Good resources on security, hacking etc?

Question

Hi there,

I am interested in learning about how hackers find and exploit vulnerabilities. Specifically about windows hacking and web hacking i.e. I’m NOT interested in linux/unix stuff.

Are there any good websites with technical articles about specifically how to find, exploit and block vulnerabilities with code samples and tools used.

I can do a quick search and there are a load of sites but i'm looking for something with a little more quality geared towards an audience with a programming and web background.

Even a good book but only if it's windows/web specific

Thanks a lot

Answer 1

Try Simpson Garfinkel's book on web security first.

Answer 2

See the top 100 network security tools list at http://sectools.org/.

Answer 3

Since you're asking about the Windows world, why not take a look at what Microsoft has to say? See -

Security on TechNet

Security on MSDN

There's a wealth of information there. Much of it looks Microsoft specific at first, but this seems to be what you're looking for, and regarding web security different platforms and technologies share some of the major issues (SQL Injection, XSS etc.).

Answer 4

Don't get me wrong but if you really want to understand security stuff, Linux is really the way to go. There, you'll really learn the fundamental, i.e. things that is important everywhere (encryption, ASM, programming, protocols, [etc]). However, on Linux, you'll be able to read real code and use/find real exploit (and of course, send bug fix). You'll also find a lot more documentation and a really nice community.

I know I'm biased toward Linux and you'll probably think I completely missed your question. However, I know friends of mine who asked me the same question and I told them what I've just told you.

Once you know the base, you can easily find the documentation you want (reading RFC, learning new languages, architectures, tools, source code, etc..) This is by far better then to know a procedure to execute an exploit without understanding why it exists.

One last thing, the best hacker does't find exploit by guessing.. they have a perfect understanding on the underlying structure and see something wrong. Then, some exploit it, other send a patch to fix it - this is not the right place to argue about it - however, they are both experts in this domain.

Answer 5

I highly recommend:

Hacking: The Art of Exploitation

Gray Hat Hacking, Second Edition: The Ethical Hacker's Handbook

Answer 6

I liked the Web Security Testing Cookbook. Some non-Windows stuff in there. The focus is on testing and using tools to find problems.

Answer 7

A good starting point for a web developper would be the Open Web Application Security Project (OWASP). They have a lot of ressources on the subject of Web Application Security and on some on application security in general. You can get some of the wisdom of that side in book form.

Answer 8

Smashing the Stack for Fun and Profit is the classic Phrack article on writing buffer overflow exploits.

Answer 9

Subscribe to Schneier on Security. It's a great security blog.

Answer 10

For web hacking I recommend reading the book The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws (very good book with lots of examples. It also shows you the tools which will get you started).

Also for web hacking I recommend completing and understanding all the challenges you can solve by downloading the WebGoat