8

I would like to get into computer security in my career. What are the best ways to learn how to program securely?

It seems to me that, besides textbooks and taking classes in the subject, perhaps learning how to "hack" would be one of the best ways to learn. My reason for thinking this is the thought that the best way to learn how to prevent someone from doing what you don't want them to is to learn what they're capable of doing.

If this is the case, then this poses another question: How would you go about learning to hack in an ethical manner? I definitely don't want to break laws or cause harm in my quest.

Peter Mortensen
  • 1,045
Kenneth
  • 2,701

3 Answers3

5

Have you looked at OWASP? Also, here is a more direct link to the top 10 security problems.

Josh K
  • 23,029
  • 10
  • 67
  • 100
S.Lott
  • 45,522
  • 6
  • 93
  • 155
5

There's plenty out there on "ethical hacking" - one frequent hit word is "penetration testing". There's also codes of ethics out there on how to go about it - but my one rule of thumb would be the same as kindergarten rules - don't tough stuff that isn't yours.

If you're interested in both sides of the coin, I'd suggest home projects - build a simple application and then try to hack it. Then you have the code available so you can break it and fix it to your heart's content.

The other thing is sites like OWASP (see other answer). There's a ton of known vulnerabilities out there. Learning about them and learning how to prevent them is a great step that cuts short the trial and error of DIY hacking. Also learning about mechanisms for confidentiality, integrity, identification, and availability for software, networks, and computers in general is a great step. Having experience in implementing these mechanisms in your language/deployment of choice is a great way to build up sofware security skills.

bethlakshmi
  • 7,625
2

One way would be to look at the tools that can be used to penetration test a system. You can download some specialized penetration-test Linux distributions for a start.

Another part of your learning quest is to read the literature out there. OWASP as suggested by @S.Lott is an amazing resource for web-application security. SafeCode is a more generalised source, but it is definitely a lot less detailed.

Peter Mortensen
  • 1,045
Dan McGrath
  • 11,181
  • 6
  • 57
  • 82