
Ask HN: Where to start reading on security? - mjdwitt
I'm a CS student right now thinking about specializing in security. The problem I have, however, is that I don't know enough about security to know on which particular areas of security I want to focus. I only know enough to realize that it is in of itself a quite diverse field.<p>My question for all the security guys that hang around here is this: what books or blog should I start with if I want a general introduction to the field? I could just wait for the intro level course at my university, but I like to give myself a head start (especially on introductory courses) as I find that the repetition of teaching myself and being taught in class gives me a much more solid foundation in the material.
======
mechanical_fish
You're looking for this page on HN:

<http://news.ycombinator.com/user?id=tptacek>

Particularly the link that says "reading list."

~~~
mjdwitt
Awesome, thanks a ton. The Amazon link is pretty much the mother lode.

~~~
tptacek
To it, I would probably add "The Tangled Web" by Zalewsky.

------
yuvalo
I really liked the "Stealing the network" book series. While it is fictional,
the attacks are very realistic and there is much to learn from, even if its a
bit outdated.

For me, understanding the attacker mindset is what makes a good security
professional.

------
dtromero
I enjoy listening to the Security Now podcast with Steve Gibson. He gives a
great overview every week of the security issues/patches/exploits and also
goes in depth into a variety of security related topics. His explanations are
always easy to understand and interesting.

<http://www.grc.com/securitynow.htm>

~~~
lawnchair_larry
It's hard to say this without sounding like one of those condescending
security people, but I highly recommend avoiding that guy.

<http://attrition.org/errata/charlatan/steve_gibson/>

To balance that with something constructive, if you are already comfortable
with software development, I'd suggest checking out these to get started with
playing around:

[https://www.corelan.be/index.php/2009/07/19/exploit-
writing-...](https://www.corelan.be/index.php/2009/07/19/exploit-writing-
tutorial-part-1-stack-based-overflows/) \- Part 1, they go to 11.

<https://google-gruyere.appspot.com/> \- for web app sec

~~~
dtromero
Those are some great links. Do you follow any security related podcasts? I
don't work in security but like to stay relatively up to date.

