Ask HN: Where to start reading on security?

4 points by mjdwitt ↗ HN
I'm a CS student right now thinking about specializing in security. The problem I have, however, is that I don't know enough about security to know on which particular areas of security I want to focus. I only know enough to realize that it is in of itself a quite diverse field.

My question for all the security guys that hang around here is this: what books or blog should I start with if I want a general introduction to the field? I could just wait for the intro level course at my university, but I like to give myself a head start (especially on introductory courses) as I find that the repetition of teaching myself and being taught in class gives me a much more solid foundation in the material.

7 comments

[ 2.7 ms ] story [ 33.3 ms ] thread
I enjoy listening to the Security Now podcast with Steve Gibson. He gives a great overview every week of the security issues/patches/exploits and also goes in depth into a variety of security related topics. His explanations are always easy to understand and interesting.

http://www.grc.com/securitynow.htm

It's hard to say this without sounding like one of those condescending security people, but I highly recommend avoiding that guy.

http://attrition.org/errata/charlatan/steve_gibson/

To balance that with something constructive, if you are already comfortable with software development, I'd suggest checking out these to get started with playing around:

https://www.corelan.be/index.php/2009/07/19/exploit-writing-... - Part 1, they go to 11.

https://google-gruyere.appspot.com/ - for web app sec

Those are some great links. Do you follow any security related podcasts? I don't work in security but like to stay relatively up to date.
I really liked the "Stealing the network" book series. While it is fictional, the attacks are very realistic and there is much to learn from, even if its a bit outdated.

For me, understanding the attacker mindset is what makes a good security professional.