Good day. Share quality security material (web and devices). Thank.

Closed due to the fact that it is necessary to reformulate the question so that it was possible to give an objectively correct answer by the participants Bald , insolor , Nicolas Chabanovsky 15 Sep '16 at 7:14 .

The question gives rise to endless debates and discussions based not on knowledge, but on opinions. To get an answer, rephrase your question so that it can be given an unambiguously correct answer, or delete the question altogether. If the question can be reformulated according to the rules set out in the certificate , edit it .

  • one
    Start with this catalystone.blogspot.ru/2016/01/blog-post_14.html - edem
  • one
    Dig in on " Social Engineering (Social Engineering)". A person (with his gullibility, laziness, etc.) is the most vulnerable link in the system. - avp
  • 9
    I vote for closing this issue, because The author will spend time reading all the articles about existing vulnerabilities on the Web, and he may just have a server from a data center steal ... Want to know the vulnerabilities, learn the technology or tool and cases of non-standard use, due to which vulnerabilities are born. - Firepro
  • You need to start with an assembler to really understand how computers work. Then go on to high-level languages, starting with C / C ++, while simultaneously studying the unix (linux) OS. then another couple of dozen programming languages, is it not enough in what language the code will be written in which it is necessary to search for vulnerabilities. And already with such baggage you will be able to understand what this or that vulnerability is based - Mike

1 answer 1

If you are interested in fundamental knowledge in this area, I recommend specials. MGU course:

Below are two links:

  • lections: lecture materials (slides, audio recordings)
  • biblio: recommended literature

I pay attention to this fundamental information, it will not become obsolete in a year, two - and only then when they come up with and implement a new protocol for web, for example.



What you need to learn:

  • Criminal Code of the Russian Federation and crimes in the field of information technology;

  • Threat models, their types, research objects:

    • Anthropogenic sources of threats;
    • Man-made sources of threats ;
    • Natural sources of threats;

  • Familiarity with Linux. An introduction to Kali Linux Rolling Edition 2016 and an overview of standard tools;

  • Intelligence and information gathering;
  • Network scan;

  • Search and exploit vulnerabilities:

    • Exploiting web-vulnerabilities, an introduction to Burp Suite, familiarity with OWASP Top-10;
    • Network infrastructure security;
    • Security analysis of wireless networks;
    • Introduction to the Metasploit Framework;
    • Bypassing proactive protection systems;

  • Introduction to social engineering.



I highly recommend a good practice book - johnny long - google hacking for penetration testers