Smashing the Stack for Fun and Profit is the classic Phrack article on writing buffer overflow exploits.
A good starting point for a web developper would be the Open Web Application Security Project (OWASP). They have a lot of ressources on the subject of Web Application Security and on some on application security in general. You can get some of the wisdom of that side in book form.
Try Simpson Garfinkel's book on web security first.
I highly recommend: Hacking: The Art of Exploitation Gray Hat Hacking, Second Edition: The Ethical Hacker's Handbook.
I liked the Web Security Testing Cookbook. Some non-Windows stuff in there. The focus is on testing and using tools to find problems.
Subscribe to Schneier on Security. It's a great security blog.
Yes, this a win. – Rook Jan 29 '10 at 17:33.
For web hacking I recommend reading the book The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws (very good book with lots of examples. It also shows you the tools which will get you started). Also for web hacking I recommend completing and understanding all the challenges you can solve by downloading the WebGoat.
See the top 100 network security tools list at sectools.org/.
I think what you'll need would be to join some hackers community which would provide many missions where you'd have to find the exploits yourself.... understand that if you have learn hacking you'd have to hack something...... enigmagroup.org would be an useful one... securitytube.net from here you can get videos on almost every security related issue...
Don't get me wrong but if you really want to understand security stuff, Linux is really the way to go. There, you'll really learn the fundamental, i.e. Things that is important everywhere (encryption, ASM, programming, protocols, etc).
However, on Linux, you'll be able to read real code and use/find real exploit (and of course, send bug fix). You'll also find a lot more documentation and a really nice community. I know I'm biased toward Linux and you'll probably think I completely missed your question.
However, I know friends of mine who asked me the same question and I told them what I've just told you. Once you know the base, you can easily find the documentation you want (reading RFC, learning new languages, architectures, tools, source code, etc..) This is by far better then to know a procedure to execute an exploit without understanding why it exists. One last thing, the best hacker does't find exploit by guessing.. they have a perfect understanding on the underlying structure and see something wrong.
Then, some exploit it, other send a patch to fix it - this is not the right place to argue about it - however, they are both experts in this domain.
Yes, linux is a great hacking platform. – Rook Jan 29 '10 at 17:33.
I cant really gove you an answer,but what I can give you is a way to a solution, that is you have to find the anglde that you relate to or peaks your interest. A good paper is one that people get drawn into because it reaches them ln some way.As for me WW11 to me, I think of the holocaust and the effect it had on the survivors, their families and those who stood by and did nothing until it was too late.