

Ask HN: Primer on Web Security - alanthonyc

What reading would you recommend to get started learning about security?  Maybe the basics about protecting your site from attacks would be good...
======
tptacek
I like Dafydd Stuttard's "The Web Application Hacker's Handbook", despite the
title. Work through the examples.

A lot of people will direct you to OWASP, which is not a bad free tertiary
source (owasp.org). There's lots of HOWTO stuff there. Be careful about the
OWASP Top 10. You want to know what it is, but it's showing its age.

~~~
pasbesoin
While looking at the recommendation, I noted that the book's website has a
page of links to tools:

<http://portswigger.net/wahh/tools.html>

Nothing eyebrow raising, but if you're starting out, worth knowing about.

~~~
tptacek
Portswigger is the author of Burp, which is _the_ industry standard web
application testing tool. Almost everyone I know in the field uses it.

------
progLiker
Hindsightly I'd start by reading a book about internet security. The only
sound thing is to start with a book, giving an overview of the matter and
gather information from that point onwards. Most rational thing to do. That's
my recommendation.

You wanted to protect your site from attacks: I found a pdf document on the
net quite informative: "ethical hacking"(pdf). It covers packet, transport and
network layer security up to "google" hacking. It is broken on
[<http://www.scribd.com>], but there are several other similar guides there.
And it is out there I found it via google.

There are some good documents at defcon.org as well, I read one about
firewalling which was impressive.

You must go elsewhere for cgi security issues, protocols, encryption and all
that.

------
alanthonyc
Awesome, thanks for the tips everyone. So much to learn, so little time.

------
noodle
hacker's handbook was where i started.

