Best way to learn about security?

tshabet has asked for the wisdom of the Perl Monks concerning the following question:

So I'm ashamed to admit it, but I know virtually nothing about security/crypto/any of that stuff. As my programming skills get better, this is starting to bother me more. So my question for all of you "in the know" is: Where/how should I learn about this stuff? I'm good with computers in general, and I have a math background that covers modula and stuff like that. I have no problem following the security chapters in "Programming Perl." I guess I'm reasonably equipped to learn, but just wanted to know what everyone's advice is in terms of best method. Good books? Tutorials? Websites? If it matters in anyone's recommendation, I use FreeBSD on my personal machine, and I program a little in Python, a little better in Perl and Java and pretty well in C variants and html/xml/javascript. I even know some Pascal and Lisp. So anyway, I'm at least reasonably competent and would appreciate your advice and reccomendations for a security newbie. I couldn't find any nodes dealing with this question, but if one exists please accept my apology and point the way. Thanks Monks!

Comment on Best way to learn about security?

Replies are listed 'Best First'.
Re: Best way to learn about security? by nardo (Friar) on Aug 08, 2001 at 19:57 UTC
Phrack has a good article on perl CGI security. You could also browse around Security Focus which is a good site but is framed to death.	[reply]
Re: Best way to learn about security? by cacharbe (Curate) on Aug 08, 2001 at 22:37 UTC
When I started out in Crypto, I bought a few books that helped. I now have a nicely stocked library, but for brush up, I always go to a few specific titles to refresh, and, as it turns out, they were the first titles I bought. As I study for CISSP certification, the things I need to know get deeper and more involved, but I can always count on those titles to clear the air for me. I reccomend all of these (plus a couple others), found on my list at Amazon.com to start. Look at Schneier's books (both of them), as well as Menezes (You can get Menezes book in PDF on-line Here, but a shelf copy is always nice to have around). Also, to tune up your brain, and get ready for computer based crypto, I HIGHLY reccomend you read: Cryptanalysis, by Helen Fouche Gaines *The Classical Cryptography CourseVolume One and Volume Two. by Randall K. Nichols All three of these books will give you the strong basics. From there, read Schneier (with a little Neal Stephenson thrown in for crypto-entertainment. The book has an algorithm for encryption written in perl within it's immesnity, so it HAS to be good), and from there...Play, try, suffer, scream, experiment and learn. If you have any questions, we're all here to help... Update:*Since you used exclamation points in your follow-up, I'll pipe up with more info. You'll also want to brush up your statistical Analysis muscles with resources from sites like: Computational Probability & Statistics Resources Probability Tutorials And you'll probably want to check out Security/crypto websites like: Counterpane, Bruce Schneier's Company. Also, join his mailing list, The Crypto-gram. If you do spend the cash for his book, get a subscription to his disks as well, the code varies in usefulness, but it is all good study material. Security Focus, as mentioned before. This is more of a News and Views site, but very informative, and a good place to subscribe to mailing lists like Buqtraq and CISSPSTUDY, both useful. eEye Security A news and forum site dedicated to security. Tidbit: This is the group that worked with M$ to help solve their Code Red "incident". One final thought. We should all know our history, lest we repeat it. Read: The Code Breakers by David Kahn. It is truly a great historical and informational book. More Food for thought. C-.	[reply]
Re: Best way to learn about security? by tshabet (Beadle) on Aug 08, 2001 at 22:59 UTC
Great info guys! I checked out Phrack, seems like a very cool and informative place. I think I'll order cryptanalysis tonight, seems like an ideal "jumping off" book. Thanks for this info, the amazon list was especially helpful. Anyone else want to pipe in? This is exactly the type of insightful response I was looking for, thanks again guys!	[reply]

Back to Seekers of Perl Wisdom