![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
Navigation
Install the app
How to install the app on iOS
Follow along with the video below to see how to install our site as a web app on your home screen.
Note: This feature may not be available in some browsers.
More options
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
Good blogs/web sites for computer security
- Thread starter AMD_Gamer
- Start date
Here's a Security Information guide I wrote for my team that may be of some help.
Books:
Security Engineering - Ross Anderson - A very large, thorough book which discusses the fundementals of almost all areas of computer security.
Secrets and Lies - Bruce Schneier - Written by one of the premier security researchers. This book does an excellent job of making you think and understand, about the fundamentals of computer security. Less technical, more ideological.
CISSP All-in-one Guide - Shon Harris - Excellent, thorough book teaching all the domains covered by the CISSP. While this is primarily a CISSP study guide, this book also does an excellent job of covering the fundamentals of computer security.
Hacking Exposed - Foundstone - Became the first book to really discuss penetration testing and how to actually hack, step-by-step. A lot of the book is how to use well known security tools.
Tao of Network Security Monitoring - Richard Bejtlich - Written by a very well known security researcher. I haven't read it myself but Eric says it's good.
NMAP Network Scanning - Fyodor - NMAP is by the far the popular port scanner in existence. This book covers the intricacies of the tool. A beginner will get some good information from this book but it's definitely targeted towards a more advanced audience.
The Code Book - Simon Singh - Very entertaining read about Cryptography. Not very instructional but Simon Singh makes cryptography into one of the most entertaining books I've ever read.
Web Application Hackers Handbook - Daffyd Stuttard - Daffyd Stuttard is the author of the very well known web security proxy tool; BurpSuite. This book thoroughly covers all aspects of web application hacking. Daffyd also teaches an excellent class at Blackhat every year. Highly technical.
Books Reviewed by Richard Bejtlich of Taosecurity.com - Bejtlich reads...A LOT. He does claim to read every word, cover to cover, for any book he reviews. If you're looking for highly rated books in general you can do a lot worse than to check and see if he has reviewed it and what his thoughts were. You'll likely find a few books to read that you didn't know about.
Websites:
I usually recommend that people use an RSS feed reader like Google Reader to keep up to date with security websites.
Securiteam - Good site for current info on computer security. Current news, latest tools, etc.
Securiteam Vulnerabilities - Covers current vulnerabilities as they're released.
Packetstorm Security - Security news aggregator. Aggregates headlines from around the web.
CGISecurity - News about web application security
SANS.org - Current events over at SANS. Frequently has news on current security issues. Often a very good aggregator of information from various teams working to resolve critical security issues.
Microsoft Security Response Center - Microsoft's official site for dealing with security issues. Latest info about patches and/or anything security related to Microsoft is posted here.
Bruce Schneier - Personal blog of industry luminary Bruce Schneier. Often the items he posts can be found days earlier elsewhere. But his input and analysis is almost always worth reading.
Avert Labs - Avert labs is McAfee's research team. While primarily related to antivirus they frequently post interesting analysis of wide spread security issues. If there is a virus/trojan/ddos outbreak, AVERT usually has some good info.
TAO Security - Richard Bejtlich's blog. Good security info.
Mark Russonivich - Mark wrote the incredibly useful SysInternals suite of tools that has been acquired by Microsoft. His blog features stories of how to use those tools to solve some incredibly difficult technical problems.
Ha.ckers.org - Written by arguably the premier web application security researcher. Very technical discussion of the latest web vulnerabilities
Security Recruiter - Excellent website for learning about working within the industry. Indespensable knowledge for how to apply for jobs. Also good for understanding what positions are in demand.
Mailing Lists:
Mailing lists are an excellent way to keep up with the industry. Frequently you can get your information faster here than anywhere else. Rather than list out the different mailing lists, just read this: http://seclists.org/ . Fyodor does an excellent job describing the different lists. Full Disclosure is good to subscribe to but you may end up unsubscribing after you get annoyed by all the stupidity on the list. Bugtraq is the moderated version of Full Disclosure. Daily Dave is also an excellent list. All of the specialtly lists are good to if your interested in that subdomain. I.E. IDS Focus, Firewall Wizards, NANOG, etc.
Podcasts:
Pauldotcom - Probably the best known computer security podcast. Discussion of current events. Frequently interviews industry experts. Quasi-underground stuff. Lots of inside jokes. If you want to be considered a cool hacker he's in the clique. Teaches some SANS classes; usually with Ed Skodis.
Books:
Security Engineering - Ross Anderson - A very large, thorough book which discusses the fundementals of almost all areas of computer security.
Secrets and Lies - Bruce Schneier - Written by one of the premier security researchers. This book does an excellent job of making you think and understand, about the fundamentals of computer security. Less technical, more ideological.
CISSP All-in-one Guide - Shon Harris - Excellent, thorough book teaching all the domains covered by the CISSP. While this is primarily a CISSP study guide, this book also does an excellent job of covering the fundamentals of computer security.
Hacking Exposed - Foundstone - Became the first book to really discuss penetration testing and how to actually hack, step-by-step. A lot of the book is how to use well known security tools.
Tao of Network Security Monitoring - Richard Bejtlich - Written by a very well known security researcher. I haven't read it myself but Eric says it's good.
NMAP Network Scanning - Fyodor - NMAP is by the far the popular port scanner in existence. This book covers the intricacies of the tool. A beginner will get some good information from this book but it's definitely targeted towards a more advanced audience.
The Code Book - Simon Singh - Very entertaining read about Cryptography. Not very instructional but Simon Singh makes cryptography into one of the most entertaining books I've ever read.
Web Application Hackers Handbook - Daffyd Stuttard - Daffyd Stuttard is the author of the very well known web security proxy tool; BurpSuite. This book thoroughly covers all aspects of web application hacking. Daffyd also teaches an excellent class at Blackhat every year. Highly technical.
Books Reviewed by Richard Bejtlich of Taosecurity.com - Bejtlich reads...A LOT. He does claim to read every word, cover to cover, for any book he reviews. If you're looking for highly rated books in general you can do a lot worse than to check and see if he has reviewed it and what his thoughts were. You'll likely find a few books to read that you didn't know about.
Websites:
I usually recommend that people use an RSS feed reader like Google Reader to keep up to date with security websites.
Securiteam - Good site for current info on computer security. Current news, latest tools, etc.
Securiteam Vulnerabilities - Covers current vulnerabilities as they're released.
Packetstorm Security - Security news aggregator. Aggregates headlines from around the web.
CGISecurity - News about web application security
SANS.org - Current events over at SANS. Frequently has news on current security issues. Often a very good aggregator of information from various teams working to resolve critical security issues.
Microsoft Security Response Center - Microsoft's official site for dealing with security issues. Latest info about patches and/or anything security related to Microsoft is posted here.
Bruce Schneier - Personal blog of industry luminary Bruce Schneier. Often the items he posts can be found days earlier elsewhere. But his input and analysis is almost always worth reading.
Avert Labs - Avert labs is McAfee's research team. While primarily related to antivirus they frequently post interesting analysis of wide spread security issues. If there is a virus/trojan/ddos outbreak, AVERT usually has some good info.
TAO Security - Richard Bejtlich's blog. Good security info.
Mark Russonivich - Mark wrote the incredibly useful SysInternals suite of tools that has been acquired by Microsoft. His blog features stories of how to use those tools to solve some incredibly difficult technical problems.
Ha.ckers.org - Written by arguably the premier web application security researcher. Very technical discussion of the latest web vulnerabilities
Security Recruiter - Excellent website for learning about working within the industry. Indespensable knowledge for how to apply for jobs. Also good for understanding what positions are in demand.
Mailing Lists:
Mailing lists are an excellent way to keep up with the industry. Frequently you can get your information faster here than anywhere else. Rather than list out the different mailing lists, just read this: http://seclists.org/ . Fyodor does an excellent job describing the different lists. Full Disclosure is good to subscribe to but you may end up unsubscribing after you get annoyed by all the stupidity on the list. Bugtraq is the moderated version of Full Disclosure. Daily Dave is also an excellent list. All of the specialtly lists are good to if your interested in that subdomain. I.E. IDS Focus, Firewall Wizards, NANOG, etc.
Podcasts:
Pauldotcom - Probably the best known computer security podcast. Discussion of current events. Frequently interviews industry experts. Quasi-underground stuff. Lots of inside jokes. If you want to be considered a cool hacker he's in the clique. Teaches some SANS classes; usually with Ed Skodis.
ShadowStriker
[H]ard|Gawd
- Joined
- Oct 8, 2009
- Messages
- 1,669
I believe there is also a CISSP forum group on Yahoo! Groups. I get occassional emails that my colleague forwards to me with interesting stuff.
Wow thanks for the post, I was just looking for blogs/sites.
But as for books I will look into those.
I just finished reading the Code Book. Awesome Book! This past year I took a great interest in Cryptography.
I am also currently reading Secrets and Lies, about 50 pages left. Great book but it is getting dated in some parts.
But as for books I will look into those.
I just finished reading the Code Book. Awesome Book! This past year I took a great interest in Cryptography.
I am also currently reading Secrets and Lies, about 50 pages left. Great book but it is getting dated in some parts.
Last edited:
DaRuSsIaMaN
[H]ard|Gawd
- Joined
- Apr 22, 2007
- Messages
- 1,216
Hey I found this thread while doing a search for any threads about AV/firewall solutions...
Do you guys know anything about this site?
http://www.matousec.com/projects/proactive-security-challenge/
It's supposed to be a firewall challenge. They run a bunch of tests apparently. Someone on another forum recommended it a while ago. Anyone know if this is legit?
Do you guys know anything about this site?
http://www.matousec.com/projects/proactive-security-challenge/
It's supposed to be a firewall challenge. They run a bunch of tests apparently. Someone on another forum recommended it a while ago. Anyone know if this is legit?
Last edited:
network warrior is a pretty good book.
http://www.amazon.com/Network-Warri...1511/ref=sr_1_1?ie=UTF8&qid=1291121571&sr=8-1
http://www.amazon.com/Network-Warri...1511/ref=sr_1_1?ie=UTF8&qid=1291121571&sr=8-1
As an Amazon Associate, HardForum may earn from qualifying purchases.