Best software testing books according to redditors
We found 105 Reddit comments discussing the best software testing books. We ranked the 30 resulting products by number of redditors who mentioned them. Here are the top 20.
We found 105 Reddit comments discussing the best software testing books. We ranked the 30 resulting products by number of redditors who mentioned them. Here are the top 20.
For a practical top-down approach to pentesting, this book was monumental for me learning the process of pentesting. I have mentioned the OSCP, and while that is an advanced course, it has benefited me greatly to excel at what I do. It's difficult to give you a starting point now, since when I started the security field was very different. I would say here and netsec are solid communities to get help on something specific, but you definitely want to have working knowledge before asking about it.
Also I highly recommend THP2 (pentesting focused) (you can skip THP, its contents are all included and better organized in THP2) and THP3 (red teaming focused). Peter also hosts awesome trainings which I've leveraged into internships and jobs. more info at https://securepla.net/training
Start with learning computer systems, networking, and Linux. You need to be able to at least read computer code, know how data flows between computer networks, and how to do things in Linux. Here are few links to get you started:
First and foremost, basics and free stuff:
Intro to Linux
https://www.edx.org/course/introduction-linux-linuxfoundationx-lfs101x-2
Computer Networks
https://www.coursera.org/course/comnetworks
Intro to computer science and programming Python:
https://www.edx.org/course/introduction-computer-science-mitx-6-00-1x-0
Web development -- Will help you when (and if) you go through web pentest route
https://www.udacity.com/course/cs253
Cryptography
https://www.coursera.org/course/crypto
Once you've covered all above topic, you are ready to enter into pure-hacking learning:
First free stuff:
http://www.reddit.com/r/HowToHack
http://www.breakthesecurity.com/p/hacking-tutorials-for-beginners.html
http://www.securitytube.net/
Following cost money but take you through each and every step of a pentest without distractions:
Hacking Exposed ed.7
http://www.amazon.com/Hacking-Exposed-Network-Security-Solutions/dp/0071780289
The Hacker Playbook
http://www.amazon.com/The-Hacker-Playbook-Practical-Penetration/dp/1494932636
Very expansive but well worth it (Bonus: It's a certification):
http://www.offensive-security.com/information-security-certifications/oscp-offensive-security-certified-professional/
I'm taking it right now. The books I read through or started before the OSCP in no particular order:
Honestly, if I could go back and prepare for the course again, I would have just learned the basics of python and then really focused on bash scripting. You're going to learn a metric fuck ton in the course. Remember, you're not paying just for the cert - you're paying for a course to get you to the cert.
Hey man! I work as Security Analyst - about a year away from graduating with my Bachelors.
I suggest you pick up the CompTIA Security+ Certification, as well as start learning the basics of Networks and how they function. Learn ports and protocols, as well as how IDS/IPS/Firewalls function. This will get you an entry level role as a Jr Analyst. I suggest you use [http://www.professormesser.com/security-plus/sy0-401/sy0-401-course-index/](Professor Messers Security+ Videos) This will teach you the basics of security work, networking concepts, threats, etc.
At the same time start listening to podcasts like Paul's Security Weekly, Down the Security Rabbit Hole, etc. As well as start reading blogs on hacking to get a feel for whats done.
Get a home lab and learn a few tools like Wireshark and Nmap for basic Security Analyst work - to learn how packets work, how they are structured, and how to scan pc's for ports and services. At the same time, focus on learning about threats and vulnerabilities (which are covered in security+).
If you want to get into PenTesting then you need a wide range of knowledge. Pick up and learn a few languages (master the basics and understand what the code does and how to read/interpret it). You need to know: PHP, HTML, SQL, Python (or Ruby), and a basic language like C, or Java.
If you want to dig deeper into PenTesting then start reading: https://www.offensive-security.com/metasploit-unleashed/
Good way to get into the Kali Distro and learn how to run Metasploit against vulnerable VM's.
Take a look at https://www.vulnhub.com/resources/ for books, and vulnerable VM's to practice on.
https://www.cybrary.it/ is also a good place with tons of videos on Ethical Hacking, Post Exploitation, Python for Security, Metasploit, etc.
Pick up some books such as
The Hacker Playbook 2: Practical Guide To Penetration Testing
Hacking: The Art of Exploitation
Black Hat Python: Python Programming for Hackers and Pentesters
Rtfm: Red Team Field Manual
The Hackers Playbook and The Art of Exploitation are great resources to get you started and take you step by step on pen testing that will allow you to alter explore the endless possibilities.
Also a good list of resources that you can learn more about security:
Getting Started in Information Security
Pentester Labs
Awesome InfoSec
Awesome Pentest
Overall experience and certification are what will get you into the door faster. Most employers will look for experience, but if they see you have motivation to learn and the drive to do so, then they might take you. Certifications also are big in the infosec field, as they get you past HR. And having a home lab and doing side projects in security also reflects well.
Hacker playbook 2 is always my recommendation for reference and a good guide to PTES.
Currently learning:
2016 Goals:
If anyone has any learning resources for any MVC JS framework or Node feel free to share.
Edit: New goal is to learn Meteor.js. Some resources I've compiled for others who might want to learn Meteor too:
Some suggestions:
WWDC sessions. Even the Mac ones.
The Mobile Application Hacker's Handbook
Has a lot of useful information about security, privacy, and reverse engineering.
XCode 5 Developer Reference
While this was written for Xcode 5, much of it still applies to Xcode 7. It includes information on build configuration files, using breakpoints to trigger scripts and other subjects/techniques that are difficult to find elsewhere.
Test Driven iOS Development
The book is OK, the author did a video series for ideveloper.tv that was much better and more accessible. Unfortunately it is no longer available.
If you get a 1 month Safari Books trial you can access a lot of content easily (I think all of the ones I listed, and more). Some of them may be available for free (well, parts of them) through Google Books.
You can also look through iOS developer conference videos online. Some will help you level up, some not so much.
https://vimeo.com/nsconf
https://vimeo.com/360conferences
https://vimeo.com/channels/nsscotland2014
https://realm.io/altconf/
I suggest getting a book, since they are typically far more readable.
I first learned Vim with Steve Oualline's book.
More recently, Drew Neil's Practical Vim and Modern Vim are excellent choices.
Your local public library may well have some good books on Vim as well, if not these exact titles.
The Hacker Playbook: Practical Guide To Penetration Testing
This. Test, test, test.
I want to plug A Friendly Introduction to Software Testing here by my friend Bill Laboon. It's a great way to get started learning TDD.
Alright man I was sort of in the same boat.
You don't have to rely on your Airforce job to be your only source of NetSec training. https://hireourheroes.org/veterans-training/
If NetSec is your passion you should start reading up on Blue team / Red Team type procedures. Get familiar with Firewalls and Cisco equipment. Work on getting maybe a CCNA Sec, work your way to a CISSP. Learn networking itself inside and out, to form a base for the security concepts. Practice Network Forensics, learn about write-blockers, legal procedures to work NetSec, that kinda stuff. If you find the time, learn Python.
https://www.amazon.com/Hacker-Playbook-Practical-Penetration-Testing/dp/1512214566/ref=sr_1_sc_1?ie=UTF8&qid=1474252248&sr=8-1-spell&keywords=the+hacker+paybook+2
If you have Linux experience, a well recognized PenTest OS is Kali Linux. You can use it to practice on a home network, or build your own virtual environment.
I'm finishing my Bachelors in Cyber Security here in May and testing for my CISSP, if you want any more info on programs/certs stuff like that feel free to shoot a PM.
I suggest buying and reading http://www.amazon.com/Practical-Vim-Edit-Speed-Thought/dp/1680501275/ref=sr_1_1?ie=UTF8&qid=1465117942&sr=8-1&keywords=practical+vim. It's a joy to read, and really valuable to advance your vim-fu.
Also have a look around at http://vimcasts.org/.
First up, find where the developers are. I know you said there aren't many jobs in your town/city, but there should be within driving distance.
Most larger cities generally have developer user groups. Find them and start going. Most of them meet once a month. Attend the talks, meet people there (there are often even recruiters), help out where you can. Make it so that people know you by sight (and preferably by name). This will help you get known and you will learn new things.
Get a twitter account. Start following developers in your area (and other areas for that matter). You will learn things and can interact with people in the field you want to be in.
Get a linked in account. Add the people you know. As you meet people at user groups, etc, add them. Linked In is a very useful tool. Among other things, it lets you see who you know that is working for a company that you want to work for. It can help you bypass the trash bin.
Put code on github. It doesn't have to be amazing, but code samples will generally only help. Knowing a VCS is also a job requirement at a lot of places and git is a commonly used VCS, so there's a double win for you.
Mention the fact that you have publicly viewable code on your resume.
Learn how to unit test and do TDD. First off, it will help you find bugs before they bite you in the ass. Secondly, it's yet another skill that a lot of places want you to have. Third, this opens up the realm of doing code kata which will help you get better (since it forces you to write code) and will give you more code samples to put on github.
Code samples - Okay, I know I've said code kata are a good idea and can give you some samples (and it's true). Now, for something heavier, find things that annoy you and write code to make it better. Write a backup program for your computer. Write a program that will let you keep track of where you've applied to jobs, who you've spoken with, etc etc etc.
It doesn't matter much what you code just as long as you do code. Doing it will make you better.
If you're feeling adventurous, start looking at open source projects and seeing if you can contribute. Even if it's just doing grunt work like documentation. And put THAT on your resume.
Get a CodeEval account (it's free). Complete coding challenges in the languages you want to do work in (they range from "hey, this is easy" to "holy shit"). When you get ranked in a top x%, put THAT on your resume. (top percentages on CodeEval start getting awarded at top 20%).
Learn new stuff. For example, if you want to do web dev in the .NET world, you'll want to know C# or VB.NET (preferably C#, at least around here), javascript and jquery, HTML, and CSS.
There are a lot of resources for this.
www.codecademy.com can help you learn HTML, CSS, Javascript, jQuery, PHP, Python and Ruby.
If you're doing C# and want to learn TDD, James Bender's book is a good resource
The C# All in one book from Wiley is a decent overview of C#, and the author, Bill Sempf is very approachable. (I linked the latest version, but the 2010 version is very good as well)
Pluralsight has a lot of great online training on a metric crap ton of subjects as well. If you can't afford it, let's just say that you can find some of the courses on a site that rhymes with "Sky Rats May"
Make StackOvervlow your friend. Create an account, ask questions and, more importantly, when you can, answer them. Helping other people will help make you better too.
There are a lot of resources out there both digital, paper, and people. For the people, you might have to drive an hour or so to get to the user groups, but it can be worth it.
An NEH is indespensible for 802.11-specific stuff, but to really get into hacking itself, take a look at Hacking: The Art of Exploitation and maybe pick up a practical pentesting book like http://www.amazon.com/Penetration-Testing-Hands--Introduction-Hacking/dp/1593275641/ref=sr_1_1?ie=UTF8&qid=1420380278&sr=8-1&keywords=penetration+testing or http://www.amazon.com/Hacker-Playbook-Practical-Penetration-Testing/dp/1494932636/ref=sr_1_2?ie=UTF8&qid=1420380278&sr=8-2&keywords=penetration+testing
Came here to say the same thing; you don't NEED Kali to pentest, it's really mostly used because it has a lot of tools already included. You can test from a Windows box if you really wanted to.
Kali won't magically make you a pentester, nor will it teach you how to be one as it's just a bundle of tools - there's no tutorials included with those tools. Read Hackers Playbook 2 and Penetration Testing: A Hands-On Introduction to Hacking and do some vulnerable VM's from places like Vulnhub
Practical vim is the book I used to learn vim.
This was a good book - https://www.amazon.com/Hacker-Playbook-Practical-Penetration-Testing/dp/1512214566
> I am a relatively new to development
If you're new to development, it's hard enough just to learn Rails by itself. In addition to the Rails concepts (e.g. ActiveRecord, view rendering, etc.) there's Ruby, databases/SQL, servers, HTML, CSS and JavaScript. Even if you're already comfortable with all those things, it's pretty hard to throw testing into the mix. When I first got started my question was, "What do I even test?" Do I write unit tests? Integration tests? View tests? Controller tests?
My advice would be to forget about Rails for a little bit and just practice testing Ruby by itself for a while. Then, once you're comfortable with testing Ruby, it will be easier for you to go back and try to write some tests in Rails.
> What is your recommendation on if I should focus on rspec vs minitest?
A person could make technical arguments for either. Deciding which testing framework to use depends on your objectives. If you're teaching yourself testing to become a more marketable developer, then I would definitely recommend RSpec. Almost every Rails project I've worked on (20+ production projects) has used RSpec. Having said that, it's less important which tool you choose and more important that you have a solid understanding of testing principles. I personally chose RSpec and I'm glad I did.
Here are some testing resources I often come across:
Growing Object-Oriented Software, Guided by Tests (awesome book, highly recommended)
Rails 4 Test Prescriptions (just started it, seems good so far)
Working Effectively with Legacy Code (super good book and more relevant to testing than it might seem like)
Everyday Rails Testing with RSpec (haven't bought it yet but seen it recommended a lot)
Destroy All Software (just bought it today, seems good so far)
Lastly, I myself created what I call a Ruby Testing Micro-Course designed to make it easy for people like you to get started with testing. Feel free to check that out and let me know what you think.
Depends on what you want to learn.
Web Application Security?
Exploit Development?
"Pentesting" techniques?
Also check here for tons other of resources.
As for certs, if you are a beginner beginner, then probably stuff like Security+ and Network+. Unlike the guy behind me, I will never get, nor do I really recommend CISSP, unless you are going for strictly blue team (defense) work. I personally enjoy red team (pentesting, etc), so something like OSCP would be more useful.
Like I said in a post above, feel free to PM me with questions. I'm always happy to help others on their quest to learn more about the wide world of infosec :)
Hi there, I recommend this book: Rails 4 Test Prescriptions. https://www.amazon.com/Rails-Test-Prescriptions-Healthy-Codebase/dp/1941222196 It is the best book on testing I've ever read. In my experience, understanding how to write tests was not difficult. It was getting into the habit of testing, and understanding when to write tests and when not to that was a challenging art form. Hope this helps.
recently i have been active on github. several project that i contributing need a lot of update/fix/test. so for several days i have been reading tdd python. it show how good is mock object and later i found how good is pytest.
i don't know how i miss this in my programming class. the semester end only in
classsection and never go deep into testing. the next semester is more into programming organization(waterfall technique etc). i don't know how people teaching programming in indonesian (high school).now i'm still learning how to apply the testing to the django framework.
Record and playback is only good for learning and it shouldn't be utilized as a primary method of creating your scripts. https://www.amazon.com/Software-Testing-ISTQB-BCS-Certified-Foundation/dp/1780172990 read this. It will help you greatly.
Network+,Security+,Linux+ = Good.
Udemy i'm not exactly sure about, I have no idea how good it is, however Cybrary does have penetration testing courses on there for free and they're decent.
Grey & Black hat python - Great books. I'm currently looking at black hat python, and it's awesome.
Some other books i'd recommend: Hacking: The Art of Exploitation The hacker playbook 2
While i'm not a professional pentester(YET :P) i've learned alot from the books I listed above as well as the cybrary videos. If you really have the money, I recommend the Penetration Testing With Kali Linux Course From Offensive Security It's fairly expensive, but I've heard it's worth it.
illustrationscomics, dialogues, and examples of the techniques they present.A pretty recent general purpose hacking book is The Hacker Playbook 2, from June 2015.
Just looking at it, I would question the value of this. There are plenty of free resources for you to use. GTAC and other videos, software test podcasts (Test Talks), etc.. There are also countless books like how Google tests software that will help point you in the right direction in terms of what you need to learn.
Hell, pick up an ISTQB foundation book. I like this one: https://www.amazon.com/gp/aw/d/1780172990/ref=mp_s_a_1_1?ie=UTF8&qid=1479508511&sr=8-1&pi=AC_SX236_SY340_QL65&keywords=software+testing+istqb
Good luck!
Presumably you know how to code. . . the question is, do you know how to test? Not that knowing how to test is rocket science but I'd say the first thing to embrace is that anything and everything can just break. When you write code, it's easy to focus on the "happy path".
As you might expect, there are tons of resources about testing online. . . including this subreddit and r/QualityAssurance.
Other resources I'd recommend:
I did it a few months ago, there is an official BCS book on Amazon as well as practice papers on the BCS website. The questions in the papers were almost replicas of the actual exam. I'd recommend both the book (as new edition was just released) and the practice exam questions that are scattered around the net.
Link: http://www.amazon.co.uk/gp/aw/d/1780172990/ref=mp_s_a_1_1?qid=1453044467&sr=8-1&pi=SY200_QL40&keywords=iseb+foundation&dpPl=1&dpID=51O6SWm2OYL&ref=plSrch
Edit: link
Neuroscience is increasingly computational, both in the sense of studying the brain as a computer and in the sense of using a computer to study the brain. Learn to use Matlab - I would recommend either MATLAB for Neuroscientists or MATLAB for Psychologists depending on your ability and interests. Knowing programming and learning techniques early on is incredibly valuable. Volunteer in labs and learn these things, get excellent marks and get stellar recommendations. If you do this you should be fine.
EDIT: MATLAB for Neuroscientists is a bit more technical in nature and will require some exposure to calculus and linear algebra. The more complex bits will also likely require some familiarity with differential equations.
The book I bought was Rails 4 Test Prescriptions, which explains test-driven development but is very Rails-centric. I had also been looking at BDD In Action, which has good reviews. I can't vouch for it personally but it may be worth looking into.
I've been working with the Hacker Playbook Ver 2. It's pretty good. Has helped me learn a lot.
I started by reading this book: https://www.amazon.com/gp/aw/d/047064320X/ref=mp_s_a_1_1?ie=UTF8&qid=1500714581&sr=8-1&pi=AC_SX236_SY340_FMwebp_QL65&keywords=Test+driven+development+with+c%23&dpPl=1&dpID=51XYxuW-W1L&ref=plSrch
Which (for me) was a great way to learn about it. After reading it, I watched some pluralsight courses about it (but there should be some cheap ones on udemy as well if you don't have access to pluralsight).
After that, I just started implementing the things I learned while I work. I wouldn't worry too much about the test driven design aspect at first (writing the tests before you write the code) since that's quite tricky to get the hang of and should only be applied if you know what the code will look like to a great extent.
Having said that, that's what worked for me and it might not work for you. I do recommend the book though, since it was a great and easy read.
Install your virtual lab and follow this book https://www.amazon.com/Hacker-Playbook-Practical-Penetration-Testing/dp/1512214566/ref=pd_lpo_sbs_14_img_0/143-9151008-9706324?_encoding=UTF8&psc=1&refRID=7Q3QARJ97T6ZRAVDF54H
Here's a good list I keep posting because people often ask the same question - not like it's a bad thing.
In any case follow the below, but I really suggest for total newbies to first go through the course Codecademy offers. It won't teach you much in how to do things but the syntax education is good. Follow their HTML and CSS courses and when you're done, create a site using just HTML and CSS. Once done, try to emulate a few of your favorite sites using just these two languages.
Once done you should check out the free 30 day Tutsplus courses on HTML/CSS and jQuery. At some point you will want to go back to Codecademy and take their JS course. Syntax and method of doing or starting certain things is important. It's incredibly easy to pickup the actual methods of doing things once your head understands the syntax used.
Any form of education that follows a hierarchical format makes for easy learning.
__
Codecademy isn't bad. It won't teach you much in the way of doing things but it does teach you the way to type out code, the general process and stuff. I can't speak for myself because I work as a professional developer and have been tinkering with code for 10 years now, but I did give the first lesson to one of my brothers. He's not great with computers or the Internet, but he was able to follow the first two sections of the basic HTML/CSS course and able to make his own site albeit very basic in nature nearly a month later (3 week gap following him doing the lessons). He was able to do a rough basic site of his Facebook profile, and he nailed it. It should open doors for you in terms of having the basic knowledge of how to do things. It'll allow you to read more advanced stuff and pick it up much faster than if you hadn't.
Below is a list I sent to someone on here a while back.
>
>http://www.reddit.com/r/webdev/comments/1eqaqo/best_books_or_online_resources_for_comprehensive/ca2w2dn?context=3
>PHP and MySQL Web Development (4th Edition)
>
>Beginning PHP and MySQL: From Novice to Professional
>
>Read the second book, do all the examples, then go back to the first book. Pay a lot of attention toward array manipulation. When you're comfortable with that, get into OOP. Once you do and OOP clicks for you, you'll be able to go to town on anything. I've heard a lot of good about Jefferey Way's video lesson courses over at TutsPlus. I've never used them nor do I need to, but I've never heard a single bad thing about their video courses. Their Javascript and Jquery is a great starting point. This is great stuff too if you're willing to put in the time.
>
>Professional JavaScript for Web Developers
>
>JavaScript: The Definitive Guide: Activate Your Web Pages
>
>Responsive Web Design with HTML5 and CSS3
>
>The Node Beginner Book
> Professional Node.js: Building Javascript Based Scalable Software
>
>Paid online "schooling":
>
>http://teamtreehouse.com/
>
>http://www.codeschool.com/
>
>Bonus:
>
>http://hackdesign.org/
>
>
>I've got a shit ton (Excuse my French) of books in print and E-Format that I could recommend, but it would span a couple pages. Anything is easy to learn so as long is it's served in a hierarchical format that makes it easy to absorb the information. A year ago I started to learn Ruby and using ROR as a framework. I can say it's been quite fun and I feel confident that I could write a fully complete web app using it. I started node.JS a few months ago, but it's been on break due to being sick and some unexpected events.
>
>My knowledge is extensive only because I wanted it to be. I'm not gifted by any means nor am I special. Not by a longshot. Some people are gifted when it comes to dev and design, most are not. Most only know one or the other. I forced myself to learn and be good at both. I'm 23, I started when I was about 12. I'm only breathing more comfortably now. I know a load of people on here and other sites who make me look like complete shit.
>
>
>Also for what it's worth, sign up to StackOverflow. It's the bible and holy grail rolled up into one site. It's amazing.
>
>Also;
>
>Hattip to /u/ndobie
>
>> CodeAcademy
> Team Treehouse
> CodeSchool. This is more programming but still very useful & has free stuff.
> Tuts+
> Google. Probably the best way to find out how to do something specific.
> This subreddit. If you have any questions about how to do something, like parallax scrolling, try searching for it, then ask, make sure to include an example of what you want if you don't know what it is called.
Hacking: The art of exploitation
The Web Application Hackers Handbook
The Tangled Web: A Guide To Securing modern Web Applications
The Hacker Playbook 2
The Hacker playbook 3
Black Hat Python: Python Programming for Hackers and Pentesters
Sorry this has taken me so long to get too. Been busy.
First, understand that Kali is nothing mote than a collection of tools. Its those tools that you are actually wanting to learn.
KaliTutorials is one place you can start.
Also, there is an abundance of videos on YouTube and if you are serious about wanting to learn penetration testing/security makes sure you book mark Irongeek
Like I said earlier, by the time books are written, edited, and published, they can often be out of date.
If you do want to understand some of the basics, here are books you should look at:
Metasploit: The Penetration Tester's Guide
rtfm
btfm
Basic Security Testing with Kali Linux 2 I havent read this one but I have heard good things
The Hacker Playbook
[The Hacker Playbook 2] (https://www.amazon.com/Hacker-Playbook-Practical-Penetration-Testing/dp/1512214566/ref=pd_sim_14_4?_encoding=UTF8&pd_rd_i=1512214566&pd_rd_r=2HDYK8BDM5MR8PV03JG8&pd_rd_w=kiAl7&pd_rd_wg=fAjYi&psc=1&refRID=2HDYK8BDM5MR8PV03JG8)
Also a good list of resources can be found here: cybrary.it
I highly recommend this book: https://www.amazon.com/Basics-Hacking-Penetration-Testing-Second/dp/0124116442/ref=sr_1_1?ie=UTF8&qid=1483836318&sr=8-1&keywords=basics+of+hacking
this explains all the steps and concepts you need for penetration testing. It's beginner friendly and pretty much explains all the phases you need to penetrate a system
after that read this: https://www.amazon.com/Hacker-Playbook-Practical-Penetration-Testing/dp/1512214566/ref=sr_1_1?ie=UTF8&qid=1483836492&sr=8-1&keywords=the+hackers+playbook+2
Is this it
Yes, most Gov jobs require at least Sec+.
Depending on how much you did as an LEO you may look into computer forensics. Network Security etc. You may also want to beef up knowledge of networking as well. So either the Net+ and/or CCNE cert.
Books are always a good place to start. I don't know about this one but have read a few other books by this publisher that have been pretty good.
Ones I have read/skimmed:
Haven't picked this one up myself, but it has good reviews
I liked this book, read it when Swift was still under development.
Like you I work at a tech startup. When we were just starting, our business/strategy people asked the question you just asked. They opened a dialog with development team, and found good answers. I attribute our success in large part to that dialog being eager and open-minded, just as you are being right now. So, it's good tidings that you are asking.
For us, the answer came from conversation, but it also came from reading the following books together:
Que mas quieres hacer? No saques mas nada Cisco si no estas pendiente de hacer networking y aun asi, Cisco no se esta usando tanto como otros (Palo Alto por ejemplo).
Si quieres hacer Incident Response y Pentest, lanzate estos libros
https://www.amazon.com/Blue-Team-Handbook-condensed-Responder/dp/1500734756/ref=sr_1_1?ie=UTF8&qid=1479171676&sr=8-1&keywords=blue+team+handbook
https://www.amazon.com/gp/product/1494295504/ref=pd_bxgy_14_img_2?ie=UTF8&psc=1&refRID=P8TB8XKCFAKNQBRS1EG5
https://www.amazon.com/gp/product/1512214566/ref=pd_bxgy_14_img_3?ie=UTF8&psc=1&refRID=P8TB8XKCFAKNQBRS1EG5
Tienes que definir un poco mas que quieres hacer. Que te atrae mas de cybser security?
What's Possible With Hacking?:
Things are more possible than you think; the more you know, the more you can do (hacking isn't just one thing to learn, it's a combination of different subjects).
Where can I learn about it?:
I recommend try to learn anything you can get your hands on, E-books, videos, etc. You should take the paid online courses later on, once you advance your knowledge.
!!TIP!!: Recommend reading some questions from him https://www.reddit.com/r/hacking/comments/4up17b/i_am_a_lead_penetration_tester_ama/
This book (recommended by a real pentester): https://www.amazon.com/Hacker-Playbook-Practical-Penetration-Testing/dp/1512214566
Video on Kali Linux: https://www.youtube.com/watch?v=7nF2BAfWUEg&list=WL&index=3
(i recommend Kali btw, install it on a virtual machine. )
I got all this just from the internet, the internet has all the information you need; just get it from the right places.
(I know basically squat, i am also starting off as of today) good luck!
[Here's] (http://www.amazon.com/Modern-Programming-Test-Driven-Development-Better/dp/1937785483/ref=sr_1_cc_1?s=aps&ie=UTF8&qid=1383086353&sr=1-1-catcorr&keywords=Modern+C%2B%2B+Programming+with+Test-Driven+Development) one focused on c++. It uses google test and google mock, which I also recommend.
https://www.humblebundle.com/books/no-starch-hacking-books
http://www.amazon.com/Hacker-Playbook-Practical-Penetration-Testing/dp/1512214566
Systems Analysis and Design in a Changing World (Sixth Edition) <-- this was the version required for a class
Seventh Edition(?)
This book is free from any programming languages and is instead supposed to aide the development of thinking and planning applications.
murach's SQL Server 2012 for developers <-- required for class
murach's SQL Server 2016
Uses SQL to further enforce "forms" for application data structures.
Professional Test Driven Development with C#: Developing Real World Applications with TDD
Book I purchased during my 4000 project class. Team based project where we had to
After my research at the time, this book seemed to be the most appropriate for my scenario.
I really enjoyed Modern C++ Programming with Test-Driven Development: (http://www.amazon.com/Modern-Programming-Test-Driven-Development-Better/dp/1937785483). It teaches you TDD and how to write cleaner code using c++11 samples and google mock framework. So it felt like a really modern book :)
The Hacker Playbook!
Wow, the gold was an utterly unexpected and unnecessary move (you did something cool, for free, so YOU deserve the gold!), but Thank You anyway.
In return (now I've a little light OSSEC work on your Reddit account and twigged who you are ... probably) I'll make sure my next amazon order has a copy of this in it - https://www.amazon.co.uk/d/Books/Hacker-Playbook-Practical-Penetration-Testing/1512214566 . it's been on my list of possible purchases for a while.
Since this is the subreddit for DFIR, that's what you're going to end up with as far as suggestions go. For pentesting stuff, checkout:
-Web Application Hacker's Handbook: https://www.amazon.com/Web-Application-Hackers-Handbook-Exploiting/dp/1118026470 (this has some labs, but just reading through the various weaknesses in WebApps will be a great start)
-The Hacker Playbook: https://www.amazon.com/dp/1512214566/ref=pd_lpo_sbs_dp_ss_1?pf_rd_p=1944687742&amp;pf_rd_s=lpo-top-stripe-1&amp;pf_rd_t=201&amp;pf_rd_i=1118026470&amp;pf_rd_m=ATVPDKIKX0DER&amp;pf_rd_r=1NSA1RZZ3WQTP374S9WK
Red Team Field Manual: https://www.amazon.com/Rtfm-Red-Team-Field-Manual/dp/1494295504/ref=pd_bxgy_14_img_2?ie=UTF8&amp;psc=1&amp;refRID=S7FG8F9TCMZMM9HVX2TN
Those two are good general pentesting books. You might also try /r/AskNetsec for other suggestions.
I am fortunate enough to have some wise vim tutors at work and watching them operate it inspired me to learn it more. It's freaking glorious you guys! A whole new way of life. A good book is practical vim
I just finished my Masters and this book helped me enormously with Matlab, which I used to program my dissertation project experiment.
It goes into some depth, but also takes you step-by-step through a few basic psychophysics experiment scripts, so sounds like it'd be right up your street.
My first programming class was in high school, and there I learned you need to debug your code. I know of several people who got their feet wet when it comes to programing by teaching themselves. Black box testing does require some programming knowledge, but no coding knowledge. And there are books on doing just testing. I just did a quick search and...
http://www.amazon.com/Software-Testing-Essential-Skills-Testers-ebook/dp/B00ICWK6RK/
Can you give me some example business requirements you'd like to test, and I'll start writing a book on how to test them? :)
Joking, but joking seriously. I'd like to prove my mastery as an engineer, and one way I can think of doing that is to write a book with 50+ reviews averaging 4.5* or greater.
My favorite book on testing is actually for F#, not C#: Testing with F# by Michael Lundin - half the book has nothing to do with F# and is full of pragmatic advice.
I _cannot_ recommend The Art Of Unit Testing. Here is just one reason why: In the appendix, the author writes:
>A.3.8 The AutoFixture Helper API
>
>The AutoFixture helper API is not an assertion API. AutoFixture is designed to make it easier to create objects under test that you don't care about. For example, you need some number or some string. Think of it as a smart factory that can inject objects and input values into your test.
>
>I've looked at using it, and the thing I find most appealing about it is the ability to create an instance of the class under test without knowing what its constructor signature looks like, which can make my test more maintainable over time. Still, that's not enough reason for me to use it, because I can simply do that with a small factory method in my tests.
>
>Also, it scares me a bit to inject random values into my tests, because it makes me run a different test each time I run it. It also complicates my asserts, because then I have to calculate that my expected output must be based on the random injected parameters, which may lead to repeating production code logic in my tests.
This is simply horrid advice, based on a complete non-understanding of what AutoFixture does. You cannot simply isolate your constructor signature with a small factory method in your tests, because then you're just re-writing what AutoFixture does for you, in a brittle way.
Just my opinion.
Frankly, I didn't understand the project management environment, which always seemed like a missing link between programming as a skill and programming as a profession, so I found The Agile Samurai quite helpful. It outlines the Agile style of project management, which can be useful for negotiating your first few (successful) team projects.
In terms of beginner coding, like others have suggested, The Pragmatic Programmer. It will help you write better code by focusing on good design.
Kali is the way to go.
For resources I really recommend getting some proper litterature. The two books below are often recommended (i have them both) as a starting point. Preferably read in the order written.
Not a video, but the book Practical Vim: Edit Text at the Speed of Thought by Drew Neil is the best resource for moving beyond vimtutor I've found. Received 4.7 out of 5 stars on Amazon. (109 reviews)
Edit: Looks like Drew Neil does the Vimcasts linked to in the sidebar to this sub.
This guide will get you started with testing in Swift 4. It'll help you get everything set up properly and show you how to write your first tests in Swift. If you want even more depth, you could try Test-Driven iOS Development with Swift 4, Test-Driven iOS Development (Objective-C), or the seminal book, Test-Driven Development: By Example which uses Java.
Thank you! I'm reading the online chapters now. The author seems very likable.
At first I had it mixed up with this book. What do you think about this one?
https://www.amazon.com/Driven-Python-Development-Siddharta-Govindaraj/dp/1783987928/ref=sr_1_5?s=books&amp;ie=UTF8&amp;qid=1524028356&amp;sr=1-5&amp;keywords=test-driven+development+with+python
Neat. My first gilding! To add to the comment below I highly recommend NSScreencast. Weekly short videos tackling iOS development. Not much in the way of testing but some good Swift things. In fact there are a few free episodes on Swift if you'd like to try it out.
Test driven iOS development is a good book - but I don't know how useful it'll be for you as its a little old now and focuses on Obj C.
PM me if you have any questions, and don't be afraid to ask on StackOverflow - we all do it!
You could look at Modern C++ Programming with Test-Driven Development by Jeff Langr. It uses cmake, google-test / CppUTest, and google-mock. The book is as accessible as the other ones from the "Pragmatic Programmers" series.
So what you want to learn is called penetration testing or also known as "pen testing". I recommend this book. The only other thing you'll need that costs money is a network card capable of packet injection. Look it up. You can find an external one that'll plug into your laptop. Also while you can do pen testing on windows, generally Linux is the way to go. There is a particular distribution called Kali Linux, that is specifically for pen testing. The great part about linux is that it's all free (except for some of the enterprise stuff). I use it (not even for pen testing, just for daily use) and love it. Seriously, try it out.
That is how long the classroom course is. It may take you longer to self study but that depends on you so I couldn't estimate. I would say it is worthwhile though. This is the course book.
hi, i'm totally NOT an expert, but it's almost a year that i'm trying to study security on my own.
As other said, it will be very useful know programming like python, but also (the very hated)Php it's a plus to know.
It's also a must now REST communication and networking in general
i found this book very useful https://www.amazon.it/Hacker-Playbook-Practical-Penetration-Testing/dp/1494932636/
also there are a lot of useful video on youtube!
goodluck, mate
If you're into books, I recommend Practical Vim
Most "schools" that offer QA programs or courses are usually a waste of money. This is due to the fact that there are not many regulations or standards that exist for education in this field. They can teach some extremely outdated syllabus and get away with it because their students and admins do not know any better (look at all the useless certifications out there). Testing is an extremely nuanced and complicated art, it's one of those things that is very easy to get started and do badly, and most people cannot tell the difference. This is an area where I'd like to make a difference later in my career. For now though, if you want to get into testing, I would suggest you to both learn the automation side (even though you didn't pass your java course, you are still probably technically savvy enough to learn the basics and go from there) and the theoretical testing concepts.
You get a lot of devs that do not have a testing mindset or testers without enough technical skills / coding experience. If you can do both really well then you will be looked at like a unicorn and can make a good living (depending on your country/area).
The easiest way to get into automation is learning through a tool like Postman (back end testing) or Selenium. There's tons of Udemy courses and youtube content for these.
Check out Valentin Despa's content for PM, and John Sonmez or Naveem's stuff for selenium.
For testing concepts such as analysis, risk, quality criteria, communication, test design and techniques I would suggest reading the following books:
https://www.amazon.ca/Explore-Increase-Confidence-Exploratory-Testing/dp/1937785025
https://www.amazon.ca/Lessons-Learned-Software-Testing-Context-Driven/dp/0471081124
https://www.amazon.ca/Perfect-Software-Other-Illusions-Testing/dp/0932633692
and consider taking Rapid Software Testing classes from michael bolton or james bach, they get pretty theoretical but are based upon practical work that you will be asked to perform.
These videos can also give you a pretty good sense of the testing role:
https://www.youtube.com/watch?v=ILkT_HV9DVU&t=19s
https://www.youtube.com/watch?v=3FTwaojNkXw&t=2048s
Your welcome.
as you i also like the subject.
i found this books to be a good reading:
http://www.amazon.com/The-Hacker-Playbook-Practical-Penetration/dp/1494932636/ref=pd_bxgy_b_img_y
http://www.amazon.com/Hacking-Art-Exploitation-Jon-Erickson/dp/1593271441/ref=sr_1_13?s=books&amp;ie=UTF8&amp;qid=1413800973&amp;sr=1-13&amp;keywords=hackers+play
Have a look at this linux distribution
http://www.kali.org/
Is made for pentesting, it might give u a idea of things and in youtube u will find good tutorials about the tools that come with it.
Have fun