources, see this question:

What security resources should a white-hat developer follow these days?

Community
  • 1
GG01
  • 369
  • 5
  • 7
  • 3
    This seems like a duplicate of [this question][1]. Remember to check the questions already asked - the search function is pretty good. [1]: http://security.stackexchange.com/q/571/485 – Rory Alsop Feb 25 '11 at 10:00
  • @RoryAlsop - It looks like normal markdown coding doesn't work for URLs in comments. Regarding the question, I'm not 100% sure it's really an *exact* duplicate. This seems to be more generalized, whereas the other question specifically seeks to address the needs of *developers*. – Iszi Feb 25 '11 at 14:46
  • 1
    Perhaps this question could be geared for non-coders? – makerofthings7 Feb 28 '11 at 17:26
  • 1
    Coverted to wiki as "List of ..." question... – AviD May 03 '11 at 10:49

16 Answers16

14

If you want to learn more about the security domain, blogs are not where I'd start. I'd start with classic books. Ross Anderson's Security Engineering is an absolute classic, a must-read for anyone in the business. Others may have other suggestions.

As for blogs, here are a few suggestions:

D.W.
  • 98,420
  • 30
  • 267
  • 572
8

For application security, I recommend the OWASP Moderated Application Security News Feed. http://www.owasp.org/index.php/Feed. From the website...

"There are hundreds of bloggers, journalists, hackers, and others who write about application security. The problem is that most of the notes written are simply not very interesting or useful to busy application security professionals. To help with this onslaught of application security news, the OWASP Team reviews over 130 of these sources and produces the OWASP Moderated Application Security News Feed. The OWASP Team only selects high-quality posts focused on application security that advance the field, provide useful insight, or are useful educational resources. We don't post 0-day information and we try to avoid posts that are commercial in nature or promote one company's product or services."

planetlevel
  • 335
  • 1
  • 7
4

I would highly recommend to everyone interested in security/hacking The Open Pentest Bookmarks Collection project.

It's a project collecting all the best sites and dividing them into categories. Also everyone can suggest a site that might be interesting.

For the full list see the wiki page: http://code.google.com/p/pentest-bookmarks/wiki/BookmarksList

chao-mu
  • 2,801
  • 18
  • 22
Tornike
  • 593
  • 1
  • 6
  • 8
2

http://packetstormsecurity.org/ offers a fantastic security blog in addition to exploits, white papers, and other goodies. It is a great resource.

On an (somewhate) unrelated note, I might recommend reading the Security+ test prep book. Taking the test isn't 100% necessary but the book gives you a great overview of many topics in the Security field.

PalmerBomber
  • 347
  • 4
  • 7
  • My virus protection software is flagging the link above as a known web threat. This could be a false-flag, but let the user beware. – Mark Jun 30 '12 at 18:29
  • @Mark - worth checking the settings on your AV. It may be flagging a false positive. – Rory Alsop Jul 02 '12 at 07:41
2

I'll add Naked Security news. Multiple blogger post there, so there are often several new articles a day. They cover all sorts of security topics like malware, spam, social engineering attacks, etc.

Bill the Lizard
  • 6,731
  • 4
  • 19
  • 28
2

The Security Stackexchange Blog is also developing well - providing insight into hot security topics in industry, as well as areas which are in demand by users of this site.

Rory Alsop
  • 61,367
  • 12
  • 115
  • 320
1

Some of my favorite:

(Disclosure: I work for Varonis and write on the Inside Out Security blog from time to time, but the content is very high quality!)

Rob Sobers
  • 219
  • 1
  • 4
1

Some others not listed here:

Epoch Win
  • 922
  • 2
  • 7
  • 14
1
free_easy
  • 169
  • 1
  • 4
1

Eric Rescorla's blog, not always on security, always enjoyable http://www.educatedguesswork.org/

Bruno Rohée
  • 5,221
  • 28
  • 39
1

All good answers. I would also add:

SANS Internet Storm Center - http://isc.sans.org/

Dancho Danchev - http://ddanchev.blogspot.com/

Bernie White
  • 2,866
  • 17
  • 18
0

Matt Green's blog http://blog.cryptographyengineering.com/ regularly has pretty thorough posts on current cryptographic attacks and protocols. It also has some pretty good discussion of the politics and policy around crypto currently.

puzzlepalace
  • 681
  • 3
  • 11
0

No list is complete without a mention of the twitter-only @SwiftOnSecurity which is something of an infotainment meta-blog, featuring links to current infosec topics (and some, uh "miscellaneous stuff") on a daily basis. The operator also runs a companion how-to site, http://decentsecurity.com/

Jeff Meden
  • 3,966
  • 13
  • 16
0

I would like to recommend SkullSecurity or my blog or FuzzySecurity.

kaidentity
  • 2,634
  • 13
  • 30
0

Voltage Security's blog - http://superconductor.voltage.com/ is one security blog I enjoy reading among other listed here.

Drew Lex
  • 2,013
  • 2
  • 19
  • 24
0

Follow the twitter feeds of community members and open source projects you enjoy. You can start off by going through some of the blogs listed here and adding the feeds of authors. Look at re-tweets to guide expanding the list and prune those who microblog the useless details of their personal lives.

chao-mu
  • 2,801
  • 18
  • 22