Recommendations for a newbie?
Results 1 to 8 of 8

Thread: Recommendations for a newbie?

  1. #1
    Junior Member
    Join Date
    Sep 2004
    Posts
    3

    Recommendations for a newbie?

    Hey guys,
    I orginally posted this in the wrong forum: I was wondering if any you guys could recommend a good book to help me pick up on some key computer security fundamentals, especially pertaining to Windows 9x and XP. I'm looking for info on explotation concepts (i.e. most revolve around I've seen revolve around concepts like (buffer overrun) and appropriatecountermeasures. Where can I find good info on this stuff?

    Thanks,

    Steve

  2. #2
    Senior Member
    Join Date
    Mar 2004
    Location
    Colorado
    Posts
    421
    Google

  3. #3
    Junior Member
    Join Date
    Sep 2004
    Posts
    6
    Hacking Exposed (Most versions)
    Maximum Security
    The Unofficial Guide to Ethical Hacking
    Network Security: A Hacker's Perspective
    The Ethical Hacking Guide to Corporate Security

  4. #4
    Banned
    Join Date
    Sep 2004
    Posts
    305
    Since buffer overflows and preventing them are a part of coding, I'd look into an advanced book and/or book that describes proper coding syntax of whatever coding language you're interested in.

    Since I have no real world expierence, maybe chsh or Juridian can shed some more light on how they learned about situations like these.

  5. #5
    Senior Member
    Join Date
    Nov 2001
    Posts
    1,255
    I'm not exactly the best person to ask for book resources, as a lot of my learning has been done through other means. Much of my experience comes in software development, but unfortunately one of the problems out there that's existed for a long time is a lack of focus on best practices. I found after reading "The C++ Programming Language: Special Edition" by Bjarne Stroustrup (the guy at AT&T who first developed the language) that he covers pretty well how to write C++ with an eye towards best practices. It's not completely brand spanking new, but it was a refreshing change of pace from most other development books I've read.

    That being said, the OP didn't really ask about programming security, but more generic use security. I honestly can't say I've ever read an astounding desktop security book. My understanding came from a trial and error approach at home, as well as a logically dictated thought process of what was sensible given my knowledge of the environment. It was further developed after I started working as a Sys/Netadmin -- there really are some things that just won't seem important until you are on the job.

    My advice would be to read the resources people here recommend to you now, and have recommended in the past (especiallly MsMittens, Hogfly, HTRegz, and Juridian, IMO). This will require making use of the forum search function, but something along the lines of "book recommendations" should pull up quite the list.
    Additionally, as you broaden your understanding, form a set of security principles, but understand that they are principles and sometimes circumstance dictates breaking them.
    Chris Shepherd
    The Nelson-Shepherd cutoff: The point at which you realise someone is an idiot while trying to help them.
    \"Well as far as the spelling, I speak fluently both your native languages. Do you even can try spell mine ?\" -- Failed Insult
    Is your whole family retarded, or did they just catch it from you?

  6. #6
    Ninja Code Monkey
    Join Date
    Nov 2001
    Location
    Washington State
    Posts
    1,027
    Building Secure Software - John Viega/Gary McGraw - http://www.amazon.com/exec/obidos/AS...175044-2669568

    Secure Coding - Principles and practices - http://www.amazon.com/exec/obidos/tg...books&n=507846

    Secure programming cookbook for c and c++ - http://www.amazon.com/exec/obidos/AS...175044-2669568

    Writing Secure Code - http://www.amazon.com/exec/obidos/tg...glance&s=books
    "When I get a little money I buy books; and if any is left I buy food and clothes." - Erasmus
    "There is no programming language, no matter how structured, that will prevent programmers from writing bad programs." - L. Flon
    "Mischief my ass, you are an unethical moron." - chsh
    Blog of X

  7. #7
    Elite Hacker
    Join Date
    Mar 2003
    Posts
    1,407
    w00t, I checked out building secure software from my uni library before I read this. It looked pretty good. Haven't looked at it much because I also have the shellcoder's handbook which seemed more interesting. Can anyone give a comparison. Is there one I should focus more on? Thanks.

  8. #8
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    The Unofficial Guide to Ethical Hacking
    Network Security: A Hacker's Perspective
    The Ethical Hacking Guide to Corporate Security
    I'd stay away from these ones. The book Hacking: The Art of Exploitation is actually quite good. In addition, some specific OS security you might want to take a gander at the Hacking Exposed series or even Microsoft's security books (for each OS).

    I have to agree with chsh in that you will find that it might be necessary to widen your view a bit. (e.g., firewalls, IDS, wi-fi security, etc.). And don't be afraid to look online, not just at Antionline. SANS reading room actually has quite a few good papers that might be what you're looking for (I think you need to register to access them but that's free IIRC).
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides