What is a good list of resources to learn system security?

These days exploiting C/C++ and operating systems is not easy You are starting with a massive topic. The only more complex security topic would be cryptography. With anything you need to start small and then work your way up.

You should start with web application security. You should be learning about the most common vulnerabilities such as XSS and SQL Injection Google Gruyre is a good resource If you are very skilled then you might be able to get though old paper smashing the stack for fun and profit A good book for learning how to attack modern c/c++ applications is Exploiting Software: How to break code.

These days exploiting C/C++ and operating systems is not easy. You are starting with a massive topic. The only more complex security topic would be cryptography.

With anything you need to start small and then work your way up. You should start with web application security. You should be learning about the most common vulnerabilities such as XSS and SQL Injection, Google Gruyre is a good resource.

If you are very skilled then you might be able to get though old paper smashing the stack for fun and profit. A good book for learning how to attack modern c/c++ applications is Exploiting Software: How to break code.

Hah! Noted sir, thanks for the input. If everyone was detered by the daunting, we wouldn't have much in the ways of innovation.

– AedonEtLIRA May 13 at 23:27 1 then this is innovation – Rook May 13 at 23:33 I own the book, it's awesome. – karlphillip May 14 at 0:37.

I feel that information security is too broad a topic, and list of interesting problems are too many to enumerate. Since you say about Damn vulnerable linux, I assume that you are confining this to operating system. If so, some interesting topics would be - i) Buffer Overflow attacks - Stack smashing attacks, Integer overflow and Heap smashing attacks, etc.And ii) TOCTOU attacks.

insecure.org/ is a good resource and has bunch of tutorials on them. Also, the vulnerabilities, and some attack payload can be found in vulnerability reporting DB such as secunia.Org and cert.org. Also, it might be worth to study about network exploits - on how deep-packet inspection can detect simple worms.

Advanced topics might include polymorphic and self-modifying worms. Firewalls can be an eventual topic.

Tahnk for the input, I will look into all that :) – AedonEtLIRA May 13 at 23:20.

I cant really gove you an answer,but what I can give you is a way to a solution, that is you have to find the anglde that you relate to or peaks your interest. A good paper is one that people get drawn into because it reaches them ln some way.As for me WW11 to me, I think of the holocaust and the effect it had on the survivors, their families and those who stood by and did nothing until it was too late.