Best internet & telecommunications books according to redditors

We found 1,977 Reddit comments discussing the best internet & telecommunications books. We ranked the 591 resulting products by number of redditors who mentioned them. Here are the top 20.

Next page

Top Reddit comments about Internet & Telecommunications:

u/radium-v · 243 pointsr/IAmA

I'm going to be brutally honest here, and I'm probably going to get down-voted, but I'm not impressed with the underlying code for the project. I don't even know where to begin.

You're obviously passionate about Javascript, but runtime engines and best practices have changed dramatically in the last few years. Some things that stick out could easily be chocked up to coding style or preference, but when those preferences aren't well-adjusted to current-day standards, it leads to a perpetuation of those bad practices and hinders the growth and evolution of web development overall.

I'm posting this here, instead of on Github, because these aren't quite bug reports. I'd be more than happy to contribute though.

  1. Syntax and readability are more important than shortcuts.

    Cutting corners in the interest of character count is useless. It's better to be able to read the code than to have to interpret it line-by-line.

    For hinting, I recommend JSHint. It'll be nicer than JSLint, but it'll still likely hurt your feelings.

    Here are some JSHint errors/warnings that popped up:

    > The body of a for in should be wrapped in an if statement to filter unwanted properties from the prototype.

    > Expected an identifier and instead saw 'arguments' (a reserved word).

    > Expected a 'break' statement before 'case'.

    A lot of syntax errors can be solved by linting or hinting, and following a style guide. Here's Google's Javascript Style Guide. You'll find that most projects on Github follow the same code conventions, and for very good reason. When you make your code consistent and readable, other developers will be more likely to like you and contribute to your projects.

  2. Read Douglas Crockford's Javascript: The Good Parts and Nicholas Zakas' Maintainable Javascript.

  3. Use an AMD-style, modular system like Require.js or Yahoo Module Pattern because Global variables are evil. The basic idea behind a modular system is that every piece of functionality is broken down to its basic form, and no less. It helps to keep things organized. Even if you choose not to use a framework, following a trusted organizational pattern is a good idea. Consistency is key.

  4. Check out Backbone.js or Underscore for data manipulation.

    I really like the project, but the code is unwieldy and confusing.
u/jhocking · 121 pointsr/gamedev

The notion that Unity is just drag-and-drop is a myth that comes from both people making assumptions after seeing the visual editor, as well as Unity itself fudging a bit in their marketing in order to appeal to non-coders.

As for how to start, I recommend my book naturally :P I wrote Unity in Action for people who know how to program but are new to Unity. Thus, the focus of the book is squarely on programming. There's only one chapter that is specifically about 2D, but then the majority of the explanations aren't specific to 3D either. Unity doesn't really make a hard distinction between 2D and 3D graphics, so code for something like audio is the same in both cases.

u/cogman10 · 75 pointsr/learnprogramming

HTML and CSS are pretty simple, I would spend almost no time reading about them (Unless this is for some sort of job interview) for the most part you will just be googling "How to I make round borders" until you can do it by rote memorization.

JS, on the other hand, is a tricky beast. I would spend a majority of my time learning not just how to write javascript, but how to write good javascript.

javascript the good parts and Javascript garden is where I would start out learning. Javascript is easy to write, but hard to write well. You need to follow strong conventions otherwise your code will end up looking like spaghetti right quick and in a hurry. If you start playing around with the language, I would suggest using JSLint to make sure you aren't doing anything stupid.

After getting a good strong base in javascript jquery shouldn't be too hard. It is just a javascript library. perusing through the docs and getting a feeling for what it can do is probably all you really need. Just like any library you've used. You didn't learn all of the .Net framework, rather you would google and lookup specifics as you needed them. That is much the way you are likely to use jQuery. It can do a lot and you don't need to know everything it can do to use it effectively.

In short, javascript is where the traps are. The other things you mentioned are "I'm going to google this anyways" so I wouldn't really spend a large amount of time learning them.

u/koeningyou666 · 73 pointsr/netsecstudents

In my opinion; every book in this bundle is a bag of shit.

Here's a list of reputable books, again in my opinion (All links are Non-Affiliate Links):

Web Hacking:

The Web Hackers Handbook (Link)


Network Security Assessment (Link)

Please Note: The examples in the book are dated (even though it's been updated to v3), but this book is the best for learning Infrastructure Testing Methodology.


Hacking: The Art of Exploitation (Link)

Grey Hat Hacking (Link)


Hacking Exposed: Linux (I don't have a link to a specific book as there are many editions / revisions for this book. Please read the reviews for the edition you want to purchase)


I recommend the online course "Metaspliot Unleashed" (Link) as opposed to buying the book (Link).


The man pages. The book (Link) is a great reference and looks great on the bookshelf. The reality is, using Nmap is like baking a cake. There are too many variables involved in running the perfect portscan, every environment is different and as such will require tweaking to run efficiently.

Malware Analysis:

Practical Malware Analysis (Link)

The book is old, but the methodology is rock solid.

Programming / Scripting:

Python: Automate the Boring Stuff (Link)

Hope that helps.

u/ThatOtherPerson · 52 pointsr/TumblrInAction

I work in web security. For those of you that will be working on the site, please read/have already read/be aware of the lessons found in:

  • The Web Application Hackers Handbook - Everyone that makes interactive websites should at least skim this.
  • SQL Injection Attacks and Defense - Everyone remembers "The Summer of Lulz," right?
  • Web Application Obfuscation - There's more than one way to hide an attack.

    Expect your website to be attacked. Some advice:

  • Blacklists^[1] never work. There is always a way around a blacklist. Whitelist^[2] every input.
  • Never roll your own crypto.
  • If it comes from the user's computer, it can be controlled by the user. No exceptions.
  • Relying on security through obscurity will not work (ex: hiding the key to the building in a fake rock). Obscurity can be part of a strong multi-layered larger approach (hiding the key to the building inside a safe that is bolted to the foundation and hidden in a fake rock on well-lit grounds that are patrolled by competent and well-paid guards on a shorter duration than it would take to break into the safe), but never by itself.
  • Never roll your own crypto.
  • Basic Authentication: Just Say No
  • Digest Authentication: Just Say No
  • Never roll your own crypto.
  • Encrypt-then-HMAC only. Never HMAC-then-Encrypt or Encrypt-and-HMAC.
  • https encrypts the transmission of data, it does not make the transmitted data any more/less "safe".
  • Did I mention "never roll your own crypto" yet? No? Okay. Never roll your own crypto.
  • Never transmit sensitive data as GET requests over http. Use POST body parameter/value pairs over https.
  • Never store the actual passwords, only store salted cryptographic hashes of the password. No, the users do not need to see their own password. If they forget it, email them a single-use time-limited link to a page where they can set a new one. No exceptions.
  • Never roll your own crypto.
  • Do not use MD5/SHA/SHA256/etc. for password hashing. No exceptions. Salted password hashing is a solved problem.

    If you'd like some advice, have any questions, I should be able to get back on reddit sometime tomorrow (unfortunately, I have a lot of work I need to get started on).

    [1] - Blacklist: Allow everything in except for things on this incomplete list of known bad things.

    [2] - Whitelist: Only allow in things on this list of known good things and reject everything else.
u/english_fool · 41 pointsr/learnprogramming
u/LinuxStreetFighter · 38 pointsr/sysadmin

What do you want to do? "Security" is a nonsense term that doesn't mean anything to employers.

I'd pass on certs, as most of them are worthless and don't teach you anything relevant in the security field. OSCP is good and the SANS FOR 610 is good, but LOL at paying $6,000 for a certification.

Build a lab. For Malware Analysis learn REMnux, IDA Pro, Ollydbg, and look at C++ and C.

For Penetration Testing learn TCP/IP, play with Backbox and Kali when you have a soild understanding of TCP/IP and networking in general. Learn Python, Bash, and PowerShell.

Practical Malware Analysis

Practical Forensic Imaging

Those books are solid for learning IR and Malware Analysis.

Check out /r/netsecstudents

For fucks sake, stay off this sub-reddit for anything Security related. Just lmao at the responses in here. Too many people have read that shit book Phoenix Project and think Security is just policy and process.

u/overflowingInt · 36 pointsr/netsec

Not very specific to those technologies but:

>Web Application Hackers Handbook (2nd edition: is pretty thorough with the vectors of attack, examples, and includes a methodology for pentesters.

>The Tangled Web - a "light" but delightful read from Zalewski on the history and modern security of web apps. He also wrote the

Both are pretty recent and cover some good ground.

u/Turtl3Up · 35 pointsr/hacking

I'm the manager of application security and research at a mid-level software vendor with over 400 developers and testers and I want to recommend you ignore all of the more generic advice currently in this thread. As someone with coding experience and interest, you have a unique path to infosec that so many companies want, but find it extremely difficult to hire for.

Any company that ships software has to consider the security of their application - full stop. Most rely on scanners or annual third-party vulnerability assessments for this, but obviously that falls short. They need people who can build security in from an architectural standpoint. Someone who can actually implement the fixes suggested by the above methods, and ideally, someone who can help implement security as an integral part of the SDLC instead of as a bolt-on premise.

My recommendation is to make your way through 24 Deadly Sins of Software Security and The Web Application Hacker's Handbook. If you can understand the bulk of concepts in these two books, you'll be leagues ahead of almost any developer you find yourself up against in a hiring scenario. For the coup de gras, learn about threat modeling. It's a great way to teach other developers and testers security and to build security into any system during design instead of post-release. Check out this book which is actually probably a little too comprehensive, use this card game from Microsoft (it seems silly, but I promise you it works), and watch this talk one of the guys on my team gave at BSides Cincinnati.

If you have any questions, PM me.

u/-this-guy-fucks- · 31 pointsr/HowToHack

Come on man at least credit the author Justin Seitz and give him a chance to sell his works: Black Hat Python: Python Programming for Hackers and Pentesters

Edit: seitz not Switzerland

u/FunkyCannaHigh · 30 pointsr/MrRobot

Excellent questions! If you are a CS grad you are ahead of the game. However, it all depends on what you want to do. I suggested learning programming/CS principles for two reasons:

  1. The more you understand how computers, code, compliers, software, stacks, memory randomization, CPU protection rings, and the such work the better you are at hacking. You can find novel ways to get into systems and exploit them, etc.

  2. You can write basic tools on the fly. It is amazing the tools you can create with a few lines of code when you have access to nothing but a GCC compiler in a *nix environment.

    If you want to find zero day exploits, yes learn how low level languages work. It would be very helpful in that case.

    Otherwise, Learn python (or whatever is popular at the time) to write your own exploit tools....or to modify existing ones.

    If you want to be apart of a red team learning lower level languages could make you a better exploiter. However, IMO, I would start with just learning the basics of hacking.

    These two books are old but they are absolute standards for anyone starting off:


    Also, learn as much as you can on how windows/Linux/virtual machines (and containers) work. The more you know about how an OS works the easier it is to exploit.

    Learn to exploit, there are a ton of free sites to help you learn:

    Learn CTF challenges:

    When you are able to hack take part in real challenges:

    Then start your career with a RESPECTED CERT, OSCP:

    The OSCP is no joke and it is a timed, 24 hour cert test. Yes, you read that right, 24 hours.

    Unless you want a government gig stay away from C|EH, it is a joke cert in the community. Again, unless you need to work for a gov agency

    Finally, and I cannot stress this enough.....LEARN CLOUD COMPUTING!!! It is here to stay and on-prem systems are dying a slow death. It will change how you exploit systems and how software is engineered/deployed.

u/AkshayD110 · 27 pointsr/programming

Great write-up.

On a side note, I have found the book "Systems Performance: Enterprise and the Cloud" by Brendan Gregg extremely useful for tuning the Performance.

u/APTMan · 26 pointsr/JobFair

Most current information you are going to want to read online. There is no substitute for that. The books I'm currently reading through are:

The Web Application Hacker's Handbook 2nd Ed

The Tangled Web

Metasploit: The Penetration Tester's Guide

Webbots, Spiders and Screen Scrapers

NoStarchPress fanboy all the way :)

Keep in mind, though, that the technical requirements are only half of being employable. You also need to be a good employee, who can work with the client and keep them satisfied. For those, I recommend:

True Professionalism

Trusted Advisor

u/MrAristo · 26 pointsr/realsocialengineering

Wow, 24 hours and no replies?!

Fine, you know what? FUCK IT!

Alright, first off - While you can concentrate on physical, understanding the basics of the digital side of things will make you more valuable, and arguably more effective. I'll take this opportunity to point you at Metasploit and tell you to atleast spend an hour or so each week working to understand it. I'm not saying you have to know it backwards or inside-out, just get a basic understanding.

But you said you want to go down the physical path, so fuck all that bullshit I said before, ignore it if you want, I don't care. It's just a suggestion.

Do you pick locks? Why not? Come on over to /r/Lockpicking and read the stickied post at the top. Buy a lockpick set. You're just starting so you can go a little crazy, or be conservative. Get some locks (Don't pick locks you rely on!) at a store, and learn the basics of how to pick.

Your fingers will get sore. Time to put down the picks and start reading:

u/compSecurity · 24 pointsr/netsecstudents

I'd recommend learning to use Linux well first, since that is what you will need to use a lot of the tools for Pen Testing, after that you can choose an area to start with, most go with web app sec or net sec, since those are most in use right now - after that you can move into areas like cloud security, forensics or some other specialty.

As far as resources go there are a lot out there, i'll link some good ones that I use:

Those two should keep you going for a while at least.

As for coding, i'd recommend learning to use Bash first, then python. Bash is the Born Again SHell, a scripting language used in linux and is something that you will use a lot, and python is a language that is used a lot in offsec.

Here is a place where you can learn some Bash:

There are two books i'd recommend for python, ill link them here:

the book in the second link is a bit easier to approach in my opinion, but both require some basic knowledge of python - so youtube or google some tutorials and im sure you'll do fine.

If you want to get into pen testing web apps, then you will want to learn some PHP and JavaScript, a lot of websites are written in PHP, and a lot of exploits are executed with JS: Cross site scripting in particular. You should also learn some SQL since that is another common one for manipulating databases, and can be attacked in a method known as SQL injection.

If you want a place to practice things you are learning then go here:
They offer some pretty basic war games for things like linux commands and what not so you can really test your knowledge and learn a lot of the things you will have to do to progress through the games.

That's all I can think of atm, but i'm sure of the other people in here will be happy to give you some more suggestions

good luck!

u/wigflip · 23 pointsr/Bitcoin

Well firstly, language is a big choice right now. If you're looking to make a financially fulfilling career in a young company or on your own, I'd recommend learning javascript to later use node.js, and learning ruby. Personally, I'm a node.js developer, so I would recommend moving toward the JS world and using really cool things like and mongoDB. Ruby is a fantastic language overall. It's a bit slow, but it does a great job regardless, and tons of really cool startups use it. At the moment, I would say that these are the two most profitable paths to take in web development. is a fantastic place to start. It does a great job at teaching the fundamentals of programming. If I recall correctly, the javascript courses take you from the absolute basics to building some kind of useful application, such as a calculator or todo list.

Once you've made your way through the tutorials at codeacademy, move on to Their tutorials are a bit more advanced, and leave you with a real application and real knowledge on how to take an idea and turn it into a real product. For node magic after you've moved through Codeschool, check out

Here are a few books I would recommend


u/bandman614 · 22 pointsr/linux

Just subscribe to his blog and then buy this. Probably the best book out there on system performance in recent years.

u/keeegan · 22 pointsr/HowToHack

I have all these except the CEH (which shouldn't be on this list lol...) and they're all pretty good in their own way. Starting over, I'd go through hacker playbook while reading through the art of exploitation. You'll be pretty rounded at this point, blackhat python and metasploit will be a breeze. Do the ceh one if you're getting a job that wants to see embossed paper. Also, check out Web Application Hacker's Handbook, and Shellcoder's Handbook.

u/VA_Network_Nerd · 20 pointsr/ITCareerQuestions

DNS and BIND by Cricket Liu

Make very sure you only buy the hardcover version of this one, you're going to use it as a permanent reference forever & ever:

TCP/IP Illustrated, Vol 1: The Protocols

u/TheGreatMuffin · 20 pointsr/Bitcoin

If I may - I humbly recommend to read a proper book on bitcoin, not some fluff piece.. Just assuming from the way that you chose your post title that you might be interested in a more substantial bitcoin reading :) Please ignore if that's not the case, don't wanna ruin your reading pleasure or anything.

Economic perspective: The Bitcoin Standard - The Decentralized Alternative to Central Banking

Not technical at all, very beginner friendly, but also not a lot of practical information: The Internet Of Money

Gently technical, beginner friendly: Inventing Bitcoin: The Technology Behind the First Truly Scarce and Decentralized Money Explained

Technical deep dives:

u/DucBlangis · 20 pointsr/netsecstudents

Here is a "curriculum" of sorts I would suggest, as it's fairly close to how I learned:

  1. Programming. Definitely learn "C" first as all of the Exploitation and Assembly courses below assume you know C: The bible is pretty much Dennis Richie and Kernighan's "The C Programming Language", and here is the .pdf (this book is from 1988, I don't think anyone would mind). I actually prefer Kochan's book "Programming in C" which is very beginner freindly and was written in 2004 rather than 1988 making the language a little more "up to date" and accessible. There are plenty of "C Programming" tutorials on YouTube that you can use in conjunction with either of the aforementioned books as well. After learning C than you can try out some other languages. I personally suggest Python as it is very beginner friendly and is well documented. Ruby isn't a bad choice either.

  2. Architecture and Computer basics:
    Generally you'll probably want to look into IA-32 and the best starting point is the Intel Architecture manual itself, the .pdf can be found here (pdf link).
    Because of the depth of that .pdf I would suggest using it mainly as a reference guide while studying "Computer Systems: A Programmers Perspective" and "Secrets of Reverse Engineering".

  3. Operating Systems: Choose which you want to dig into: Linux or Windows, and put the effort into one of them, you can come back to the other later. I would probably suggest Linux unless you are planning on specializing in Malware Analysis, in which case I would suggest Windows. Linux: No Starch's "How Linux Works" is a great beginner resource as is their "Linux Command Line" book. I would also check out "Understanding the Linux Kernel" (that's a .pdf link). For Windows you can follow the Windows Programming wiki here or you can buy the book "Windows System Programming". The Windows Internals books are generally highly regarded, I didn't learn from them I use them more as a reference so I an't really speak to how well they would teach a "beginner".

  4. Assembly: You can't do much better than OpenSecurityTraining's "Introductory Intel x86: Architecture, Assembly, Applications, & Alliteration" class lectures from Xeno Kovah, found here. The book "Secrets of Reverse Engineering" has a very beginner friendly introduction to Assembly as does "Hacking: The Art of Exploitation".

  5. Exploitation: OpenSecurityTraining also has a great video series for Introduction to Exploits. "Hacking: The Art of Exploitation" is a really, really good book that is completely self-contained and will walk you through the basics of assembly. The author does introduce you to C and some basic principles of Linux but I would definitely suggest learning the basics of C and Linux command line first as his teaching style is pretty "hard and fast".

  6. Specialized fields such as Cryptology and Malware Analysis.

    Of course if you just want to do "pentesting/vuln assessment" in which you rely more on toolsets (for example, Nmap>Nessus>Metasploit) structured around a methodology/framework than you may want to look into one of the PACKT books on Kali or backtrack, get familiar with the tools you will use such as Nmap and Wireshark, and learn basic Networking (a simple CompTIA Networking+ book will be a good enough start). I personally did not go this route nor would I recommend it as it generally shys away from the foundations and seems to me to be settling for becoming comfortable with tools that abstract you from the real "meat" of exploitation and all the things that make NetSec great, fun and challenging in the first place. But everyone is different and it's really more of a personal choice. (By the way, I'm not suggesting this is "lame" or anything, it was just not for me.)

    *edited a name out

u/icytrues · 19 pointsr/AskNetsec
  • The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System, 2nd Edition (2012)

    This book covers rootkit development, not analysis, on Windows 7 and x86/IA32. It's a must read, if you're interested in rootkits.

  • Rootkits and Bootkits: Reversing Modern Malware and Next Generation Threats (Release date set to january 2019)

    While not yet released, it looks very promising. Over the years, Microsoft has continually introduced better protections against rootkits and malware in Windows. Among other things, the book will cover how some of the rootkits/bootkits seen in the wild have bypassed protections such as Secure Boot, kernel-mode signing, Patch Guard and Device Guard.

    I'd also recommend having a look at the following books:

  • Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software (2012)

  • Practical Reverse Engineering: x86, x64, ARM, Windows Kernel, Reversing Tools, and Obfuscation 1st Edition (2014)

  • The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory 1st Edition (2014)

    Also, Windows Internals for both Windows 7 and Windows 10 is a great reference to have laying around.
u/telnetrestart · 19 pointsr/blackhat

I'm taking it right now. The books I read through or started before the OSCP in no particular order:

u/[deleted] · 18 pointsr/netsec

It really depends on what niche you're looking on covering. It's difficult, I feel, to brush up on "infosec" to any level of practical proficiency without focusing on a few subsets. Based on your interests, I would recommend the following books.

General Hacking:

Hacking Exposed

The Art of Exploitation

The Art of Deception

Intrusion Detection / Incident Response:

Network Flow Analysis

The Tao of Network Security Monitoring

Practical Intrusion Analysis

Real Digital Forensics

Reverse Engineering:

Reversing: Secrets of Reverse Engineering

The Ida Pro Book

Malware Analyst Cookbook

Malware Forensics

Digital Forensics:

File System Forensic Analysis

Windows Forensic Analysis

Real Digital Forensics

The Rootkit Arsenal

Hope this helps. If you're a University student, you might have access to Safari Books Online, which has access to almost all of these books, and more. You can also purchase a personal subscription for like $23 a month. It's a bit pricey, but they have an awesome library of technical books.

u/dreasgrech · 18 pointsr/programming

First of all, for any software development questions you may have, I suggest you post your questions on Stackoverflow because the people there will surely provide you with answers.

Now, for a list of books I recommend:


JavaScript: The Definitive Guide; if you're new to JS, start with this one.

JavaScript: The Good Parts; not a beginner's book, but a must-read if you are going to use JS

If you are going to be using JS, you will most probably be developing using a framework, and for that I seriously recommend mastering jQuery because as they say, you will write less and do more!


CSS Mastery: Advanced Web Standards Solutions

Web Usability

Don't Make Me Think: A Common Sense Approach to Web Usability; the book that shows the users' perspective when viewing a website


High Performance Web Sites: Essential Knowledge for Front-End Engineers and Even Faster Web Sites: Performance Best Practices for Web Developers;if you want to get serious about performance for your websites

u/dud3z · 18 pointsr/blackhat

The dark side has lot of facets, it depends on what you want to achieve.

If you are already working on web applications and web in general, then you may want to start with the Web Application Hackers Handbook by Dafydd Stuttard and Marcus Pinto.

This is a very valid book and with your existent knowledge it will be a very interesting read: i may also advise you to read The Tangled Web by Michal Zalewski, this instead will give you a very in-depth look of browsers' quirks and their inner working, quirks you'll learn to exploit.. for science!

Then there is the world of binary reverse engineering and exploitation, my preferred literature on this is Hacking: the art of exploitation: keep in mind that the techniques there may be outdated, but the reasoning and much of the concepts are still valid. It's a very specific book with very detailed information and you are required to know a bit of assembler, C and very low-level stuff.

Happy hunting and good luck!

u/jkwuc89 · 17 pointsr/webdev

IMHO, knowing the basics is vital. For JavaScript, I recommend buying and reading, "JavaScript: The Good Parts".

u/v3ded · 17 pointsr/hacking

While Metasploit is a good tool, I would advise you to stray away from it until you learn. (I’m ignoring the fact that you rarely use Metasploit for web penetration testing in the real world anyways...)

You can carry out most of web penetration testing with just few tools like BurpSuite (this is the main one), a directory bruteforcer (gobuster, dirbuster, dirb, wfuzz..) and Nmap. These 3 tools should give you initial idea about the web application and its structure. Then it boils down to your enumeration and ability to spot weird or possibly vulnerable behavior. What is considered as “weird” or “vulnerable” behavior? According to OWASP, countless things. They made a whole web penetration testing guide for that reason - you can find it here:

Alternatively, this book ( covers web based exploitation in great depths and I highly recommend you obtain it. It was one of my first books ever and is definitely among my favorites.

Another useful resources:

Yes, there are other very specific tools which come in handy such as wpscan or sqlmap. While I don’t mind wpscan that much, I strongly believe one should be able to do a manual sql injection before using sqlmap (therefore avoid sqlmap when learning). This way you understand what is happening behind the green terminal ;).

PS: Sorry for formatting, typed this up on a phone. I’m also pretty tired so please excuse my janky grammar!

u/kobakai · 16 pointsr/ItalyInformatica

> Supponiamo che uno (anzi, più di uno visto che siamo tutti componenti di un LUG) voglia iniziare a smanettare un po' in quest'ambito, che cosa consigli?

di farlo :)

> Mettere su un webserver e iniziare a tentare di bucarlo con gli exploit conosciuti può essere una buona idea oppure è meglio prima procedere con altro?

Tutto fa brodo (mi', ventesimo proverbio, mi sto biscardizzando :). Però per prima cosa devono essere chiare le problematiche agli strati più bassi: boot da media esterno, forensics "malevola" (accesso al fs, reset delle password, estrazione delle password, trojanizzazione dell'OS, ..), MITM e i suoi derivati, poi nmap e network/service discovery come se piovesse, analisi di tutti i servizi esposti, poi "finalmente" potete dedicarvi anche alla parte (web) applicativa.. :)

Ci sono moltissimi "playground" per divertirsi ed imparare, sia come vm da scaricare che contest, crackme & co. online, alcuni al volissimo:

u/Snackman11 · 16 pointsr/computerforensics

Digital Forensic workbook is a great source for building foundational knowledge on many of the general computer forensic techniques. It covers info such as file system forensics, acquisition, software write blocking, registry analysis, email analysis, internet history analysis, recovering data in unallocated space, etc. Labs are included with the book so you can test the content learned against sample data.

Learning Malware Analysis Guides you through static analysis, dynamic analysis, using IDA pro, and other dismembers to determine the intent of malicious files.

Practical Malware Analysis

Wireshark Network Analysis

u/_Skeith · 16 pointsr/AskNetsec

Hey man! I work as Security Analyst - about a year away from graduating with my Bachelors.

I suggest you pick up the CompTIA Security+ Certification, as well as start learning the basics of Networks and how they function. Learn ports and protocols, as well as how IDS/IPS/Firewalls function. This will get you an entry level role as a Jr Analyst. I suggest you use [](Professor Messers Security+ Videos) This will teach you the basics of security work, networking concepts, threats, etc.

At the same time start listening to podcasts like Paul's Security Weekly, Down the Security Rabbit Hole, etc. As well as start reading blogs on hacking to get a feel for whats done.

Get a home lab and learn a few tools like Wireshark and Nmap for basic Security Analyst work - to learn how packets work, how they are structured, and how to scan pc's for ports and services. At the same time, focus on learning about threats and vulnerabilities (which are covered in security+).

If you want to get into PenTesting then you need a wide range of knowledge. Pick up and learn a few languages (master the basics and understand what the code does and how to read/interpret it). You need to know: PHP, HTML, SQL, Python (or Ruby), and a basic language like C, or Java.

If you want to dig deeper into PenTesting then start reading:

Good way to get into the Kali Distro and learn how to run Metasploit against vulnerable VM's.

Take a look at for books, and vulnerable VM's to practice on. is also a good place with tons of videos on Ethical Hacking, Post Exploitation, Python for Security, Metasploit, etc.

Pick up some books such as

The Hacker Playbook 2: Practical Guide To Penetration Testing

Hacking: The Art of Exploitation

Black Hat Python: Python Programming for Hackers and Pentesters

Rtfm: Red Team Field Manual

The Hackers Playbook and The Art of Exploitation are great resources to get you started and take you step by step on pen testing that will allow you to alter explore the endless possibilities.

Also a good list of resources that you can learn more about security:

Getting Started in Information Security

Pentester Labs

Awesome InfoSec

Awesome Pentest

Overall experience and certification are what will get you into the door faster. Most employers will look for experience, but if they see you have motivation to learn and the drive to do so, then they might take you. Certifications also are big in the infosec field, as they get you past HR. And having a home lab and doing side projects in security also reflects well.

u/ipe369 · 15 pointsr/learnprogramming

Not an expert, but heard this title being bandied around:

u/lebootydestroyer · 15 pointsr/HowToHack

Learning to hack, with little knowledge of it, will be a journey. You have some background in CS which will definitely help.

Learning to hack, from scratch, is where things become difficult. Where do you start? How do you learn? Luckily there's a vast amount of resources to learn from online.

To start learning is a matter of what you prefer.

Like watching videos/lectures?

Prefer reading books on the subject?

Most universities have Ethical Hacking / Cyber Security courses, can always check there.

I'd recommend learning Python, SSH, and the Linux Terminal in general to get started. But learning how those apply to hacking is a matter of learning and practice.

Hope this helped, and good luck!

u/orangelounge · 14 pointsr/computerforensics

Start with reference data sets:

and free tools like Autopsy and SleuthKit:

And the bible on digital forensics:

before worrying about proprietary tools like EnCase. Autopsy is like free EnCase. Same principles apply.

u/simonsarris · 14 pointsr/javascript

Read JavaScript: The Good Parts by Crockford. He goes over structuring JavaScript in an OOP fashion. More generally it's a great book that will bring your understanding of JS from intermediate to the beginnings of expert.

u/polypeptide147 · 14 pointsr/HowToHack

Start here.

Read those left to right. You will learn a lot about networking, a lot about Python and how that is commonly used to hack, and then a lot about Kali Linux. You won't learn how to use the tools, but you will learn what they are.

I would also recommend "Operating System Concepts" but it is a bit pricey. I like that book because it doesn't teach you how to use a bunch of commands in linux, rather it teaches you how operating systems work and why they work that way. Very interesting, and there is an entire section on security. Also, "Penetration Testing" is a good one, and it is cheap too. You will learn how to use some Kali tools, but you'll also learn the important stuff. Buffer overflows and format string attacks are what you need to know how to do. You need to know how to look at and manipulate memory.

If you want to figure out how to do it yourself, read the first four books. If you want a step-by-step guide of exactly what to do, read the last book. It is also pretty important, IMHO, to know a bit about operating systems, but honestly you don't need that one. It just tells you why things are the way they are, which is sometimes helpful when you're like "oh I wonder if I can hack in like this" but then you remember that you could, but they changed it because you could.

Good luck on your endeavors!

Edit: I looked at the sidebar and it agrees with me about learning how OS's work. It says: I think the best place to start is to get a solid understanding of OS concepts first. The combo of Linux, C, and ASM are almost essential to really understanding how everything melts together. I like this resource:

u/uzimonkey · 13 pointsr/gamedev

I wouldn't call this game "finished," not even in quotes. Implement scoring correctly with display in the game and disappearing/respawning balls, correct deflection (as if the paddle were rounded), smoother AI motion and correct keyboard input (it's backwards and seems to rely on autorepeat). Then the game will be a "finished" pong game.

I can't comment on the Javascript code really, but if you're just learning Javascript, I really recommend reading Javascript: The Good Parts. It's a very short book on how Javascript really works, with no real attention given to irrelevant APIs (to game programmers) and the like.

I also recommend looking at one of the several HTML5 game libraries out there. I'm using ImpactJS, but it costs money. If you want something free, you could try looking at Crafty. They abstract a lot of things and you can focus on making games, and not with the details of HTML5 APIs.

u/Cantum2 · 13 pointsr/learnjavascript

When I was starting to learn JS which was not that long ago at all and I am still learning I started with this video series:

.then this one

.then this one

.then I read:

.then I read:

.then I read:

When I felt like I had a good enough grasp on vanillajs I started a giant project in Angularjs. Where I advanced my skills with git big time. Other resources I used are:

Rest api with MEN (lol):

Docs are great for js:

These were good for angularjs just incase you were interested:

Honestly I cant link one of this guys videos because they all help sooooo much:

u/_o7 · 13 pointsr/HowToHack

Copy paste from a post I made earlier

Malware RE isn't really all that much voodoo as it seems, you take the executable and break it down into steps.

First check out the PE headers and find what strings you can, characteristics. Figure out if the malware is packed or not.

A quick and dirty way to get an idea of what it does it run it with certain tools on the system and a linux box to intercept all network communications. This is called behavioral analysis.

After that you can load it into a disassembler like IDA Pro and start looking for interesting functions or windows API calls. Things like WriteFile, VirtualAllocEx, ReadFile then figure out that they are doing.

After that you can take it into your debugger (I like OllyDbg) and set some breakpoints at interesting functions to see what the malware is doing in the stack. Like I said, its not voodoo once you look into it further.

Creating the malware is a whole different story and outside my skill set. In fact I hate programming and know only high level programming, basically I can interpret code and what it wants to do. But I have an easier time reading Assembly (lol) than something like C++. But coding malware is just like coding anything else, design it for what you want it to do and get to work. Stuff like Stuxnet had probably at a minimum 10 extremely talented coders behind it.

Here is a great list of learning sources. Malware Analysis Course - Free

Opensource Malware Analysis Course - Free

Dr. Fu's Malware Analysis Course - Free - Free

SANS FOR610 Reverse Engineering and Malware Analysis - Expensive

Practical Malware Analysis

Practical Reverse Engineering

Malware Analyst's Cookbook

u/Ranakor · 12 pointsr/dotnet

Why would we use his coding standard when there’s already a book of coding standard from the people behind .net ?

u/meathead80 · 12 pointsr/exjw

There's a reason why there is a Javascript book (1096 pages) and another called Javascript: The Good Parts (176 pages).

I think the bible could use a similar treatment.

u/PhantomRacer · 12 pointsr/programming

I highly recommend JavaScript: The Good Parts. I'd say to read that one first because it explains how you should think when programming in JavaScript. Knowing the syntax and function names is no good unless you how to use them.

u/chickenfun1 · 12 pointsr/ProgrammerHumor

Web dev having trouble finding work? Buy this book and this book, read them and contact [email protected]

u/B_Byte · 12 pointsr/AskNetsec

I'd suggest you first take an ASM course.
This would be a great start
Next, you have two options.
You can get this awesome book
or you can start with this course
which is a reduced version of the book.

After you're done, I think the best thing to do is to find someone who can sponsor you to attend SANS 610 course.

u/sitefall · 11 pointsr/learnjavascript

You're an experienced programmer: this

You're a mathematician/scientist/engineer/etc: this

You are "ok" with another language: this

You're more of a "video tutorial" learner: this (and your local library probably gives you free access, seriously check)

You're completely new to programming: this

You're 9 years old: this

u/soadapop · 11 pointsr/PHP

Probably the best book I've read on this matter is PHP 5 Objects, Patterns, and Practice. It will bring you through the basics of OOP in PHP all the way to the advanced goodies found in patterns and practices.

Many of the patterns found in the book are cornerstones for the plethora of MVC frameworks out there and I feel that anyone who has a good understanding of the material in this book will be just fine out there in the real OOP world.

Also, checkout out this really good aggregate of a bunch of web development (mainly PHP) topics and articles.

u/Sionion · 11 pointsr/hacking

Bro, you should really learn more about this kind of stuff before you get your self in prison. From your posts it is obvious you are up to no good and have barely any knowledge of TCP/IP. I would put aside aside trying to RAT random people and pick up a book on TCP/IP. If you're actually interested in pursing a future in Netsec, RATing people is not going to help you. I suggest you setup a Virtual lab and practice setting up linux/windows servers, understanding how things work is necessary to being an effective hacker.

OpenVPN is very secure. You could rent a VPS and install a OpenVPN server on it, you would then connect to it with the computer hosting the RAT server, on the OpenVPN server you would configure iptables to forward any traffic on a specific port to your RAT servers VPN ip address. You can do that using iptables NAT rules as described here.

It would be far more straight forward to instead just use SSH to forward ports or to instead install the RAT server on the VPS.

Don't RAT random people, just learn how to do this stuff in a virtual environment where you don't break any laws.

u/Deterministic · 11 pointsr/itsaunixsystem

This really isn't as ridiculous as people are making it out to be. Encryption is commonly employed in malware as an anti-reverse-engineering measure. When you're a malware author and you want to make it harder for a malware analysis lab to figure out what it is that you did with a piece of malware (say you're targeting this malware at stealing credit card information, navigating a corporate network, compromising admin accounts within a company, etc.) you can encrypt your actual program code and include a snippet of code that runs on execution to decrypt the code by reading, decrypting, and writing back the region of memory where the encrypted code lives. This makes it a bit more annoying for a malware analyst to disassemble your malware and figure out what it's doing.

Python 6 is a bit silly though. Python 2.7 will be in use until the end of time.

For anyone curious about reading further, Practical Malware Analysis is a good resource.

u/Nezteb · 11 pointsr/C_Programming

Some physical book recommendations:

u/BeanBagKing · 11 pointsr/HowToHack
  1. Code Academy has some free resources for getting started: Overthewire is also usually recommended. Also, just start using Linux and google solutions as things come up that you don't know how to do. Regarding pentesting methods - There's a lot of resources out there, check the sidebar, but this book lays out the standard methods used: (you can probably find it cheaper with a no starch press discount code)
  2. WSL and python (or just python, but might as well get used to linux at the same time). Also, bash and powershell scripting.
  3. Yes, the book above isn't free, so like I said, sidebar and such. Ask for it for your birthday, do odd jobs, etc. You don't have to make things expensive, but you're eventually going to have to spend a little bit here and there.
  4. Anything. Kali is kind of the standard, which is basically Ubuntu Gnome (actually Debian based) with all the tools installed. Windows is good for some tools though, and just to learn the environment since Windows environments are typically the target.

    Also, second what /u/BigDaddyXXL said.
u/B0b_Howard · 11 pointsr/netsecstudents

(re-comment of a re-comment of a re-comment but...)

One of the books I see come up time and again in recommendations for OSCP prep is Penetration Testing: A Hands-On Introduction to Hacking by Georgia Weidman.

She has also done a video series along the same lines as the book that is available for free from Cybrary.

u/spidermesh · 11 pointsr/AskNetsec

As a pentester you would typically need to follow a methodology of some sort. Here is a well known one

Typically you would first enumerate all open tcp/udp ports using a port scanner such as nmap. Then you would analyze ports one by one to see if they contain any vulnerabilities. If it’s a service running an outdated version of a particular software you would look up exploit-db and see if there is a corresponding exploit. Then tweak it to give you reverse shell to your IP address in metasploit or netcat. If it’s a web service you would use web methodology such as the one from here to look for web vulnerabilities in the web application and attempt to gain a shell that way. After you get a shell you might be highest privileged user or you might need to escalate your privileges. If you are regular user you look for ways to escalate your privileges depending on operating system you are logged in to. Get hackthebox vip account because this will give you access to retired vms and especially windows.

The OSCP certification is pretty much is doing combination of the steps described above on multiple machines. There is a book which goes over this methodology as well

Here is a great resource that many people use as a resource to study for OSCP as well
And if you search for oscp survival guide you can get additional resource to reference. Also rtfm is a good reference book as well.

Edit: here’s a good guide on using methodology with template you can import

u/kotojo · 10 pointsr/IAmA

I'm just two months into my first real job for programming and have a few books I've been going through.

Clean Code is a book not just about writing code, but good code that is easily maintained and passed down to other people to understand.

Working Effectively with Legacy Code was a great read coming into company that has been around for 20 years and is on the third iteration of their product.

I am doing web development so You don't know JS, Javascript: the good parts and then Javascript The Definitive Guide have all been a great help.

If you aren't much a book person, is awesome for info on tons of different technologies and is well worth the monthly cost. Go follow every major name in your preferred technologies on twitter. They will tweet all sorts of cool things to learn about. Also, PODCASTS!!!. I don't even listen to music anymore. If I'm in the car alone I'll be listening to Dot Net Rocks or Javascript Jabber.

Lastly, there are subreddits for every tech imaginable. Go subscribe to them and hit everyone up for where they get all their info!

u/veeberz · 10 pointsr/netsecstudents

A principle in web app security: user input cannot be trusted.

With that in mind, the following are the kinds of user input you can mess around with: query parameters, post params, file uploads, cookies, http headers, even out-of-band inputs like emails (if they get processed) or all of the above but for a different but related service.

Sometimes user input can be crafted to exploit unexpected behavior. Causing a 500 error may give you interesting error messages. Maybe form input isn't sanitized and you can perform sql injections, XSS, and the like. File uploads - do the files appear to be uploaded to their server (and not something like S3)? Try dropping php files (if it's a php application), try XXE if Word or Excel documents are expected. All sorts of fun possibilities can be explored wherever there is any user input.

Another subject worth studying: attacking authentication. Is there no rate limiting? Usernames can be enumerated? How about a brute force attack? Take a look at the session token in the cookies - can you reuse them? Are they custom-made (does not appear to be generated by a known framework)? Try attacking the token-generation scheme itself. Discovered an XSS vuln and the cookie entry for the session token is not set to http only? Write a script to steal them cookies - that'll be your XSS payload - sit back and wait for someone to bite.

I think exploring these topics is a great start.

Recommended reading:

Edit: to add, the tools you have listed are info gathering tools. That's the first thing you want to use to give you a nice idea about potential attack vectors. Sometimes dirbuster can yield nice results in itself. For example, I found a deployment script sitting on a prod server - with AWS keys!!! Tip for info gathering: you can use builtwith to see what tech the target is using, and tailor info gathering scripts (like dirbuster) for that.

u/MadCapitalist · 10 pointsr/learnjavascript

For me, Head First JavaScript Programming was a lifesaver when I first started learning JS. I just wish that I had started with it.

I also recommend the You Don't Know JS series.

u/ItalicsWhore · 10 pointsr/AdPorn

This guy has an amazing website and a great book!

u/Livelol · 10 pointsr/leagueoflegends

Best place to start is: ;)

Additionally, I study Computer Science & Systems Engineering, that helps a lot ;)

u/grauenwolf · 9 pointsr/csharp

This is the book you want:

This is literally the book that Microsoft's own developers created and used when creating the .NET framework.

u/solid7 · 9 pointsr/linuxadmin

A lot of what has been suggested is great for learning linux. Realize that "out there" very little is served out of a single box (and if it is you're doin it wrong). Production infrastructure likely looks and acts very very differently from your home linux workstation. Just because you know how to type sudo apt-get install apache2 does not mean you are ready for a full ops position... BUT - if you put in the wrench time and pay your dues, you will get there.

Here are some areas that would be good to build your knoweldgebase up in...

  • First and foremost - you must build the ability to learn how to figure things out and build an intuition of what to inspect should something not be working. This comes from having a working knowledge of many different systems in a large heterogeneous environment. This will come with experience.
  • Learn some of the rapid deployment frameworks - cobbler, puppet, cfengine, etc... No one sits around configuring each and every production machine from scratch.
  • Now that you are familiar with (presumably) the installation and configuration of apache, start thinking about setting up caching/proxy infrastructure. Get a sense for what to use for load balancing v.s. caching v.s. increasing availability (and some combination of the three). Become familiar with things such as nginx, mod_proxy, haproxy, squid, varnish, mongrel, etc...
  • You MUST know how dns works. Crickets bind and dns should be considered required reading. Any lack of understanding of how dns works is simply unacceptable for a proper sysadmin.
  • this book is required reading, period.
  • You must become familiar with centralized authentication mechanisms. Most systems utilize something called PAM. Learn how to configure PAM to reference slapd, AD, etc... Kerberos is our current preferred central authentication mechanism, you need to know how to bounce kerberos tickets around. Get slapd (OpenLDAP) up on its legs.
  • When running a linux kernel, learn how to configure netfilter. Under linux, Netfilter is the thing responsible for routing, nat, and packet filtering. Understand that other kernels do not use netfilter (or commonly use something else). Become familiar with the common kernels firewall, routing, and forwarding system(s). Don't make the mistake of saying "the iptables firewall..." in the interview room! Iptables is not a firewall.
  • Know your basic networking. Internet core protocols should be added to your list of required reading. Understand the differences between a hub, bridge, switch, and router. Learn how to "subnet", which means knowing your binary math! I cannot tell you how many times I have seen a messed up network because someone didn't know how to figure out /27 and keyed in the wrong values from a "subnet calculator". Along with networking do a bunch of reading/research on vlans, trunking and stp. Most people cannot tell you what a L2/3 managed switch is or how it differs from a "dumb" switch or router. Don't be one of those people! Learn how to configure routing protocols such as BGP, RIP and OSPF (also, learn basic computational graph theory). You may not end up doing a whole lot of networking, but it's really good stuff to know.
  • Virtualization is important. You need to know the different forms of virtualization (desktop v.s. os-level v.s. para v.s. hyper virtualization). If you are keen to linux, you need to know how xen and kvm work (this is typically what commercial vps's typically use). Also look at vmware and virtualbox for desktop virt. For os-level virtualization, you need to know how to use LxC and jails.
  • Learn how LVM works! Spend some time familiarizing yourself with LVM2 (linux), vinum (BSD), and ZFS's container framework (Solaris/BSD). Know how and when to use raid. Make sure you understand the implications of the different raid configurations.
  • Learn common backup methodology. Raid is not backup, don't make this mistake.
  • Get used to doing everything on the command line, and always think "what if I had to do this on 20,000 servers?".

    So off the top of my head there's a bunch of things you could study. I think that's quite a bit to get your head around, and a deep understanding of some of these topics will only come from working experience. There may be a LOT of work to do in some of those areas. Getting a fully functional xen (or kvm) based system up and on it's legs is not an easy task for the uninitiated. It is my opinion (and everyone else is free to disagree with me) that all good sysadmins/ops/engineers need to "grow up" in some area of lower level technical position. That can be a jr. admin position, the helldesk, or whatever else... This will give you the "systems" working experience that will let you branch into a full fledged admin/op position. Getting some certs under your belt can help you get in the door, but by all means isn't required. Cert's cost money and (the ones worth getting) take time. Personally, I tend to stray away from places that make a big deal out of certs... but that's just me.

    tl;dr: Learn how to learn. Pick something you don't know how to do and leverage a linux system to accomplish that goal - rinse and repeat.
u/everythingmalware · 9 pointsr/Malware

If you are debugging you can manipulate the execution path. For example, the IsDebuggerPresent function call returns a nonzero value when the program is running in the context of a debugger. In intel x86 asm, return values are generally stored in EAX. Next there will be a comparison between EAX and zero. If they don't match, the malware will typically terminate.

When using a debugger you can set EAX to 0 before the comparison takes place. This way even though you are debugging, the malware will not know it is running in the context of a debugger.

There are also ways where you can patch the executable to change sections of code. This way you won't have to manually change the register values each time. Instead everytime IsDebuggerPresent is called, it will take the execution path you want everytime.

Sorry if this is confusing, I'm not sure the best way to explain this. This is more advanced analysis techniques / reverse engineering, so if you don't know assembly then it might be over your head.

There are some good resources out there to learn though. Practical Malware Analysis is the go-to book. I've heard good things about the Leena tutorials on tuts4you. There was also a blogger called The Legend of Random (might be down) who made some cracking tutorials. I personally think a good way to learn is to write a simple windows program (using a higher level language) and reverse the binary. This way you know what the source code is and see what it looks like in ASM. (Make sure to do these in VMs or another isolated environment).

u/WellThenScrewIt · 9 pointsr/ReverseEngineering

Learn to write simple C programs. Then debug your own C programs, preferably in OS X or Linux using gcc/gdb. Then disassemble your own C code (learn how to disable optimization in the compiler; try it with no optimizaiton and then with increasing levels). Then look at C++ and (gasp) Visual BASIC and such. Turns out a ton of malware is written in these languages, and the snarl of garbage that you'll uncover that is just part of the auto-generated message handling stuff for VB will astound you, so don't start there...but it's important to understand those structures when you see them.

Then follow tutorials about reversing other programs. There are great books on this.

It helps a lot to know assembly language, but you'll tend to pick it up as you go.

You'll want better tools than just command-line disassemblers. I prefer IDA Pro.

There's a great book that uses IDA Pro with many examples to address precisely your questions.

Here's another great book on malware analysis that covers all kinds of tricks you might bump into when working on real targets.

I see all this as a long-term iterative exercise. It's fascinating.

u/woolymangaming · 9 pointsr/learnpython

If you haven't read/heard of it yet, check out Black Hat Python. I'm reading it right now for projects to work on, and it will put you on the right path for Python and cyber security.

u/TehUberAdmin · 8 pointsr/javascript

But for the love of God, please, please, learn JavaScript itself to a good standard before even touching jQuery.

Even though jQuery makes writing web apps a lot easier and saves you a lot of development time, it is still a JavaScript library and as such, if you don't have a good grasp of JavaScript, you're going to be writing jQuery code that may well work correctly, but you're not going to have any idea why it works correctly and as such, debugging and writing advanced jQuery code is going to be a nightmare.

I appreciate that you might not want to spend any money on learning JavaScript, but if you're really interested in the language and want to know it well (and you already have a solid foundation in programming), then I highly recommend getting JavaScript: The Good Parts and reading through that. It's short (176 pages), you can read it in an afternoon (though the first time round, some of the stuff might go over your head), and although it may be very opinionated, most of what Crockford says is pure gold and at the end of it you will have a thorough understanding of how JavaScript works and how you can write good JavaScript, which will aid you tremendously when you start using libraries such as jQuery.

Apologies for my rantiness, it's just that JavaScript is seen as a 'toy' language by many, a simple language that people can just jump in and use without learning it first, as evidenced by people suggesting diving straight into jQuery, which is a reputation that I think is undeserved. JavaScript may not be the prettiest of languages, but it's here to stay, and if you learn to use it properly, you'll find that beneath the design mistakes lies a simple and beautiful programming language that just wants to be loved.

u/smo0shy · 8 pointsr/MrRobot

I actually already have a copy of Hacking: The Art of Exploitation. My personal library consists of around 45 books on a range of computing topics from PHP, MySQL, C++, Windows Internals, CCNA, MCSE/MCSA, Unix, Rootkits, AI, Data Structures and the list goes on.

Other relevant titles include Gray Hat Python, Reversing: Secrets of Reverse Engineering and Rootkits: Subverting the Windows Kernel.

I was going to buy the following: Assembly Language Step-by-step, SQL Injection Attacks and Defense and Metasploit: The Penetration Tester's Guide.

I agree that where one starts really depends on what they want to end up doing. "Hacking" is such a general term and SQL-Injections is completely different from finding 0-days. If I'm honest I'm not sure where to start but I'm open to suggestions.


u/emcoffey3 · 7 pointsr/webdev

I'm a big fan of JavaScript: The Good Parts. I'm not sure if it is quite intermediate, but it is a terrific (and short) read.

Secrets of the JavaScript Ninja is a bit more advanced. It's written by the guy who created jQuery. I found some of the coding style to be sort of strange, but it does have a lot of great information.

u/theanzelm · 7 pointsr/Games

I can really recommend this book: (not an affiliate link ;) )

JavaScript is amazing if you embrace it's prototype-orientation and assorted ugly warts.

u/mysticreddit · 7 pointsr/gamedev

To expand upon this ...

  1. In game dev just because a language has a feature doesn't mean it's a good idea to use it. Professional game devs are concerned about the run-time costs. That means knowing the costs of the features your language provides.

    For example, see this talk about how Ubisoft uses C++

  • CppCon 2014: Nicolas Fleury "C++ in Huge AAA Games"

    They avoid most of modern C++ features because there is little, or no benefit, and the (run-time) performance cost is too high.

    To be a great programmer, you should know both the strengths and weakness of every language feature. They were designed and added to the language to solve a certain problem. What is the context? Where does it NOT perform?

  1. As you move from indie to professional game dev you will be more focused on budgets. Memory Budgets. Performance Budgets. Polygon Budgets. Shader Budgets. How how to manage memory with a mid-level language like C is a fantastic skill to have. You should have a grasp of using memory/object pools which can be used in Javascript to further boost, say your particle system performance.

  2. OOP does not scale and leads to terrible performance. For now, don't worry about it.

  3. Javascript is a shitty designed language.

    On the negative side, it has tons of small gotchas. One of the ways to minimize it biting you in the ass is to use this hack at the beginning of your .js file

    "use strict";

    This will prevent the browser from allowing you to use variables that haven't before declared.

    On the plus side, it is fantastic for rapid prototyping.

  • ALL Javascript programmers should have Douglas Crockford's book JavaScript: The Good Parts

    Now I didn't say you shouldn't use Javascript. Whether you write your game in C or Javascript is (slowly) becoming irrelevant as you can compile Javascript to C, or compile C to Javascript.

    Use whatever language you feel fits your dev style.

    All programming languages suck. Some just more.

    The more programming languages you know, the better the programmer you will be.
u/zjs · 7 pointsr/web_design

It's not quite what you asked for, but the parent of this reply answers that.

JavaScript: The Good Parts offers a wonderful Computer Science style discussion of JavaScript.

u/drstranglove · 7 pointsr/AskNetsec

Servers should always be hardened and because everyone likes long guides the National Vulnerability Database actually maintains a lot of information regarding hardening servers. So for the actual server itself can be hardened using the following guide located here. That is for Red Hat Enterprise Linux 5. It will change from distro to distro, but some things are pretty standard. I agree with PalermoJohn as well that learning more about networking will certainly help you in securing your server and network.

For applications running on your web server the link for OWASP Top 10 that Rsaesha posted will help you. If you have more time and would like to learn about Application Security, The Web Application Hacker's Handbook is a great resource to learn a lot about security in Web Applications.

Both application and network level security are required to truly secure your web server.


u/elvinguitar · 7 pointsr/AskNetsec

IMO, these books are the best ones for web pentesting:

The Web Application Hacker's Handbook

The Tangled Web

OWASP Testing Guide v4

u/Faluzure · 7 pointsr/Futurology

While Munger and Buffet are fantastic wealth generators based on value investing, they're definitely not software engineers. If you want to make a somewhat informed decision on Bitcoin and what cryptocurrecies represent, you should strive to educate yourself and not listen to what these two say about something they don't understand.

Andreas Antonopolos is a great educator:

The book published about his talks is also a fantastic resource:

u/DeepSpaceHomer · 7 pointsr/ITCareerQuestions

I used to take things apart as a kid; VCRs, RC cars, TVs, PCs, etc.. just to see how they worked. Went to school for 2.5 years learning programming (C++, Java, HTML (if you can call that programming)), hated that and the personalities (I;m introverted but programmers / devs are next level introverts). Transferred to a music track at another school and finished with my BA. Got a job in music, but missed IT so I applied for a business analyst role at the same company - worked with devs doing light SQL work and end users assisting in the deployment of an internal CRM. Moved on from there to an internal IT spot, then after that an MSP - another MSP, which is what I'm doing now.

Got experience in VMware (and VDI), a bit of Azure, lots of onsite support and have done work for high profile clients, celebrities, CEOs, etc.. basically do what you need to do to get the job done. I'm constantly learning, the next stuff I want to learn is networking - as in high level network - using the TCP/IP Guide ( and Internetworking (

Also need a lot of Linux experience since VMware and Cisco products are based off that. Start with the fundamentals and go from there.

I fucking love what I do. I have an A+ cert from years ago, but haven't bother with anything since. I do a lot of work for hedge funds now so it's more who you know than what you know - I'd like to get a cert in the future but don't really have the time. If you have any questions or want me to take a glance at your resume just send me a message and I'll shoot over my email.

And full disclosure, IT has a lot of bullshit you need to deal with, if you can't handle that or deal with it the correct way (read: just deal with it) then you're gonna have a bad time - shit will break, things will fail, backups will take huge dumps, but you just have to have the mindset that you can fix it or know where and how to find the answer (vendor support tickets are your best friend - specific to Cisco TAC. lol)

u/d1sr3 · 7 pointsr/Malware

This site contains a list of sites providing collections of malware samples : If you haven't read any book about malware analysis yet I would recommend you to start with since you could get yourself easily infected as a beginner

u/netscape101 · 7 pointsr/netsec

Learn sysadmin skills (linux sysadmin especially), learn to program in atleast one language can be anything: javascript or even python. Learn to hack web applications. Learn about infrastructure penetration testing. Have a look at and Here are some guides to get your started:

Here is a copy paste of what I sent to another guy. Anyways here is my reading list: Check this too for practice: (List of vulnerable web applications that you can try on) Try hackerone and bugcrowd too. Live sites you can hack. Some Stuff to read: Also read: 1. The Web Application Hacker's Handbook. (800 pages but just browser through it) 2. The Database Hackers's Handbook 3. Android Hacker's Handbook 4 . This book is good if you still very new: Also read this: and this: Also check my subbreddit: /r/netsec_reading Some more blackhat stuff:

u/Verdonkeremaand · 6 pointsr/AskReddit

You might want to read The Shallows by Nicholas Carr. He writes about the internet as a new development in our history of mediums and how this affects, 'rewires' our brain. He also had problems with concentration while reading long articles or books and thinks that the internet not only improves our knowledge but is also changing the way we are processing our information. I'm currently reading it, so I can't give you the conclusions yet, but it's really interesting.

(edit - added link to book)

u/RecycledAir · 6 pointsr/javascript

I've recently been working on my JS skills and heres a few resources I've found super useful:


Javascript Patterns

Javascript: The Good Parts

Javascript: The Definitive Guide (While an exhausive resource on the topic, this one is a bit verbose)


Mozilla's Javascript Guide (One of the best free online javascript guides/references.

How to Node (Tutorials on server-side Node.js)

Daily JS (Interesting JS related news)

Echo JS (Similar to above but updates less frequently)

Hacker News (This is more general tech news but there is a ton of useful web stuff, especially as node.js is currently a hot topic. Reddit actually spawned from HN)

Online Videos (free)

Douglas Crockford's Javascript Lectures (I would recommend these to anyone getting into javascript)

u/dmazzoni · 6 pointsr/learnprogramming

One more to add: JavaScript: The Good Parts

(obligatory joke)

In all seriousness, it is a really good book.


u/jhnsnc · 6 pointsr/webdev

First of all, don't worry too much about a single interview. A lot of interviewers don't really know what they're doing / why they are actually asking the questions they are asking. Usually, they're programmers--not experts at hiring people.

Having said that, you definitely want to be familiar with common "gotchas" and major issues in the languages/frameworks you will be using.

For JS, I recommend two books in particular: JavaScript: The Good Parts and JavaScript Patterns. I found these helpful because they cover all the major issues with the language and they are quite concise. These don't cover any frameworks like jQuery or Angular though--that's another matter altogether.

Also take a look here:
There's a good chance the interviewers will straight up copy questions from this list and you researching the answers will be a great learning experience.

u/duskwuff · 6 pointsr/lolphp

Now I'm imagining a book titled "PHP: The Good Parts". (Kind of like "Javascript: The Good Parts".) Only, it's less of a book and more of a pamphlet.

u/rjett · 6 pointsr/javascript



Old, but probably still relevant

Yet to be released, but you can get the in progress pdf from the publisher


The one that everybody recommends

HTML5 spec


Latest Webkit News

Other than that build build build. Make demos and play. Ask questions here or on stackoverflow and read other people's code. Also, lots of great old JSConf videos out there.

u/KidA001 · 6 pointsr/learnprogramming

Check out JavaScript, the Good Parts. Imo the best beginner JS book. No one should be able to save a .js file without reading it :)

You can learn angular without learning JS first, but it sure will help you go a lot further if you understand the fundamentals of JS.

u/matty961 · 6 pointsr/uwaterloo

This book should be good enough to last you through undergrad.

u/hitmanactual121 · 6 pointsr/hacking

I wouldn't recommend starting off with metasploit, what you want to do is learn the basics on linux, I would recommend this book:

After that, learn some info sec theories (boring, but important if you want to make a career out of it.)

these two books are what I used:

The first book is mostly intro to basic concepts such as port scanning, firewalls, networking, etc. the second is info sec theories

This would most likely be your next book to buy, its a little more advanced, and has some challenging content in it.

Finally grab this bad boy

you should have some decent knowledge about network security by then.

u/BinMapper · 6 pointsr/Malware

Some resources which will indirectly help you for GREM

u/xSinxify · 6 pointsr/AskNetsec

That's a good setup you have going on, honestly. If you're looking for more resources, I can think of a few resources to supplement what you're already reading/doing

The Tangled Web -

SQL Injection Attacks and Defense -

Hacking Exposed: Web Application - - At this point, you can probably filter out what's relevant to you or not, this will map out other topics related to what you need to know, and may fill in any gaps you have at this point.

OWASP - [Borderline vital to web app exploitation, Highly recommend if you haven't explored this site yet]

Now, the books and study materials are nice and all, but the most important thing is practical experience, and I see you've identified that by engaging yourself in DVWA. A few additional hands on labs you could dive into are vulnhubs that target the web (Broken Web Applications Project by OWASP is a must):

Wargames (Overthewire / Smashthestack):

SecurityInnovation ( - It will start off with web challenges, feel free to stop when it starts getting into binary exploitation. What you've learned up to this point should carry you through the web application portion of this challenge, although some lateral thinking is required, which is also a skill you'll need for the GWAPT.

Google-Gruyere -

Since you stated that you were going through the WAHH book, the labs over at mdsec may be a good investment for you at this point to follow along (although not exactly required if you properly use the resources above) - Again, filter out what you need to practice here. Lots of good challenges for multiple different areas of study.

CTF's: Be on the lookout for CTF's on and put a focus on the web challenges. These challenges will encourage lateral thinking like the securityinnovation challenge. is an archive of older CTF's if you're having a hard time finding upcoming CTF's with good web exploitation sections. In my opinion, CSAW is especially good when it comes to web challenges, but check most of them out if you get time.

Another recommendation to you is to develop a decent understanding of how a web application is structured. It becomes easier to visualize how to attack a web application, when you can engineer one. So I will recommend that you learn:

HTML/CSS - don't spend way too much time on this, codecademy should suffice here

Javascript: The source of the client side exploits you will find in the future. Get your feet wet in javascript via codecademy, and progress further.

PHP: Source of the majority of server side exploits you will find (RFI/LFI, SQL Injection, etc). As with javascript, get your feet wet through codecademy, and try to progress further from there.

SQL: Important to know for SQL Injection. PHP is responsible for the implementation that leads to SQL Injection, but you should really know SQL to actually manipulate the DBMS to your needs.

With the web languages I listed, the end goal for you, should be to identify vulnerable source code, as well as being able to intentionally develop vulnerable source code, and fix it.

At this point, you should be relatively comfortable with the concepts covered in the GWAPT, however if not, take a look at the bulletin/syllabus of the actual exam, and individually research each topic.

Looking at the syllabus for the actual course that maps to GWAPT may provide some insight as well.

Hope I was able to help. Best of luck to you, and if you have any questions, feel free to let me know.

u/CrisisJake · 6 pointsr/ITCareerQuestions

I agree with what the others have said.

However, I'll give you some more direction and encouragement. I'm sort of in a similar position as you (except I'm a senior, and have a few years experience working with systems and networking) who is also looking at Security-focused internships.

The CompTIA certificates are okay, especially as a beginner, but they don't hold much weight. They're great for laying down foundational knowledge, and maybe helping you get an interview, but beyond that, they won't do much else.

If I were in your position, I would put my study time into getting the OSCP (Offensive Security Certified Professional). This thing is intimidating. It's one of the harder certificates to get in the industry, and the main reason for that is the exam is a rigorous 24 hour pentest. The payoff is worth it though; the OSCP has an overwhelmingly positive reputation in the industry (don't take my word for it, read up on other's opinions of it). This certificate doesn't expire, and it's something that can help you in your career further down the road (unlike the CompTIA certs). The biggest reason I'm mentioning it is because you can start as a total noob and still pass the exam (all you need is a basic understanding of networking and somewhat familiarity with linux) - be prepared to spend 300-400 hours in a lab environment until you get to that point, though. Start out with the Georgia Weidman book to see it it interests you, if so, go for it and don't look back. Even if you apply to non-offensive/blue team security positions, the OSCP will still put you and your resume near the top of the stack.

As your interest progresses in the Security industry, know that it's essential to have a thorough understanding of systems and networking - and how everything connects to each other.

Best of luck!

u/flexxoh · 6 pointsr/AskNetsec

IMO Georgia's book covers everything you'll need for the exam (specifically exploit development and POC modification).

The Metasploit book is cool, but since you don't really get to use it in the exam lab (you only get one Metasploit "lifeline" to use) it may not be worth picking up right now.

u/joejance · 5 pointsr/programming

Framework Design Guidelines is an excellent book for those that author APIs. I would recommend it to any developer or architect, not just .Net people. Various MS .Net and related team members share their thoughts and opinions on what they did right and wrong with .Net as they share their own, internal design guidelines.

u/somethngvague · 5 pointsr/writing

The Shallows by Nicholas Carr is a good book about this subject.

u/graw135 · 5 pointsr/HelloInternet

Thank you!

Amazon Here

u/4964d3aae7085d86607b · 5 pointsr/dns

The DNS and BIND book is commonly accepted as the DNS bible. It is mostly about BIND but BIND is the reference DNS implementation and all the concepts apply to most DNS servers.

Of course Wikipedia is also a wealth of knowledge in this area.

u/w3cj · 5 pointsr/javascript

I highly recommend checking out the You Don't Know JS book series by Kyle Simpson. It goes in depth into how the language works and all the quirks you might encounter:

If you'd like a shorter read and maybe have your opinions formed for you... checkout JavaScript the good parts:

u/eric_weinstein · 5 pointsr/ruby

> Failing that, are there any good cheatsheets/references for JS "gotchas" and unusual features that devs from other languages might not be familiar with?

There are entire books dedicated to this! (Also some entertaining talks.)

Here are some good JS books not aimed at total beginners:

  • JavaScript: The Good Parts
  • Professional JavaScript for Web Developers
  • Effective JavaScript

    Bonus (to give you a sense of the kinds of "gotchas" you'll find in JS):

    // Even though you pass in numbers, JS sorts them lexicographically
    > [5, 1, 10].sort();
    [ 1, 10, 5 ]

    // You "fix" this by passing in a custom comparator
    > [5, 1, 10].sort(function(a, b) { return a - b; });
    [ 1, 5, 10 ]

    // This probably makes sense to someone, somewhere
    > Math.min();

    > Math.max();

    // Some things are best left unknown
    > {} + {};

    > var wat = {} + {}; wat;
    '[object Object][object Object]'

    Here are a bunch more in quiz form.
u/EllaTheCat · 5 pointsr/tasker

In today's shiny web world, it can't hurt to learn JavaScript, but it's a dreadful mess, saved only by this fine book.

Python is a great language for learning, and I think Tasker supports it..

Now, I've spent years in software, and I suggest you stick with Tasker and its plugins, because it is very well thought out. You can learn a lot about real world stuff if you focus on being battery efficient and being responsive. Setting task and profile priorities, scheduling waits, running tasks in parallel, is an art.

Premature optimisation is the root of all evil in programming. JS doesn't necessarily make things faster, and believe me I've seen clueless JS programmers consider using C/C+ for speed, when they could have simply used JS properly. Use libraries, not DIY code, which is why AutoTools is so good.

u/bobishardcore · 5 pointsr/learnjavascript

JS is hard, especially for people new to programming. Basically, JS as we know it today is an evolution of a browser hack that only recently became a seriously useful language. The syntax is terrible, math and numbers don't make any sense, the regex system isn't super robust, oh and it's not really an OOP language. Technically, it is multi-paradigm and includes some oop-like things and classes are on the way to browsers, but it's for naught anyway, because you don't need classes in JS - It's a prototypical inheritance based language.

If you're new to programming in general, I'd say you should start with a more sane environment, like Python. It will teach you programming concepts while railroading you into making good coding decisions. It's really common for people to start with Learn Python the Hard Way - don't. Go to /r/learnpython and search "LPTHW 31" and just count up the people struggling with it. Zed Shaw is an idiot, there are better things to read, I'd recommend watching the google IO talks, get a buddy to learn with. Honestly, I've never read a python book cover to cover, but I feel pretty comfortable with the language from just googling "How do I do X in Python" millions of times, usually if a link comes back to, I click that one first. The docs are wonderful, you don't need a book.

But, since JS is one of the most important languages due to it's integration with the most common form of media distribution in our time, I'd recommend reading / watching talks by Douglas Crockford. Check out Javascript: The Definitive Guide and Javascript: The Good Parts. The second one is a little easier to digest, while the first is really the definitive guide.

In both cases, I'd recommend doing the challenges on

u/NegatedVoid · 5 pointsr/webdev

Crockford's JavaScript: The Good Parts.

Serious recommend.

u/user24 · 5 pointsr/node

I've been using node for about a year now (was a PHP/mySQL dev for 6 years before that) and have come to realise that it's all about methodology. The language is just JS (I mean, you should get good at JS too) but it's how you use it that defines whether your node code will be good or not.

Some things I've found useful:

  • JavaScript: The Good Parts If you're a JS developer, you just need to read this.

  • Node Beginner Book Hands-on node is a little more rough around the edges but still worth a go. I bought the bundle for kindle and didn't regret it.

    My experience:

  • Write everything in modules. Your index.js should be tiny. Ours just links URLs to modules.

  • Try to make your modules reusable. We're (I'm) guilty of having my modules assume a http request, which means I'm ferrying the request and response objects around all over the place. It's not heinous, but it is bad.

  • Put your modules in git

  • Caching: Our stack is slightly unusual in that we've built a REST API in node which PHP then consumes to produce the HTML for the site, so end users never connect directly to node. (We have reasons for doing it this way). So we cache the API results based on URL in memcache. For a traditional web server model you'd probably use caching proxies in front of your node layer. I also cache database results based on the SQL string (I think we tested it to be faster than querycache. If not, why the hell aren't we just using querycache? Hmm...), so even if the API-level cache misses, some of the data will still be cached hopefully. Your caching strategy will depend heavily on the frequency of data changes in your application. A lot of our data never changes. We certainly don't have sub-minute changes, and typically our data changes exactly once in its lifetime.

  • A good proportion of the stuff I write is utility modules (like pluribus) rather than business-logic specific to our website. I've written a HTTP router, a caching object (which abstracts the cache mechanism away so if we wanted to move away from memcache none of our code would have to change, we'd just plug in a new storage module to cachejs), a twitter module, and a connection-pooling module. Some of these problems were already solved in existing modules (and we use a lot of 3rd party modules too) but often you'll find that it's not quite right for your use-case, doesn't scale well, or the github isn't up to date with the latest node etc etc.

  • Node is getting better all the time. We've thrown away a few things we'd written because the functionality is in core now. That's good.

  • github is your friend. We end up forking a lot of modules and issuing pull requests to them. If they don't accept it's a shame because we then will have to keep our version up to date with their fixes. We prefer to fork, fix, pull req and then switch back to their version when accepted.

  • architecture is the most important problem to solve. We use rackspace cloud hosting and they provide cloud load balancers which helps a lot. Beyond that, we make use of a consistent hashing module to spread memcache data and load evenly. But for any large application you'll quickly find that you can't just keep it all on one fat box, and you'll need to think the architecture out avoiding single points of failure.
u/adamzx3 · 5 pointsr/javascript

I can definitely relate, this sounds just like me last year! I've done things the hard way and it took me 5x longer. I also prefer screencasts to books. I always need to create a project to solidify those fresh skills, otherwise they'll be gone in a month. Also tutorials for things like Backbone assume you know how to use jQuery, Underscore, and things like REST, and JSON responses... this can quickly get confusing if your not familiar with all of these. My largest regret is not building enough practice apps in the last year. I really should have applied more by doing, instead of staying in the theoretical world.

Here are some insights that i've made and the courses/tuts/projects that helped me the most:

Learn the language first:

u/jhaddix · 5 pointsr/netsec

Hi Pandas_sniff! (love the name) I’m a firm advocate of the Web Application Hacker’s Handbook. I think if you look at the reviews for version 2 i’m probably one of the featured ones. It really is all encompassing for most of what application security testing should start out as. It does suffer from being a textual reference though (a snapshot in time), so I also commonly recommend learning from the OWASP Testing Guide v4 as it has frequent wiki-like updates. I could spend all day talking about resources for learners! There are some excellent (free) videos by Jeremy Druin on using Burp Suite and application testing, I absolutely love and all of their exercises, and Sam has written a very good guide on getting started in bounty work

As for how effective these resources are “out of the gate” i think they are tremendously helpful. For example, using the above resources i’m sure any apt student of them could identify IDOR’s or basic injections. Over time these skills become second nature and free up the tester to focus on newer, cutting-edge hacks/technology. Hope that answers the question =)

u/CaulkParty · 5 pointsr/InternetIsBeautiful

The actual link OWASP Top 10 2013. This list is in the process of being updated so the information isn't exactly accurate anymore.

For more in depth reading I'd suggest The Web Application Hacker's Handbook. Also check out /r/netsec for a good discussion platform.

u/Pardon_my_dyxlesia · 5 pointsr/hacking

I was personally recommended by my mentor Hacking: The Art of Exploitation, and The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws
Also some companions sent me some readings on index articles. I'm not so sure of the titles, but just browse around.

u/GregFoley · 5 pointsr/learnjavascript

Forget that other stuff for now and just get Head First JavaScript Programming. It's the droid you are looking for.

u/axvk · 5 pointsr/webdev

Head first books are really good except you should get the up to date version.

I read that javascript book back in the day and i definitely liked it. I'm not sure what's different in the new one but with programming it's always good to be up to date. If you can't get it then this one will do. Everything in there still works and javascript still has pretty much the same idea as in that book.

u/WIKiMescudi · 5 pointsr/digitalnomad

For me the best why to learn is by doing.I started with a little app idea I wanted to build and jumped into sites like to learn JavaScript and html sintax.

I mixed the courses with step to step progress for my idea.

Once you have your first app and learn the sintax you can switch to topics like ObjectOrientedProgramming. Buy a pair of books and start another more complicated project. Try this bookÅMÅZÕÑ&qid=1527450273&sr=8-1&pi=AC_SX236_SY340_FMwebp_QL65&keywords=head+first+javascript&dpPl=1&dpID=51qQTSKL2nL&ref=plSrch

Once you complete two projects you will be prepare to learn cross skills like version control(git), building process (webpack), console commands and IDE (webstorm).

That was my path before my first fulltime job. Working with other developers, work following two-eyes techniques and read tons of code from others will be a huge step un the process.

In only two years I became a senior software developer in one of the cooler companies I met.

Hope you have the same luck as I did.
Any help you need just tell me!

u/curious-b · 5 pointsr/Bitcoin

That's what The Internet of Money is for.

u/togoshige · 5 pointsr/Bitcoin

Everyone should read "The Internet of Money" by Andreas Antonopolous

"While many books explain the how of bitcoin, The Internet of Money delves into the why of bitcoin. Acclaimed information-security expert and author of Mastering Bitcoin, Andreas M. Antonopoulos examines and contextualizes the significance of bitcoin through a series of essays spanning the exhilarating maturation of this technology."


Amazon (Paper, Ebook) (Bitcoin)

iTunes (Audio)

Github (Free)

Youtube (Video)

Tinkerers Anthem

u/wat_waterson · 5 pointsr/AskNetsec

See if you can get it used, but this book is well worth it. Giant book, wouldn't go cover to cover unless you wanted a sleep-aid, but great as a reference

u/itsfortybelow · 5 pointsr/networking

Good advice here. I also recommend Todd Lammeles CCNA book after you've done the Network+. Download GNS3 for playing around.

Also, start using Linux now if you haven't already. Debian, Ubuntu, or CentOS are fine to get started. The majority of network gear is running some flavor of Linux these days. Get comfortable doing things from the command line.

As a reference book, I recommend this:

u/UnknownBinary · 5 pointsr/Malware

Practical Malware Analysis talks about how to set up a relatively secure analysis environment.

u/healydorf · 5 pointsr/cscareerquestions

As far as engineering practices are concerned: Clean Code, Clean Architecture. A secure app/arch is one that is well understood long after you've stopped working on it.

DefCon has a reading list:

If you're looking for a starting point, I'd suggest The Tangled Web. Web/browser security tends to be a good high-level starting point.

You asked for books, but I'd highly suggest participating in some CTFs.

u/korben996 · 5 pointsr/ApplyingToCollege

My advice? Enjoy your summer. It's one of the last times in your life that you'll genuinely have very little to no responsibilities. The field of CS is very much about learning on your own as an autodidact, so if for some reason you're getting bored doing teenage girl things there are plenty of resources out there to learn CS topics from.

I would focus on these rather than a formal, guided summer program because in your CS career you're likely not going to have the opportunity to have a guided internship every time you need to learn something new. Not to mention you're going to have a hard time finding an internship as a prefrosh since even freshmen/sophomores are looked over in favor of more experienced candidates. Some of these sites I've listed below offer certificates of completion, especially the MOOC-type courses, if for some reason you need vindication of your efforts. Lynda I believe offers their entire collection free through many local libraries. If your local library doesn't have a relationship, try other libraries in other counties or parts of your state.

Other than that, do your best to absorb as much programming knowledge as you can as it will be immensely helpful in your studies. As you learn, try to learn what really interests you in the field of CS (cybersecurity, machine learning, AI, robotics, data science/databases, or maybe you just turn out to really, really like coding) so you can make it a specialty. The field of CS pays enormous dividends when you specialize into things. It's these types of niche consultants that can demand $100-200/hr and get handsomely rewarded.

Oh, and think about subscribing to these subreddits, you might find them useful:


If you enjoy programming:

u/JasonCarnell · 5 pointsr/AskNetsec

Part of me wants to say just do it. The course starts at a beginner level, but bear in mind that most people, myself included spend between 2-4 weeks of the precious lab time doing the course. Unfortunately there is no way to get the course material ahead of time, so factor that in when choosing how much lab time to prepare.

Having said that, I highly recommend reading Georgia Weidman’s book prior as this covers a lot of the same material as the PWK and is a great way to prep for the coursework so some of the ideas presented are not completely new to you

Depending on your ease with programming, you may want to bone up on some python fundamentals as well. I did about 1/4 of this Udemy course before starting

Here’s a great guide from Abatchy on OSCP Prep, although a lot of the stuff he discusses in the guide are covered in the OSCP course

There is also a YouTuber named IPPSEC that does video walkthroughs for retired Hackthebox machines. some of the machines are very CTF like, so Just watch the OSCP Like ones in this playlist.

Finally, if your willing to shell out some money, 30 days on is a great way to practice. Their course is very OSCP like and a good way to jump right in.

Of course Hackthebox is always a great resource to practice your pwnage skills.

Don’t feel like you have to do ALL of this before the OSCP, the list I gave is pretty much every resource outside of the PWK course I used to pass the exam.

If you only did one thing before you start the course, Definitely read Georgia’s book. Everything else can be used in conjunction with the course if you need extra help.

There is also an active discord channel for PWK students, use it!

u/recrudesce · 5 pointsr/HowToHack

Came here to say the same thing; you don't NEED Kali to pentest, it's really mostly used because it has a lot of tools already included. You can test from a Windows box if you really wanted to.

Kali won't magically make you a pentester, nor will it teach you how to be one as it's just a bundle of tools - there's no tutorials included with those tools. Read Hackers Playbook 2 and Penetration Testing: A Hands-On Introduction to Hacking and do some vulnerable VM's from places like Vulnhub

u/5960b35c · 4 pointsr/linux

Glances is a very nice example of a good python code base and project structure. An excellent demonstration of the a "proper" way to package a standalone python application.

It does, as the name suggest, only provide a "glance" into how the system is doing. For a deeper dive in monitoring check out Brendan Gregg's posts and guides, .

He also has a book which I consider one of the most up to date and best on the topic of monitoring:

u/LaMaPuppy · 4 pointsr/computerforensics

Aside from SANS FOR508 (the course on which the cert is based) the following helped me:

Windows Registry Forensics

Windows Forensic Analysis Toolkit 2nd ed

Windows Forensic Analysis Toolkit 4th ed

The 2nd edition covers XP, the 4th covers 7/8

Digital Forensics with Open Source Tools

File System Forensic Analysis

This is a new book, but I imagine it'll help as well:

The Art of Memory Forensics

I read many of these in preparation for taking mine, but your best resource are the SANS class/books which is what the cert tests after. Having a good index is key.

There may be other classes out there that might help, but I have no firsthand experience with them, so I can't say what I recommend. All the above books, however, are amazing. Very much worth your time and money.

u/CSMastermind · 4 pointsr/learnprogramming

I'd suggest you should pursue software development as a career path. Once you're working full time as a developer it will be much easier for you to move into a .NET role if you choose.

The career market can be hit or miss. There are plenty of jobs using those technologies but they're less ubiquitous than say Node or Java.

In terms of keeping up your skill, Pluralsight has some amazing content. And I'd recommend these books:

Design Patterns in C# - probably the first book I'd read.

CLR via C# - In-depth, targeted at professional developers, and absolutely crucial for anyone doing it professionally.

Agile Principles, Patterns, and Practices in C# - Will help get ready to work on a professional software development team with a slant towards Cc#.

Pragmatic Unit Testing in C# with NUnit - Also important for working as a professional C# developer.

More Effective C# - Is more of a specialist read. Might be helpful after you've worked for a year or two.

Framework Design Guidelines: Conventions, Idioms, and Patterns for Reusable .NET Libraries - Is better suited for a technical lead or architect. But could be useful to keep in your back pocket.

u/FaceDownInThePillow · 4 pointsr/cleancode

I would refer you to Framework Design Guidelines, Krzysztof Cwalina. It's an awesome book that deals with best practices. It will not help to learn .NET or C# or VB or whatever, but will provides usefull guidelines about general design principles.

Chapter 3, is Naming Guidelines. Part 3.2 is General Naming Convention. A lot of specific point are approched and you have Brad Abrams, Jeffrey Richter, and others known programmer giving their opinion on each point. Extremely informative !!

Here's one excerpt, among many many more.

> AVOID using identifiers that conflict with keywords of widely used programming languages.

> JEFFREY RICHTER : When I was porting my Applied Microsoft .NET Framework Programming book from C# to Visual Basic, I ran into this situation a lot. For example, the class library has Delegate, Module, and Assembly classes, and Visual Basic uses these same terms for keywords. This problem is exacerbated by the fact that VB is a case-insensitive language. Visual Basic, like C#, has a way to escape the keywords to disambiguate the situation to the compiler (using square brackets), but I was surprised that the VB team selected keywords that conflict with so many class library names.

EDIT : Refering to sanity's post earlier, it is the second point in part 3.2.1 of the book :

> DO favor readability over brevity. The property name CanScrollHorizontally is better than ScrollableX (an obscure reference to the X-axis).

u/haroldp · 4 pointsr/selfhosted

I've been self-hosting DNS for decades. It's totally doable. Reading the grasshopper book wouldn't be a terrible idea.

I finally got off BIND and would encourage everyone else to do the same. I'm using PowerDNS and NSEdit to manage records.

I use a free service as a slave for my secondary DNS server.

u/totallygeek · 4 pointsr/networking

The O'Reilly DNS books are great. I highly recommend the BIND and DNS book.

u/checksinthemail · 4 pointsr/webdev

Preface - you have missed years of development in an area (web client front end coding). It's advancing so fast the rest of us can barely keep up. I'm serious - seems like every day there's something new that would take me multiple days to learn well.

See the "Web Development Timeline"

Moving beyond the standard HTML5/CSS3 stuff, I spent part of my evening compiling this list. It's incomplete and some stuff is opinion. WMMV. If you were helped, well, buy me a beer someday :-)

  • JS got real popular. Catch up on the current terminology used.
  • ECMAScript/ES5 language extensions
  • ES6 ("Harmony") extensions - coming soon; some already here. The current working draft of ES6 as PDF
  • Exhaustive list of Micro-libraries
  • HTML5 shims, ES6 shims, Lazy loaders (require.js), Modernizr... It's overwhelming, please see Daily JS for an exhaustive roundup of libraries/frameworks as they are released.
  • Underscore.js for functional programming niceties
  • The myriad client-side MVC frameworks - (Backbone.js, Ember.js, Spine.js, etc.)
  • Stratospheric rise in the goodness of webkit. See Peter Beverloo's blog for weekly reports of WebKit new features added.
  • Douglas Crockford's JavaScript: The Good Parts was a huge hit - this always comes up in interviews.
  • IE9 and IE10. IE9 did border-radius, SVG, and added a faster JS engine. IE10 (only for Windows 8) adds CSS gradients, 2D/3D(?) transforms, CSS transitions (and animations now I'm told?)
  • Opera is now on versions 11 and 12 - and it still rocks. Here's what's new in the development snapshots from their blog. I'm a fan since long ago, it's nice to see them continue to remain competitive with the 'larger' browsers.
  • Firefox is now on versions 12 through 14.
  • Chrome is now on versions 18 through 20.
  • JSLint is now integrated in some editors (I love it in notepad++) and JSLint begat JSHint, which is sold as "kinder, gentler"
  • Web Workers (aka JS threads)
  • Web Sockets API
  • WebGL See the 3-D dynamic terrain/bird demo - awesome!
  • Death of rule, takeover by Daily JS and BadAssJS (IMHO)
  • Inline images expressed in data/uris which are base64 coded) eg: IMG SRC="data:image/gif;base64,EEEEEEBASE64JUMBLE" online image encoder
  • LESS and Sass - better CSS with variables, macro expansion, etc.
  • calc() in CSS3 Really new - chrome nightlies and firefox supports. If you remember way back when, IE 5.5/6.0 had a similar but poor performing feature called CSS expressions
  • INPUT TYPE="COLOR" and "DATE" should now work well, and have in-browser helpers for selection.
  • CSS3 display:flex-box
  • CSS Gradients/Animations/Transitions see this slidedeck/demo
  • CSS3 Shaders/Filters. Shaders are really really new (as in: last week) as far as implentation in a browser. I'm psyched about creating some vertex shaders (.vs files) for effects.
  • Local Data Stores (4k cookie - bah!)
  • Mobile browser coding: events for swiping screen, etc. see jQuery Mobile, Sencha touch.
  • Node.js based on Chrome's V8 JS interpreter (I know; you know...)
  • Coffeescript (I know you know, I included for completeness) The JS to Coffeescript is also interesting.
  • DART. Google's JS-like language for those who like classical Java/C++ oop style - they even have a version of Chromium for Mac which has DART native. Else it transpiles to JS, like Coffeescript does.

    If you didn't click on any links above, well, for shame. There's some good important stuff up there. Below are a couple websites that I think are must-sees, as far as demos of the recent html5/css3/bleeding edge, and news/informational blogs I read daily or weekly... Most were listed above!

  • CSS3 Click Chart
  • HTML5 Rocks!
  • Learning threejs/tQuery (WebGL)
  • Bad Ass JS

  • W3C's blog on CSS
  • Daily JS - - news on libraries and node, mainly
  • Steve Souder's blog on high performance web sites. He wrote a couple books too that are very good.
  • Peter Beverloo's blog discussed what's new in this week's WebKit/Chromium builds.

    Stuff I didn't include, and am going to leave as an exercise to the reader:

  • Vibration API (for tablets, phones)
  • Battery status API
  • CSS3 image-set (download different quality/resolutions depending on capabilities)
  • Video element stuff - Hollywood's next blockbusters may be edited over the web.
  • Speech API - see Peter Beverloo's blog and W3C...
  • Audio - there's some full on audio mixers and synthesizers out there now
  • Web Inspector in Chrome
u/fajitaman · 4 pointsr/learnprogramming

The usual advice is "get out and program!" and that works, but it can be very tricky coming up with something to write that's also satisfying. The idea is that you learn best by doing, and that many topics in programming can't really be learned without doing. All that stuff is true and I'm not denying that at all, but some of us need more. We need something juicier than spending hours configuring a UI for a project we couldn't care less about. It shouldn't be an exercise in masochism.

I guess what I'm saying is that there are a lot of ways to learn to write code and books are great if you can really sink your teeth into them (a lot of people can't). Code Complete is a great book on the practice of programming. You also say that you "get" OO pretty well, but it might open your eyes to read up on design patterns (e.g., Head First Design Patterns). You have a long way to go before you really get it

In addition to those, you could delve deeper into your languages of choice. There's no way around JavaScript if you're a web programmer, and a book like JavaScript: The Good Parts is pretty enlightening if you've got some experience in JavaScript already. It's a pretty interesting and unusual language.

But sometimes programming is about building gumption, so instead of just being practical, try to figure out what you like about computers and keep going deeper into it. If you have an interest in computer science and not in just building apps, then something like Structure and Interpretation of Computer Programs could instill in you an enthusiasm for computers that trickles down to everything else you do. If you're more interested in web design, there are probably similarly interesting books on artistic design principles.

I think what I'm ultimately saying is that you should find what you enjoy doing and just go deeper down the rabbit hole, getting your hands dirty when it's appropriate and interesting.

u/jellatin · 4 pointsr/javascript

This is kind of a side-answer, but it looks like you are just compiling a list of things that are super popular at the moment.

> React.js with Flux seems more hot than all other frameworks

What concerns me is that you seem to not be concerned with what is the best framework for your project(s), but rather what is "hot".

For a long-term career I would recommend focusing on improving your understanding of concepts and theory that these ever-changing tools are built on rather than trying to chase what people think is cool.

The people who spent time learning JavaScript rather than simply "mastering" jQuery were in a significantly better position when client-side frameworks came out because they knew the underlying concepts.

If you haven't mastered these things yet, I think they have more value than most of the list of specific tools I see listed:

u/reversekilled · 4 pointsr/programming

Perhaps you should learn something about the language first? It has its good parts and its bad parts and its really bad parts. This book is a great place to start.

u/pacificano_au · 4 pointsr/learnjavascript

I have recently read this book. I didn't like it at all. Just to give you an idea of my skill level, so you can compare it with where you are at, I've been doing HTML/CSS/Javascript for over a decade. My Javascript skills though have been more script line by line style as opposed to OOP intermediate level stuff. So I bought this book look to increase my Javascript skills.

While the book says its HTML5 with Javascript programming, it doesn't really cover the basics very well for either, even saying you should be familiar with both before reading it. At the same time, it spends half the book, quickly covering the basics, in such little depth, I would struggle to understand who its for.

The second half of the book, just spends one chapter at a time going over the various HTML5 APIs and how to use Javascript with them. For a 600 page book, there is so much fluff here, its unbearable. Its a really poor book. Its not for beginners, but its probably too simple for intermediates.


If you need to know HTML/CSS I'd highly recommend

You'll want to install Sublime Text to do your work in it.
You'll want to create a Github account and download the client and learn how to version control.

After you've done the HTML/CSS book. I'd recommend learning about SASS from DevTips

You can install CodeKit to make compiling it easier.


For Javascript, I recommend "A Smarter Way to Learn Javascript"

It's a really good, QUICK, and straight to the point book on beginner Javascript. ~250pages

Then... If you want to round it out, I'd recommend Head First Javascript Programming While being full of fluff, as is Head Firsts way, is a much better book than their HTML5/JS one. With a lot of great examples ~600pages

After that, I'd recommend Learning Web App Development ~300pages which will start to introduce the full javascript stack to you.


I hope that helps mate.

u/schm0 · 4 pointsr/learnjavascript

Three resources you may want to check out: for group studying and asking questions, the #learnjavascript channel on IRC (info in the sidebar)and Head First Javascript Programming for a very common sense approach to Javascript.

u/aaarrrggh · 4 pointsr/PHP

Cool, well if you're serious, this is a very good book:

It can be a little dense at times, so I'd read it carefully and definitely try out some of the examples as you go along with it.

For me, the whole OOP thing didn't really 'click' until I understood the real usefulness behind interfaces and abstract classes (basically, polymorphism). It's something that I just didn't get, and I'm talking about having been using classes and objects for over a year without understanding why an abstract class would ever be a good thing.

Polymorphism is one of those things that I'd read about before but just couldn't quite "get". It's one of those things that I just didn't click with until I came across a problem in a real world situation that could benefit from it. I had a go with it and suddenly a whole new world opened up.

So here's the problem: I was asked to output csv based reports from our system at work. It was clear from the initial meeting that there would probably be other reports coming in the future, and some of these might be in different formats such as json or even excel.

Here's where some of the key differences between OOP and the traditional (almost always messy and unorganised) PHP mentality really come to shine.

Instead of explaining the underlying theory behind it, let me show you the end result first:

I ended up with a system that could create new reports really easily. As soon as a new report was created, it was INSTANTLY available in csv, json or excel format, and I had an absolute guarantee that adding a new report would not break anything in my existing system.

Here's some typical use cases:

  1. Create a daily summary report in csv format:

    $report = Library_Factory_FinancialReports::create(Library_Factory_FinancialReports::DAILY_SUMMARY_REPORT);
    $writer = new Financial_Report_Writer_Csv();

  2. Create the same report in json format:

    $report = Library_Factory_FinancialReports::create(Library_Factory_FinancialReports::DAILY_SUMMARY_REPORT);
    $writer = new Financial_Report_Writer_Json();

  3. Create a monthly financial report in excel format:

    $report = Library_Factory_FinancialReports::create(Library_Factory_FinancialReports::MONTHLY_FINANCIAL_REPORT);
    $writer = new Financial_Report_Writer_Excel();

    Do you see how easy that is?

    This is achieved through polymorphism and abstract classes.

    Whenever you want to create a new report, you simply create an object called a 'ReportReader'. This object ALWAYS returns it's final data in a set format, so the writer objects can understand them. They will always be compatible. For this reason, I can write a writer object just once, and so long as it works, it will work with all reader objects, and vice versa. I want to create a new format for my reports? Just create a new writer, and once it's finished, ALL reports will become available in that format. Want to create a new report? Just create a new ReportReader object (this object is what is set to the $report variable above - it's returned by the Library_Factory_FinancialReports::create() factory method), and this report will instantly be available in ALL formats that are available in the system - and even better, it will never touch any existing code (except to add a couple of lines to a switch statement in the Library_Factory_FinancialReports::create() method to return the correct ReportReader object).

    I can test each class independently and I can add and remove things with ease.

    This is due to polymorphism.

    I can explain it a bit further if you want... It basically comes down to thinking about problems in a more abstract way, and then working out a common interface that can be guaranteed between all objects...
u/farsightxr20 · 4 pointsr/PHP

I'd suggest finding a newer book as soon as you can. This example is riddled with bad practices, and it's best to avoid forming bad habits instead of trying to break them later.

Some things that jump out at me:

  1. The shut-up operator (@) shouldn't ever be used. It's slow, and makes debugging a pain in the ass.
  2. While using "or die()" might be adequate for a quick and dirty script, it's never a good idea to simply exit a program because an error has occurred. Look into Exceptions for error handling.
  3. The mysql_* functions are dated and shouldn't be used. Use instead PDO (with prepared statements) (highly recommended) or mysqli. Mysqli has procedural methods similar to the ones in your example, but you need to be careful to escape all of your user-inputted values with mysqli::real_escape_string or mysqli_real_escape_string

    My personal recommendation would be PHP 5 Objects, Patterns, and Practice, as it will teach you stuff you should know about programming in general, as opposed to simply PHP syntax.
u/dan000892 · 4 pointsr/netsec

Well TCP/IP is an entire protocol suite. In addition to IP, TCP, and UDP, it includes higher level protocols like HTTP (uses TCP), DNS (UDP more commonly than TCP), and ICMP (uses IP, not TCP or UDP).

My understanding is that it's called TCP/IP because those were the first protocols and everything else coalesced around/on top of them. Microsoft offers a pretty decent chart showing examples of the layering/encapsulation of the protocols in the suite here.

If you want to dive deeper, Steven's three-volume TCP/IP Illustrated is the de facto reference manual for the Internet -- though dated, it's still very useful and available for cheap used. Alternatively, No Starch came out with a tome of their own called TCP/IP Guide which I've heard a couple colleagues recommend.

u/19Kilo · 4 pointsr/networking

The TCP/IP Guide - It's a little dated these days and barely touches IPv6, but it's a good, quick look at a lot of the glue services that you will eventually need to understand and troubleshoot: DNS, SNMP, NTP, etc.

TCP/IP Illustrated, VOL 1 - Here's where we get into the nitty gritty. This shows you what is happening in those packets that cross the wire. Invaluable if you go onto doing Performance Engineering functions later on, but still good.

NMAP Network Scanning - NMAP is a godsend if you don't have remote login rights but you need to see what's happening on the far end of the connection.

Wireshark Network Analysis - Most useful tool in your toolbox, IF you can use it, for proving the negative to your customers. At some point you're going to be faced with an angry mob in Dockers and Polos who want to know "WHY MY THING NOT WORK?". This is the book that will let you point to their box and go "Well, as soon as the far side sends a SYN/ACK your box sends a FIN and kills the connection."

Learning the bash shell - You're a network engineer, you're going to be using Linux boxes as jump boxes for the rest of your life. Shell scripting will let you write up handy little tools to make your life easier. Boss wants to blackhole China at the edge? Write a quick script to pull all of the CN netblocks from the free FTP server APNIC owns, chop it up in sed and AWK, throw a little regex in for seasoning and you're done. And when he comes back in 30 days for an updated list? Boom, it's done even faster.

The vendor specific books are nice, but I can't tell you how many network engineers I've run across who couldn't tell me how DNS worked or how a three way handshake worked or couldn't write a simple script in Bash to bang out 300 port configs in 30 seconds. There are a shit ton of paper CCIEs out there, but those books up there will make you stand out.

u/Bilbo_Fraggins · 4 pointsr/metasploit

Man, look at this guy over here who thinks he knows something about metasploit! ;-)

Yeah, Metasploit Unleashed is a great place to start, and if you want more this book is basically Metasploit Unleashed 2: The Unleashening - Now With More Narrative.

If you still want more, you're probably better off with something like Pentesting With Kali that puts metasploit in its context and forces more hands on use or you should be prepared to follow the blogs for new features and read the source.. It's not that bad in there, really. ;-)

u/redhatGizmo · 4 pointsr/netsec

Are you talking about this book ?

u/PM_ME_YOUR_SHELLCODE · 4 pointsr/RELounge

Reversing: Secrets of Reverse Engineering - Is probably the most common book recommendation. Its an older book (2005) but its about as gentle as it gets in terms of the core concepts but its missing a bit due to its age (32bit RE only). I'd liken it to something like Hacking: The Art of Exploitation for exploit developers. Its a solid book, it covers the fundamentals but it'll take a bit more work to get up to speed.

Practical Reverse Engineering - This one is a newer book (2014) while it doesn't cover as many topics as the above book, its less dated in what it does cover, and it does cast a wider net covering things you'll see today like ARM and x64 instead of just x86. I tend to recommend starting with this book, using Reversing and the next book as a reference if there is a chapter of interest.

Practical Malware Analysis - While this one has more traditional RE introduction, where it excels is in dynamic analysis and dealing with software that doesn't want to be analyzed. Now, its from 2012 and malware has changed since then, so its age certainly shows, but again fundamentals remain even if technical details change or are expanded upon.

Practical Binary Analysis - This is the newest book of the list (December 2018). It wouldn't use it alone, but after you've gone through any of the above books, consider this an add-on. Its focus is on dynamic analysis and its modern. I'll admit I haven't read the entire thing yet, but I've been pleased with what I have read.

Edit: s/.ca/.com/g

u/glghglg · 4 pointsr/programmingcirclejerk

web development is hard. This is not because it's retarded and unspecified, but because I am doing intellectually challenging innovative work every time I complete the rituals to work around CSRF and clickjacking, and setup some cross domain policy, maybe throw in 10K lines of CSS, etc, to make a chat app.

u/sephstorm · 4 pointsr/army

Buy this book. Get your security+. Where do you want to live when you get out and what do you want to do? You are not likely to jump directly into pentesting unless you move to VA/MD and even that is unlikely IMO.

After Sec+ get your CEH, eCPPT, OSCP, and GPEN in that general order. That will get you where you need to be to get seriously looked at. As far as what you should be doing in the meantime, SOC work is generally open to newbies while you study through the above. If you PM me with your timeframe and keep in touch I can probably help you out with jobs.

u/BlastedInTheFace · 4 pointsr/AskNetsec

No. If it were so easy, pentesters wouldn't get pais so much to do it. That being said, start here

u/cheeseboythrowaway · 4 pointsr/Python

Everyone writes their PoCs in python nowadays.

Here's an example of a really cool C2 toolkit using rpyc:

The rapid7 folks still use ruby for all their stuff (i.e. metasploit) but building your own tools is totally the way to go.

This book is a great intro to building security tools in Python:

u/pheonixblade9 · 4 pointsr/androiddev

I highly recommend Hello, Android 3rd edition by the Pragmatic Programmers. It gives a good introduction with very few assumptions, lets you program something cool right away, and has the perfect pace. It's what I used to learn less than a year ago, and now I'm a mobile software dev at a great company.

u/fullstack_info · 3 pointsr/servers

Lol, im sorry man (or woman), but you're gonna have a tough time getting specific answers to extremely vague questions, let alone enough detail here to write an actual research paper. No offense.

I'm not sure if you're in college/university, or high-school and want to just get into IT, but this is a profession of specifics, but you should know now that all manner of it engineering disciplines, whether it's systems, network, or software, all deal in specificity.

There are literally hundreds of tools used and thousands of technical documents (publicly available, look up RFC papers) that cover this. If you want one good recommendation, it would probably be:

Systems Performance: Enterprise and the Cloud

I have it on my desk at work and I work as an SRE for a large SaaS company (not gloating, just to let you I'm not just spewing nonsense). It's mostly focused on *nix systems but touches on Windows stuff a bit as well. For windows, you can look up the SysInternals Suite of tools they have available for free. It gives all the info necessary to monitor a hosts various stats, including processes trees, Cpu, gpu, mem, and disk i/o, including paging, dll handles, tcp connections, etc.

I'm not trying to be a dick here, but this isn't really the type of thing you can gloss through a Wikipedia article and write a full-blown research paper on in a night (unless it consists mostly of citations from other white papers). People literally spend their entire professional career learning this, it can't be learned in a cpl days. That being said, if it's for high-school or somewhere it won't be scrutinized too harshly, you can probably use a kindle, or the online version of the book I referenced above, and skim through it. It's pretty thorough, and if I had to pick one reference, that would be it.


u/lazyant · 3 pointsr/linuxadmin

You may want to study this book: "Systems Performance: Enterprise and the Cloud" by Brendan Gregg

u/4n6Pi · 3 pointsr/computerforensics

Check out Brian Carriers book on File System Forensics, He has three chapters dedicated to NTFS.

u/markdoubleyou · 3 pointsr/csharp

As others have mentioned, writing code is the best way to get exposure. But if you're a book guy like me then there are a lot of option out there that'll accelerate the process. You'd be insane to read all the following--these are just starting points that can accommodate different interests/tastes.

Having said that, I'll start with the one book that I think every C# developer should own:

Framework Design Guidelines: Conventions, Idioms, and Patterns for Reusable .NET Libraries

... it's a good read, and it includes a lot of direct input from the designers of the C# and the .NET Framework. Microsoft has been really good about sticking to those guidelines, so you'll immediately get a leg up on the Framework libraries if you work through this book. (Also, you'll win a lot of arguments with your coworkers about how APIs should be designed.)

General knowledge books (tons to pick from, but here are some winners):

u/whitedsepdivine · 3 pointsr/csharp

I recommend this book to everyone who writes C#: Framework Design Guidelines

I have read it 6 times, and know every detail in the book. I am now absolutely a top tier expert in c#. (I have had roles such as Lead Architect for multiple 1/2 billion dollar projects.) Whenever anyone asks me about how I got so good, I always say this book was what started everything for me.

Read it to understand it. If you do not understand something, research the topic, write test apps and spend your time on figuring out what it means.

The book is a bit outdated, as some topics have changed. For example c# now has variance built in and there is no longer a need for mimicking it.

Additionally, a tool like ReSharper follows the Guidelines outlined in that book, and adds too it. So having ReSharper, and spending the time to understand it's warnings will be additional help.

These two resources will help in specifically C#. Additional frameworks such as MVC is touched on, but not explained in detail. I although feel that understanding the language will help you pick up how to use frameworks.

u/_pupil_ · 3 pointsr/dotnet

It's somewhat dry, but IIRC the .Net Framework Design Guidelines book (, had some really solid advice - though it's also aiming at a larger domain than just solutions.

Generally your libraries should reflect your points of re-use and architectural or license/copyright separation.

u/ShaneKaiGlenn · 3 pointsr/politics

Read The Shallows:

"Building on the insights of thinkers from Plato to McLuhan, Carr makes a convincing case that every information technology carries an intellectual ethic―a set of assumptions about the nature of knowledge and intelligence. He explains how the printed book served to focus our attention, promoting deep and creative thought. In stark contrast, the Internet encourages the rapid, distracted sampling of small bits of information from many sources. Its ethic is that of the industrialist, an ethic of speed and efficiency, of optimized production and consumption―and now the Net is remaking us in its own image. We are becoming ever more adept at scanning and skimming, but what we are losing is our capacity for concentration, contemplation, and reflection. "

u/codename_john · 3 pointsr/webhosting

This helped me grasp the whole DNS thing:

u/michaelp983 · 3 pointsr/javascript

I feel like this is a classic book for javascript programming. Even though it is very opinionated (parseInt), but none the less it is a great reference for quirky behavior of JS. Seconde watch this: <-- Just a great list of really silly behavior of JS!

One last thing, make sure you review how CommonJS works:

u/JohnaldTheRobot · 3 pointsr/web_design

To be honest you should learn JavaScript first before going on to jQuery.

O'Reilly books are very good programming books and highly reccomended. However if you know how to code a little in any language and you just need to know the basics then I reccomend "JavaScript: The Good Parts". I have this book and it's extremely useful.

If you want a nice introduction to jQuery I'd suggest the screencast on

Good luck on learning javascript :)

u/magenta_placenta · 3 pointsr/web_design

Pro JavaScript Design Patterns

JavaScript Patterns

High Performance JavaScript

Object Oriented JavaScript

JavaScript: The Good Parts

Everyone loves to swing from Crockford's nuts, but I found this book a little hard to read. I lack a CS background and I fully admit I need to re-read this book as last time I read it was beginning of 2009

JavaScript: The Definitive Guide 6th Edition

I just ordered this yesterday, the 5th Edition is the book that really kicked it off for me back in 2005.

jQuery is cool and all (as are all the other libs) but you should try to learn core JavaScript as much as possible.

u/hhustlin · 3 pointsr/javascript

Just out of curiosity, what's the perceived benefit of logging every page in your history as a QR code of all things?

As for language - Chrome extensions are JavaScript, so if that's what you want to do, learn that. If you're looking for the very basics, Codecadamy is a good place to start. Beyond that, you're on your own (but maybe pick up a copy of the Good Parts )

u/Chesh · 3 pointsr/javascript

It's a design mistake in the language itself, there are quite a few of them. I recommend Douglas Crockford's JavaScript: The Good Parts, he goes into a lot of good practice work-arounds for the pitfalls of the language.

u/BesottedScot · 3 pointsr/Scotland

I think you're going to suffer too much with broad strokes. All of the things you've mentioned have their own usecases really. You should focus on one of them and learn it before deciding whether you want to try another.

Although, you can also just do 'X vs Y' for all of those things you've mentioned and see articles on the differences between them as well as what they actually do.

Before you start any of the learning on any of those things though, you should definitely take one or two JS courses. Code School, Code Academy, Udemy all have great courses on Javascript. A couple of books I'd definitely recommend are Clean Code and Javascript, the Good Parts, I'd say these are ubiquitious and essential reading for any developer looking to get better.

Less and Sass are for doing stylesheets better. They basically introduce programming concepts like functions and variables into CSS.

Gulp and Grunt are task runners. Tests, minifying, linting and live previews can all be done with them.

Angular and React are basically front end frameworks built with flavours of JS. They introduce OO concepts into javascript and the MVVM/MVC way of working for the front end. The are markedly different from how they do things.

With the other things, there's basically a wealth of information for them.

Needless to say, you have a lot of reading and practicing to do. Luckily these days there's lots of examples and documentation for every one of the things you've mentioned.

u/Riobe · 3 pointsr/videos

So, everyone has different learning styles and there's no completely "best" way to learn something. Here's a couple suggestions on how I'd recommend starting:

  • The simplest starting point would be to follow an online tutorial. It's been too long since I learned my first bits of javascript, so I don't remember what I used, but after a bit of looking, this one looks decent: EDIT: Like /u/HothMonster recommended, I've heard good things about CodeAcademy. A friend went their their javascript course and found it useful. Haven't done it myself, but worth a look too.
  • Are you the type that'd like a book to guide you through? There's one that I read and loved while I was learning: Javascript: The Good Parts. If you google it, there's a PDF in the top few results too, but I have no idea if that's legal or not.

    Using tutorials or a book, get a basic start going. Once you have a little bit of HTML/JS knowledge going so that you can make a index.html file and have it load a javascript file that does anything, like log to the console, then you're started. Go through a tutorial/book to get a bit more understanding and then.... build something.

    It's hard to choose a topic, but try to find something that you're interested in. Then work on making it. You'll learn an incredible amount by doing it. Don't try to master the language first, just make something with it. Then you can ask specific questions about the parts that you're having trouble with and it will help guide you through it and people will generally be willing to help someone that's working.

    Plus, getting help is easier when it's a specific use case that someone can help with vs. "Please teach me everything about this language" because even those of us that have worked with a language for quite a while often don't know all of it. :P
u/Zapurdead · 3 pointsr/cscareerquestions

Closures are actually a somewhat important concept in Javascript. If you don't understand them then one day you'll probably get some weird this bug working with callbacks and you'll waste more time than you need to trying to figure out what's going on.

This is just my personal experience, but I felt that when I had a Javascript interview coming up I would always take some time to review this book:

It's worth it to read in my opinion, it covers pretty much everything you would probably be asked in a Javascript interview, and it's very short.

It helps me a lot with Javascript stuff. The other stuff, like the Java stuff, you could probably just google it. There's a standard set of OOP questions that interviews just like to ask all the time.

u/DeadEyeDev · 3 pointsr/gamedev

Also, check out the book Javascript: The Good Parts to really up your game with javascript. I don't really do html5 games, but I've heard this book recommended enough by people I respect.

u/theQuandary · 3 pointsr/javascript

Javascript: the good parts -- Amazon

Eloquent Javascript -- free ebook

Javascript Allonge -- free ebook

Eloquent Javascript is a great introduction to JS. The Good Parts teaches about what parts of JS to use and good coding practices (though some JS devs disagree with Crockford, every place I've worked that started implementing all his recommendations immediately saw reductions in code issues). Javascript Allonge is the greatest intro to functional JS that I've seen. These three will take you from beginner JS dev to intermediate JS dev. Practice will take you to advanced JS dev and reading lots of nuts and bolts blog posts will take you to JS expert.

u/ew73 · 3 pointsr/webdev

No, you're fine.

If you spend some time really working on that Javascript deficiency and lean to grok what's going on, you're going to be doing so much better than most out there.

Pick up Javascript - The Good Parts and start reading. Then watch this video and when you understand what the hell is going on, you're ready.

u/areinet · 3 pointsr/javascript

My suggestion, go read Crockford's book JavaScript: The Good Parts and/or the JavaScript section of his blog. A lot of people have some really strong opinions on whether Crockford is right or not, but simply reading his book will explode your JS knowledge in a big way. Its a quick read and then you can start having your own opinions on Crockford.

Also, as someone else posted here, go build something.

u/dmerrick · 3 pointsr/IAmA

Luckily, JavaScript is a pretty easy language to pick up. Personally, I'm partial to O'Reilly's "JavaScript: The Good Parts." It's a very good summary of the language :).

u/OolonColluphid · 3 pointsr/dotnet

And then read Javascript: The Good Parts which will tell you the subset of js that is actually sane.

u/soullessredhead · 3 pointsr/FreeCodeCamp

This one is pretty good.

u/tech-mktg · 3 pointsr/Frontend

Most of the answers already say to start learning JavaScript, which I agree with. I'd worry less about learning libraries, and start learning plain vanilla JavaScript. A good book if you're interested is JavaScript: The Good Parts. I'd then move onto jQuery, and from there you'll be able to get the gist of most libraries.

At our company, our front-end people all do JavaScript, although some of them started where you're at with backgrounds in just HTML & CSS. We have a lot of emails coded, which can't have JavaScript, so that could be a good fit for you if you're not looking to expand your skills.

u/j9461701 · 3 pointsr/slatestarcodex

I remember batch! That was the first programming I ever did, because my Star Trek games required me to kill explorer.exe before they'd load the colors correctly. So I just made a little file that I'd click on and it would turn on say Starfleet Command, turn off explorer, then wait for SC to exit and turn explorer back on. I was like...10 I think. Good memories.

Anyway, right now I'm reading Javascript: The Good Parts, while using notepad++ for coding the examples. I tried using code academy but I found it annoying and uninformative.

u/michael0x2a · 3 pointsr/learnprogramming

I've recently been collecting some resources related to learning different programming languages. It's a work in progress, and is still a bit disorganized, but the section on HTML/CSS/Javascript might be useful. Also, many of the links might be too basic for you, but several of them might still be useful.

In particular, I think [Eloquent JavaScript][webdev-eloquent] is a pretty good overview of JavaScript for people with prior programming experience. You might need to skim the first couple of chapters though.

The [Mozilla Developer Network][webdev-mdn] (MDN) also has a good number of resources that range from beginning to advanced that you can check out. MDN also tends to be very thorough and comprehensive, which is good. The section on JavaScript is here.

I also like a book called JavaScript: The Good Parts. It's a bit short, but I've personally think it's the least bullshitty guide to JavaScript I've read. Unfortunately, it focuses more on understanding JavaScript, the programming language (and all its quirks and oddities), rather then on practical application.


u/GrayDonkey · 3 pointsr/java

You need to understand there are a couple of ways to do Java web development.

  • Servlets & JSPs. - Check out Core Servlets and JavaServer Pages or the Java EE Tutorial. Note that I link to an older EE tutorial because the newer versions try to switch to JSF and not much changed in Servlets and JSPs between Java EE 5 and 6. I recommend learning Servlets and JSPs before anything else.
  • JSF - A frameworks that is layered on top of Servlets and JSPs. Works well for some tasks like making highly form centric business web apps. Most of the JSF 2 books are okay. JSF is covered in the Java EE 6 Tutorial
  • Spring - Spring is actually a bunch of things. You'd want to learn Spring MVC. If you learn any server-side Java web tech besides Servlets and JSPs you'd probably want to learn Spring MVC. I wouldn't bother with GWT or any other server-side Java web tech.
  • JAX-RS - After you get Servlets and JSPs down, this is the most essential thing for you to learn. More and more you don't use server-side Java (Servlets & JSPs) to generate your clients HTML and instead you use client-side JavaScript to make AJAX calls to a Java backend via HTTP/JSON. You'll probably spend more time with JavaScript:The Good Parts and JavaScript: The Definitive Guide than anything else. Also the JAX-RS api isn't that hard but designing a good RESTful api can be so be on the lookout for language agnostic REST books.

    Definitely learn Hibernate. You can start with the JPA material in the Java EE tutorial.

    As for design patterns, Design Patterns: Elements of Reusable Object-Oriented Software is a classic. I also like Patterns of Enterprise Application Architecture for more of an enterprise system pattern view of things. Probably avoid most J2EE pattern books. Most of the Java EE patterns come about because of deficiencies of the J2EE/JavaEE platform. As each new version of Java EE comes out you see that the patterns that have arisen become part for the platform. For example you don't create a lot of database DAOs because JPA/Hibernate handles your database integration layer. You also don't write a lot of service locators now because of CDI. So books like CoreJ2EE Patterns can interesting but if you are learning a modern Java web stack you'll be amazed at how archaic things used to be if you look at old J2EE pattern books.

    p.s. Don't buy anything that says J2EE, it'll be seven years out of date.
u/ManicComputer · 3 pointsr/css

Start by trying to understand the CSS and HTML on the sites you like going to. If you haven't already, become familiar with the F12 developer tools each browser provides. You'll want to get comfortable with them all because early on you will want to discover why your pages aren't looking the same in one browser to the next. Using the dev tools in the browser you can actually change the way the page is styled by literally changing the CSS in the developer tools. Or you can add styles as well which is GREAT when modifying your own site so you dont have to go back and republish it each time you make a change. IE's dev tools are actually pretty great. You can also simulate older browsers by changing the document/browser mode in the Emulation tab (this isn't perfect btw, but works well for the most part)

Next start using or and try to recreate some elements on a site you like. Do this daily, and do not get frustrated. By using the dev tools you can see how they used CSS to get the style you like, and the surrounding divs/spans/p/etc around it. You can also right click on the page and select "inspect element".

Codecademy is GREAT but one thing it doesn't do well is using real world tools since you are using their environment. You will learn far more by manipulating the dom in F12 or using JSFiddle/CodePen. Plus you can post a page you are working on in JSFiddle/CodePen to a forum like this one for help with what you are working on for a lot better discussion.

Another good site to keep in your toolbox is Can I use. This will help you with understanding which CSS can and can't be used for your specific browser support needs. One example that comes to mind is wanting to use text-shadow which isn't supported in IE9.

Because this is a post in a CSS sub, I'm not sure if you are going down the web developer route, but if you are, then continue reading. Otherwise, feel free to skip to the last paragraph.

Next you will want to move on to the final tool in your front end development toolbox you will want to master and that is JavaScript. Learn straight JavaScript first, and avoid mixing in jQuery until you feel like you have a great understanding of how JS works on its own. I believe the JS tutorial on Codecademy mixes jQuery early on, and if you are just starting out you may not realize the difference. Don't get me wrong, learning jQuery is almost as important as learning JavaScript, it's just important to understand it is a library for JavaScript, and as a framework has its uses and limitations. I really liked the JavaScript tutorial on Code School, so that would be a great place to start. It's not free, but I believe they have a free trial. Otherwise everyone will tell you JavaScript: the Good Parts and Eloquent JavaScript (which is online and free) are required reading.

After that you'll want to learn some of the more popular libraries and frameworks for CSS & JS, such as LESS, Sass, jQuery, AJAX, node.js, backbone.js, and Bootstrap to name a few.

After this, then you'll need to decide if you prefer to lean more to the designer side or the back-end developer side. Front-end developers are usually the bridge between the designer and back-end developer.

In my experience though, you fall in to either being an all-in-one or the designer who does front-end work. Learning designer tools like Illustrator and Photoshop will be helpful if you are asked to or need to create your assets. I actually prefer Fireworks (though I hear it is being discontinued) for creating quick assets I couldn't create with CSS instead of Illustrator because its a little less robust and for someone new its much easier to learn. Otherwise if you are going the back-end route you'll probably want to research which server-side language you want to start with like PHP, Ruby, Python, .NET, etc and then what database such as MySQL, MSSQL, etc.

The best advice I can give you though, is don't be a "master of none" web developer. Become a master at CSS before you move to JavaScript. Then become a master at JavaScript before you move to another language, or whichever language you choose next. When I started out I tried to learn CSS, JavaScript, ASP, PHP, jQuery, C#, AJAX, SQL, and a few others because I wanted to get started quickly...along with pressure from the company I worked at. You will get overwhelmed, burnt out, and start making mistakes, or even worse, not get to the bread and butter of the language you are trying to learn.

u/1092384756 · 3 pointsr/GrandTheftAutoV

Couple hours searching? Just google "GTA V General Lee reddit". The dukes isn't even in GTA V I think you meant the Vigero. I'm sorry for any miscomunication I don't think I said anything to lead you to belive I am with the police. If you really want to exile yourself from society then perhaps you could use a canoe and paddle out to an uninhabited island, I'd recommend getting one made of aluminum if thats within your budget. It'll take me a while to learn smoke signals, I'd have to attend classes or buy a book. I tried to include a few links so you don't have to spend a week trying to google anything I mentioned, but in case you need help this book could come in handy

u/vkmita · 3 pointsr/berkeley

Haha this.

u/davidthefat · 3 pointsr/learnprogramming

Google for Dummies

Realistically, way more information than you need.

u/larry_lol · 3 pointsr/Guitar

At least for a lot of the posters in /r/Guitar, I'd say Google for Dummies would be useful.

u/cquick97 · 3 pointsr/AskNetsec

Depends on what you want to learn.

Web Application Security?

Exploit Development?

"Pentesting" techniques?

Also check here for tons other of resources.

As for certs, if you are a beginner beginner, then probably stuff like Security+ and Network+. Unlike the guy behind me, I will never get, nor do I really recommend CISSP, unless you are going for strictly blue team (defense) work. I personally enjoy red team (pentesting, etc), so something like OSCP would be more useful.

Like I said in a post above, feel free to PM me with questions. I'm always happy to help others on their quest to learn more about the wide world of infosec :)

u/suicidalginger · 3 pointsr/HowToHack

I don't know how in depth you want to learn, how in depth determines our recommendations.

  1. Do you want to just find out if a site is vulnerable?
  2. Do you want to learn how attacks work and how the defenses to those attacks work?
  3. Do you want to get certified in security and make that a huge part of your resume?

    You sound like you want the second option.

    The key phrase for you is going to be "web application security". That is what security experts (and anyone in this industry) call it.

    For web application security there is kind of one master book that covers almost everything, The Web Application Hackers Handbook. I have the book siting right in front of me its about 900 pages and covers just about everything you could ever ask for. Also you'r going to want to get Burp Suite. You can install Kali linux in a VM and it has Burp Suite (recommended) or you can download the free edition for Windows from there website.

    Along with the book set up DVWA (there are hundreds of tutorials online on how to do that, hint use XAMPP.) or you can use the paid labs they mention in The Web Application Hackers Handbook. Also visit HackThisSite and other sites that offer web application security practice.

    So lets recap:

  4. Buy The Web Application Hackers Handbook.

  5. Setup DVWA.

    3.Visit sites that offer web application security challenges.

    By the end of that you should be pretty good at attacking web applications.
u/Kravego · 3 pointsr/AskNetsec

Get this book and go through it. A LOT of the crowsourced pentesting platforms have web application testing as their bread and butter.

And the other user who suggested it got downvoted for some reason, but further down the line you should go for GWAPT. I say further down the line because, like all SANS certs, it's expensive af.

Web app pentesting is the largest pentesting market around right now, so it's a good one to jump into. Good luck!

u/ArkionA · 3 pointsr/ITCareerQuestions

Absolutely love being a pentester and the cyber security industry. If you are willing to put in the time and study it can be very rewarding. CEH is a good step in the right direction and should open doors for you.
For entry level positions, pentesting is usually split into two areas, web application and internal/external infrastructure. It's good to have knowledge of both but it's worth choosing which area interests you the most. Personally, I specialise in web applications & API and there is a lot of online resources to help you. (As you have mentioned owasp top 10, I'll assume web apps is your interest)

The best way to learn a vulnerability and get a good understanding is to create vulnerable web pages (this also gives you something to take into an interview). I would suggest doing some basic LAMP stack (Linux, Apache, Mysql, PHP) - Don't let this put you off as it's actually pretty simple. If you can make a few vulnerable pages to display vulnerabilities, you will fly through entry level interviews.

it's really simple to do.. Here is a form that is vulnerable to cross-site scripting. (a few lines of php with some html)

<form method="POST" action="">

<p> <input type="text" name="xss"/></p>

<input type="submit">

$value = $_POST['xss'];
echo $value;

Reading Material:

Practical learning
DVWA (Damn Vulnerable Web App) - Purposely vulnerable web pages to practice exploiting.

Once you have a bit of experience have a look at hackthebox

u/3nvisi0n · 3 pointsr/HowToHack

I'd recommend checking out The Web Application Hackers Handbook:

Its a solid book that covers a lot of what you'd want to know. It does make heavy use of the free BURP suite tool which is a fairly standard tool for web pentesters. It doesn't do everything for you but it helps manual testing.

u/apt_snake_oil · 3 pointsr/singapore

I think very poorly of the cyber security courses offered (except NUS) in Singapore, as the things they teach are not aligned with the industry practices - either outdated or just not practical enough.

Having said that, if you have the time, I would suggest taking the SIT degree instead of the diplomas (waste of time IMO) and hopefully it provides you the fundamentals (programming, network and system administration) and be exposed to some other topics in cybersecurity.

If you are doing a career switch, I suppose you want to get up to speed fast by focusing on the need to have knowledge as a baseline. I would suggest taking the time to go through these stuff in details, setup your labs and practice the stuff


    Other wise, there are hands on courses and industry certifications that you can take online at your own pace and employers look out for such as:

  5. (eLearnSecurity is good because they have a progression path from student onwards )
  6. (I don't encourage going for this as a starter unless you already have some fundamental knowledge and skillets for system administrations but this is highly recognised in the industry)
  7. You can also go for SANS or what not, I think it's just too expensive for my liking.

    There is no one path to becoming a good pentester. However from my observations, folks who tend to be more in demands (with or without certifications/formal educations) are those who can display the ability to learn stuff on their own. This is an industry of skills and continuous learning. For employers that pay top dollar and provide time for training, learning and research, they are looking for folks who can display those stuff through actions.


    Source: Pentester
u/marxocaomunista · 3 pointsr/portugal

Faz VMs/CTFs em casa, lê o Web Application Hacker's Handbook. Depois candidata-te a trabalhos na área. That easy.


Não tenho mestrado nenhum na área de cybersec (tenho em telecom), e já vou no segundo ano na área sem nunca ter trabalhado antes.

u/Officer_Pedesko · 3 pointsr/Random_Acts_Of_Amazon

I need this book because I could really go for a laugh right now.

Buying a book is not about obtaining a possession, but about securing a portal.

u/peewinkle · 3 pointsr/IAmA
u/code_guy · 3 pointsr/PHP

Then PHP-5-Objects-Patterns-Practice is for you. PHP is know as a "kids" and "insecure" language, because so many people do php the wrong way. I'm not saying there is a right way, but there sure is a wrong one.

After reading first two chapters, learn a little about http protocol. Since you are programming in C i assume you have some knowledge with network programming and sockets, if yes it will be really easy to understand basics. If you didn't program with sockets, do that (it's really fun, you can create you own server, listen on that port and create a web application with C ).
After you get familiar with http ( pay special attention to POST and GET ) you can start working on home projects, learning HTML in the process ( it's really easy so i won't post anything about it here ) and using knowledge you used in first book to design a good app. Also manual is amazing, if unsure about something go there.

This is a proper way to do PHP, so you actually know what you are doing. If you want to just build web apps and don't care about anything ( and continue to contribute to myth that php is "xy" language ) do just that.

Protip: Go the hard way.

u/ephekt · 3 pointsr/networking

The TCP/IP Guide

The Illustrated Network

A bit dated, but pretty well respected:
TCP/IP Illustrated (There are 3 volumes)
You can find most of this info freely on the web though.

u/whiterhino1982 · 3 pointsr/navy

The Unix book is good, the first one has it's own merits but think more like this ...

Sorry for the whole url, I'm using my phone and heading into work.

u/nicklauscombs · 3 pointsr/netsec

best advice i can give is to start reading anything and everything you can get your hands on related to programming, operating systems, networking, security, etc......

a few books i'm reading/have read/on my list to read and all are excellent starting points:

BackTrack 4: Assuring Security by Penetration Testing (this book was just released and still relevant when using BackTrack5)

Metasploit: The Penetration Tester's Guide

Ninja Hacking: Unconventional Penetration Testing Tactics and Techniques

Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning

Gray Hat Hacking The Ethical Hackers Handbook, 3rd Edition

plenty of links to keep you busy for awhile:
Open Penetration Testing Bookmarks Collection

u/lortik · 3 pointsr/AskNetsec

I wouldn't say this a good training book as it's just a list of commands that can be used as a reference for those who already know what they're doing but need to job their memory.

I'd say look at Metasploit The Penetration Testers Guide or Georgia's book Penetration Testing A Hands On Introduction to Hacking to get started off.

u/StoveyJ · 3 pointsr/HowToHack

One option is to just jump in at the deep end. Buy this book - and follow along.

You might need to Google a few things you don't understand along the way but YouTube will almost certainly have a few 'explainer' videos for concepts you're not familiar with.

u/proverbialbunny · 3 pointsr/cscareerquestions

There are books specifically on the subject that teach you everything you want to know. eg,

I'd also recommend getting familiar with Linux. Most of the industry is beefed up sys admins / dev ops, that enjoy doing the more QA-like work of pentesting. It's not just knowing web pages, it's knowing the system too.

Also, go to security conferences.

u/maharajuu · 3 pointsr/oscp

There's a ton of resources online for OSCP. Check out abatchy's prep guide:

Some VMs to practise on:

(#1) Kioptrix: 2014,62/

(#2) FristiLeaks: 1.3,133/

(#3) Stapler: 1,150/

(#4) VulnOS: 2,147/

(#5) SickOs: 1.2,144/

(#6) Brainpan: 1,51/

(#7) HackLAB: Vulnix,48/

(#8) /dev/random: scream,47/

(#9) pWnOS: 2.0,34/

(#10) SkyTower: 1,96/

A really good book for OSCP prep:
Penetration Testing: A Hands-On Introduction to Hacking

u/Jurph · 3 pointsr/netsecstudents

Get a copy of Georgia Weidman's Penetration Testing and work through the exercises with the class. I think there's a way to order the book and get several PDF copies for classroom use; you could also contact Ms. Weidman on twitter and see if she'd let you do a bulk order at a discount.

Talk to the campus cyber-security rep and see if he or she would give your club access to the latest image file they're using on campus, so you can use that as a target in a VM. Vulnerability reporting should be a negotiated part of that deal -- you get the image, with the understanding that any vulns you find get reported internally.

Similarly, you could war-walk the campus and see how many unsecured or poorly secured WiFi networks you can find. If you can get on the network and then pivot to the access point you can change the SSID to "NETWORK_NAME (weak passwd)" or use your access to ID the network owner and notify them that their network's not secure. But make sure you have permission from whoever the campus ISP is before you do that -- the last thing you want is for some kid whose dad is a lawyer to sue you guys, or angrily demand that the school kick you out.

Also, if anyone in the club is planning to do work for the Federal government or other work requiring a security clearance, make sure that all of your work is strictly white-hat. Unauthorized access to any computer system, or access without consent of the owner, could potentially disqualify you from getting a clearance.

Once your team builds up a baseline set of skills you might want to see if you can start attending events for the CCDC.

u/Secure4Fun · 3 pointsr/AskNetsec

The book "Penetration Testing: A Hands-On Introduction to Hacking" by Georgia Weidman isn't free, but it's low cost and will give you the same information that PWK course materials provides, and a lot more.

For completely free training, search around Vulnhub for targets to go after. Plenty of lists on the internet about which ones are similar to the OSCP lab machines.

u/-vandarkholme · 3 pointsr/HowToHack

Two good books that will answer what you need. They go over making different tools that can help you in a penetration test.

I think python should be used more to automate things you'd normally do with other tools, not exactly use it to make "hacks".

You'd probably be better off using Ruby with the metasploit framework to actually make exploits, if thats what you mean.

u/drinknderive · 3 pointsr/netsecstudents

Pick it up beforehand, and have fun.

Also you might enjoy this book:

Read it if you have time its pretty good!

u/thwoomp · 3 pointsr/gamedev

If you're brand new to Unity and learn well from books, I would recommend Unity in Action.
It covers 3rd person controllers, camera, inventory, and a bit more. Would likely help you to get started.

Otherwise, /r/Unity3D is a good subreddit you may find useful.

u/serados · 3 pointsr/gamedev

Are you more interested in making a game, or the tech behind games?

Game Programming Patterns is a great reference when you have problems to solve or a system to design. It's a relatively light and easy read and definitely very helpful.

Game Engine Architecture gives a broad view of technologies behind a game but it doesn't actually go into the nuts and bolts on how to develop one. I recommend it as a way to see how things work, and a gateway to learning about the different technical specializations in a game engine. The reference list is very useful for further study.

Neither of them are of much help when it comes to using Unreal or Unity though. I've actually found that "learn to make game with engine X" books serve as a guided walkthrough of engine features and workflows and give you a solid base on which to continue exploring the engine. I've also found that working through a book has a much lower mental barrier than searching for tutorials on the Internet, since all the info is available on hand and (hopefully) presented in an easy-to-follow manner.

Start with the extensive tutorials Unreal and Unity offer on their official websites. If you find those hard to follow, or when you're done and think you need more guidance, just hit Amazon and look for books like this which are relatively well-reviewed.

u/Pilebsa · 3 pointsr/androiddev

The one most recognized IMO is Hello, Android. It's got the most/best reviews and of the dozen Android books I have, it's the best-written.

u/robscomputer · 2 pointsr/linuxadmin

A few of my favorite books I reference and recommend. Just a note, many of these are older and can be purchased used for much less. Also if you can afford it, get a Safari subscription. I use my work Safari subscription but this alone has saved me from my book buying habit. Now I only buy "must have" books. :)

Official Ubuntu Server book - I really like this book as the writing style helped me "get it" with Linux. Kyle Rankin has a very good method of showing you the technology and then a quick run down to get the server working, followed by some admin tips. It's a just scratching the surface type of book but it's enough to get you started. I rarely use Ubuntu now, but this book helped me understand DNS and other topics that were IMHO harder to grasp from other books.

As a bonus, this book also has an entire chapter dedicated to troubleshooting. While this sounds obvious, it's a great read as it talks about dividing the problem, how to approach the facts, etc. Stuff a seasoned admin would know but might be hard to explain to a new admin.

The Linux Command Line: A Complete Introduction - You can read this book for free on the site, but having a paper copy is nice. As mentioned, you should have a very solid understanding of the command line. In my experience, I have seen co-workers struggle with basic shell scripting and even understanding how to make a single line for loop. This book covers the basics, moving to shell scripting and I think it's a good solid reference guide as well.

DevOps Troubleshooting: Linux Server Best Practices - This book is referenced a few times here but I'll throw another comment for it. Another book from Kyle Rankin and has the same straight to the point writing style. It's very quick reference and simple enough that you could give this to a new sysadmin and he or she could get started with some of the basic tools. While the book covers a good selection of basic services and tools, it's easy to get deeper into a chapter and find it's only discussing a handful of troubleshooting steps. The idea with this book is it's a quick reference guide, and if you want to get deeper into troubleshooting or performance, take a look at other books on the market. Either way, this is a great book I keep on my desk or reference through Safari.

UNIX and Linux System Administration Handbook (4th Edition) - Another popular book based on the comments here. This is a pretty big book, thin pages, but it's like a small brick of UNIX/Linux knowledge. While it's starting to get dated, it does give a great reference to many topics in the system administration world. The chapters can dive deep into the subject and offer more than enough information to get started but also understand the technology. The e-mail chapter I thought was great as well as the DNS. I think of this book as a overall guide and if I want to know more, I would read a book just on the subject, that's if I need more information. One thing to point out is this book makes use of different OS's so it's filled with references to Solaris, different UNIX versions, etc. Not a problem but just keep in mind the author may be talking about something outside the scope of vanilla Linux.

Shell Scripting: Expert Recipes for Linux, Bash and more - I found this book to be a good extenstion of the Linux Command Line book, but there are many many other Bash/Shell scripting books out there. The author has many of the topics discussed on his site but the book is a good reference for scripting. I can't stress enough how important shell scripting is. While it's good to know a more formal language like Python/Perl/etc, you are almost certain bash will be on the machine you are working on.

Systems Performance: Enterprise and the Cloud - I can't comment on this book beyond the first chapter, I'm still reading it now but it's reading similar to Brendan Gregg's site, and that's a great thing. If you don't know who this guy is, he's one of the top performance guys in the Solaris and now Linux world. He has some great infographics on his site, which I use for reference.

Use method for Linux

Linux Performance

Example of Linux performance monitoring tools

Hope this helps!

u/khaloudkhaloud · 2 pointsr/redhat

I think brendan gregg books are the top, but u need some basis to understand (processor, memory etc)

u/Parlay_to_throwaway · 2 pointsr/learnprogramming
u/problemforme · 2 pointsr/computers

To demonstrate the differences in the time scales for this, the table shows the average time that each operation takes, scaled to an imaginary system where the CPU cycle of a 3 GHz processor is scaled to take 1 second.

Event | Latency | Scaled
1 CPU Cycle | 0.3 ns | 1 s
Level 1 CPU Cache Access | 0.9 ns | 3 s
Level 2 CPU Cache Access | 2.8 ns | 9 s
Level 3 CPU Cache Access | 12.9 ns | 43 s
Main memory access (DRAM from CPU) | 120 ns | 6 min
Solid-state disk IO (flash memory) | 50-150 us | 2 - 6 days
Rotational disk IO | 1 - 10 ms | 1 - 12 months
Internet: San Francisco to New York | 40 ms | 4 years
Internet: San Francisco to UK | 80 ms | 8 years
Internet: San Francisco to Australia | 183 ms | 19 years
TCP packet retransmit | 1 - 3 s | 105-317 years
OS virtualisation system reboot | 4 s | 423 years
SCSI command time-out | 30 s | 3 millennia
Hardware virtualisation system reboot | 40 s | 4 millennia
Physical system reboot | 5 m | 32 millennia


u/kerosina · 2 pointsr/sysadmin

Also don't you want to advance in the field of computer forensics? Here's a book that gives you some understanding of what you will be dealing with, sounds like good application for your computer skills:

And a presentation based on this book to see what it's like:

u/nabbit · 2 pointsr/EDC

Few books for you to consider - I got these for my course and are hugely useful. I've also included the Encase book as I know our forensics guys go back to it all the time:

Computer forensics using open source tools

The essential Brian Carrier - file system forensics

Real Digital Forensics

Encase training book

Digital Forensics Investigation

Forensic Discovery

u/technogal · 2 pointsr/computerforensics

I highly suggest this book:

While it's been out a bit, as far as I know, it still stands as the definitive source for NTFS file systems.

I went to X-Ways training last year in New York. Take good notes. I mean really good notes. X-Ways is very different than Encase or FTK. You need to understand how file systems work. It is NOT a push button tool. However, you will get way more information for your cases by using X-Ways; it's a great tool.

Are you doing regular forensic case work? If not, consider purchasing Brett Shaver's course: and book: They will be invaluable resources while you learn.

Good luck and have fun!

u/eagle2120 · 2 pointsr/ITCareerQuestions

There are a ton of different things you can do on the defensive side. The path here is a bit less defined because you can specialize in each of these areas with out ever really touching the other ones. But I think these are the most important skills as a defender, so I’ll break it up into three smaller chunks. For the most part, defender/Blue-team concepts draw from these skills, I’ve setup the courses in order, as some of these skills may feed into other areas.


u/HelveticaScenario · 2 pointsr/programming

IIRC, if there are multiple equally specific best matches you'll get a compiler error, and will have to disambiguate by making the call as you would with a normal static method. There are potentially issues if you recompile your code and the libraries you use have since added better-matching but functionaly incompatible extension methods, but I don't think there's any real solution to this, and it's unlikely to be a problem with well-designed libraries.

You're certainly correct that extension methods should be defined very carefully and sparingly. The ever-valuable Framework Design Guidelines has a number of recommendations, the first of which is to avoid "frivolously" defining extension methods.

A good IDE such as Visual Studio can tell you that Select is an extension method, which does help to some extent. Also, I suspect the vast majority of uses of extension mathods are through implementations of the LINQ patterns, in which case it's pretty clear from the usage.

Although extension methods can be used to extend existing sealed classes or as cute helpers, or for adding "instance" methods to interfaces, their primary use is for LINQ. It's fascinating how several C# 3.0 & 2.0 features that are individually quite interesting - extension methods, lambdas, type inferencing, iterators, generics, object initializers - combine with the LINQ-to-objects library to form something that's greater than the sum of the parts.

And that's not even getting into fascinating things like expression trees, the AsParallel() extension method, LINQ-to-SQL, the Rx framework...

u/michaelquinlan · 2 pointsr/programming

There is probably a better way, but one way is to look towards the upper right of the page on where it has a link labeled 'Share'. Clicking this brings up a page with a Permalink label. Copy and paste this value. You don't need to actually send the email (click click close on the upper right). The Permalink for Framework Design Guidelines: Conventions, Idioms, and Patterns for Reusable .NET Libraries (2nd Edition) seems to be

The post you are replying to has been deleted so I don't know if this would address their objection or not.

u/mariox19 · 2 pointsr/education

I think the more pressing question is: What does this mean for 21st century brains?

u/Meganne8 · 2 pointsr/AskReddit

Yes and it promotes shallow thinking. Check out "The Shallows". It's about What the Internet Is Doing to Our Brains.

u/selv · 2 pointsr/networking

The book DNS and Bind is a good resource.

u/gawdnfreeman · 2 pointsr/sysadmin

Three esxi servers, each with more than one NIC, and one separate vcenter server is a great starting point. This allows you to tune DRS, HA, and even fault tolerance. Once you get that down, you'll want to be able to tune VMs properly to run most effectively in a virtual environment.

I enjoyed reading these books, though some are "dated" now, the contents are still very relevant. They won't get you anywhere in particular by themselves, but when you combine them with the self-teaching nature of sysadmins I've previously described, these will generously add to your toolset.

HA and DRS deepdive
Sed & Awk

Mastering Regular Expressions. I use often.

Pro Puppet

Anything by Bruce Schneier is usually worth your time.

Though I no longer administer a large number of Windows machines, I am a huge fan of Mark Minasi. The Server 2003 book was super helpful in building and maintaining Windows Domains.

I have an old edition of the DNS and Bind book kicking around somewhere.

Understanding the Linux Kernel has largely been useful to me when doing anything "close to the kernel". Not a good beginner's book.

I've never used an apache book, but I enjoyed the Varnish book. This definitely helped me.

Of course, these books don't cover everything, and those listed are relevant to my interests so your mileage may vary. You'll never go wrong teaching yourself new skills though!

EDIT: I forgot about the latest book I've read. I used tmux for a little over a year before purchasing a book on it, and it has improved my use of the program.

u/mrskitch · 2 pointsr/javascript

JavaScript is no longer considered a "toy language" and is become much more relevant and demanded due to server platforms that run it (node.js being the biggie).

You should really familiarize yourself with what's happening in the JS scene. To start, take a look at:

  • Bower
  • Grunt
  • Nodejs obviously

    If you're gearing towards UI:

  • Angular
  • Backbone
  • Ember

    Also, read:

  • Eloquent JavaScript
  • The Good Parts
  • Functional JavaScript

    I was never a Java developer, but was a PHP developer back in the day. Things like NPM and Node (for building, or writing back-ends) have made my life a hell of a lot easier and less "hackier". You can primarily concern yourself with just integration/work code instead of busy stuff, like copying crap over or adding another lib to your VCS system. Just add it as a dependency and you're off and going.

    That being said, JavaScript is really hard to get good at. There is no "standard" way of doing anything, and everything has it's benefits and drawbacks. You need to know which is better and why, and when to break the rules. It's quirks can be tool for powerful code, but you need to know why it is that way.

    If you think I'm joking, take a look at this rant.
u/lainproliant · 2 pointsr/Python

I had a great deal of luck with the book "Javascript: The Good Parts". It's a quick read and is aimed at people who are not new to programming.

O'Reilly Publishing:


u/dhcole · 2 pointsr/IAmA

There are lots of ebooks and free websites, but mostly it's just practice. Once I got to a moderate level, I found this book to be very helpful:

u/nawitus · 2 pointsr/Libertarian

Yes, PHP-like language would be worse. Most critique of JavaScript is stated without knowing the language much. I recommend reading this.

u/jesstelford · 2 pointsr/dogecoin

Javascript has it's bad parts. But, once you look past those and see The Good Parts...

u/rooktakesqueen · 2 pointsr/programming

Are you a beginner to programming, or have you been programming for a while in other languages and are just getting started with JS?

If you're a beginner to programming altogether, this is a good resource, but I'd also recommend some dead-tree books. I've heard good things about Javascript: The Good Parts, though I've never read it myself.

Edit: One thing to be careful of when you're just getting started, by the way: try not to focus too much on any single language and its features. You want a good solid base of fundamentals, you don't want to hyper-specialize from the start. Don't just learn Javascript, for example. Try Java and Clojure and C and Haskell too, and any other language you can get your hands on. They all have their own idioms and lend to certain styles of problem solving, it's good to be able to figure out which one is best for the task you're facing.

If you've done some coding before, and are branching out into JS as a new language, there's no better way than reading about it and then trying it out on your own. JSFiddle is a great resource for just playing around. You could try implementing solutions to Project Euler puzzles in JS. Or you could pick a pet project you want to work on that has some client-side behavior and implement it in HTML5/JS. Or server-side behavior and do it in node.js. Or you can find an open-source project using JS that you're interested in, and get involved there.

Edit: Also, Stack Overflow has dozens of JS-related questions answered every hour. Sometimes those answers come attached to a lot of useful information. Try browsing there, and if you have questions, ask them. It's a great resource.

u/Neres28 · 2 pointsr/learnprogramming

He can be a little ranty, but I like JavaScript: The Good Parts

I warn you that JS isn't a "real" OO language though there are a number of fairly good libraries that attempt to make it more so, Prototype coming to mind. Have a look at Douglas Crockford's module pattern as a more JS-ee way of doing it.

u/drgath · 2 pointsr/webdev

If you want to stand out, learn how to program JavaScript without the use of jQuery. Learn about cross-browser DOM scripting, browser performance, security, and JS fundamentals (prototypes, closures, etc...). Some good books to get started are Pro JavaScript Techniques and JavaScript: The Good Parts

u/YuleTideCamel · 2 pointsr/learnprogramming

Honestly I don't think there is a need for this since there are a few excellent javascript books. But they are hide to find among the many many crappy books out there.

JavaScript: The Good Parts is pretty much the most important Javascript out there. It basically shows all the quirks of the language and gives tips on what to avoid and best practices.

JavaScript Patterns continues and goes into more depth and covers more advanced usage.

High Performance JavaScript goes into great depths on how you can make your js code more efficient and fast.

u/creegs · 2 pointsr/cscareerquestions

There's good advice here. Did you master JavaScript on the way to CoffeeScript? If not, pick up Crockford's Javascript: The Good Parts - actually, either way, read that book if you haven't already.

If you know JS well, you should do a couple of side-projects in Meteor. It's an interesting framework that embraces "Reactive Programming".

Here's a few other things:

  • Node.JS
  • MongoDB
  • Redis
  • Memcache
  • Ruby (if you like CoffeeScript, this shouldn't be a massive leap)
  • jQuery/Backbone or Angular/SASS/Susy/Yeoman (if you want to do front-end stuff)

    Good luck!
u/SofaAssassin · 2 pointsr/cscareerquestions

If you're just getting into CS and programming at all, and you're interested in Javascript, I'd recommend learning Javascript itself first, before you decide to start using libraries and frameworks that may do a lot of special stuff and magic that will abstract away parts of the language from you. There are plenty of resources like Mozilla's tutorial and the relatively short Javascript: The Good Parts that you can learn from. Do CS-related exercises with what you learn. You can go to sites like Coursera/edX and do intro CS material and do the assignments/problems in the curricula, or do things like Project Euler or things from /r/dailyprogrammer.

After that I'd start looking at more of the stuff out there, like Node.js or React or Ember or whatever. I'm rather partial to React.js and RActive myself for front-end rendering, but I'd encourage you to read and experiment with many of the things out there, since each thing brings something different to the table.


Now for your question specifically...

I'm not much of a front-end person or Javascript developer, so I'm probably not the best person to ask. I last used jquery about 5 years ago, and at one point I also worked in the same company with some of the people who wrote You Might Not Need jquery. These days, I'd say to skip jquery for various reasons:

  • Modern browsers are just much better and if you don't have to support old browsers (I'm talking IE8 or older), jquery is probably unnecessary.
  • There are replacements for certain parts of jquery functionality, depending on what that functionality is
  • ES5/ES6 (through babeljs) can replace some of the functionality that jquery handled
  • React.js and more full-fledged frameworks exist - React.js and frameworks like Ember.js or AngularJS, which have components that manipulate the DOM, have become very popular and are basically jquery replacements.

u/iDontDoMeth · 2 pointsr/learnprogramming

Jon Duckett, who wrote the HTML & CSS book you bought (which is the best in my opinion) also just released his JavaScript book, which I am excited to read. Once you get a grasp on it, I would read JavaScript The Good Parts, by Douglas Crockford, who works for ECMA and helped write the language.

u/whobutsb · 2 pointsr/javascript

Get your hands on Douglas Crockford's book "Javascript the Good Parts" (
That will help you get started with the language.

Here is a talk he did at Google:

If your looking for some neat boundary pushing javascript check out the site:

u/Gropamming · 2 pointsr/learnprogramming

Sorry for getting back to this so late, it's been a long week.

  1. You will need a good understanding of HTML/CSS, mostly how to manipulate and traverse the DOM tree. Luckily, this is very simple and straightforward once you figure out how the pieces fit together. On top of that, Javascript does a great job of hiding the need to actually write HTML or CSS markup, though you should still understand how it works. The better you understand the pieces of the puzzle, the more interesting and creative graphics and visualizations you can create!

  2. The graphics are very easy to show off, seeing as they live on the web :) There are a ton of ways to host graphics, either on your own website, or on one of the many free online platforms like Github and CodePen.

  3. As far as preserving interaction outside of the web, I do not have any knowledge of how to do that with Javascript (not to say that it doesn't exist).

  4. As far as resources, I highly recommend reading Javascript: The Good Parts to understand how the language is put together, why it was put together that way, and how to take advantage of its unique style. It is a pretty short read. As far as learning visualizations, I learned most of my fundamentals from taking courses on Lynda, and then used good old Stack Overflow to figure out how to create the specific things I wanted to do in my visualizations. Other good sources for video tutorials are Pluralsight and sometimes Youtube.

  5. YES! That is the beautiful part of creating visualizations on the web, you can power them with any web technology. Most of my visualizations retrieve data from some web API and use that to build graphics or show an interactive dashboard, meaning they look different every time I load them up. This gives you a ton of freedom and flexibility to create graphics that are both pretty AND useful. It's very common to hook them up to databases to query and display data.

  6. As far as IDE's, I absolutely love Visual Studio Code if you have a Mac. It is VERY different from regular Visual Studio and has some great features like a built in terminal window, built in git support, a very lightweight directory structure, and a good community for 3rd party add-ons. It was built with Javascript in mind but I now use it for C++ and Python as well. If you run a windows, I use Sublime Text 2 which has many of the same features. If you want something with a bit more out of the box, Atom is a good IDE that lets you view your site as you build it and also deploys a small web server which is useful if you are not running your own.
u/porlov · 2 pointsr/javascript

> But co-writing with a book takes up a lot more time than co-writing with video.

If by co-writing you mean writing the examples from the book/video and making them work, well I never do that. I always read technical programming books as fiction and never try the examples. Sometimes I just return to particular parts in the books for reference, but that's it. For the practical part I do my own things. I don't have time to retype the examples from the books, my life is too short. I got plenty of needs that imply writing software to solve my own personal practical problems. If I think about it long enough, I always come up with some really small project that's (at least theoretically) possible to be made by an almost complete language newbie.

I don't know how useful my personal experience would prove to you, but here you go. My JavaScript journey started when I was living in a cave with no internet access and a very old computer with such a small amount of RAM that it could only run Opera. I found three books about JS on some old CD and picked the basics from them. Having a bit of prior programming experience helped, but I wouldn't overestimate that influence.

Here are the books:

I found the first one most interesting and useful, the last one was good to use as reference and replacement for the lacking access to online searches.

As you can see, all of them are quite old (and maybe outdated already, since the JS ecosystem moves ahead so fast).

I'm pretty sure there are tons of newer books nowadays.

Very recently I was suggested to have a look at but I didn't manage to get some time to have a closer look at it, so I can't comment on the content there.


u/oilshell · 2 pointsr/ProgrammingLanguages

Have you looked at the dialect defined in JavaScript: The Good Parts?

This book is old now, but if you want minimality, it's still good! He defines a subset of JavaScript, and I believe he writes a complete front end in this subset.

I guess you are not trying to be compatible with JS. But I would love to see someone implement a compatible subset. That is, all the "insane" behavior throws errors instead of silently continuing execution.

u/eibjj · 2 pointsr/web_design

It's hard to say how marketable your JavaScript is. Have you done anything with it? Could you solve simple algorithmic problems using JavaScript?

I would first have a look at the Underscore library. It has all kinds of goodies, and lots of other libraries either depend on it, or borrow from it. Here is a link to the annotated source code:

Require.js is another important one:

If you want to contrast various JavaScript MV* frameworks (like Backbone), have a look at TodoMVC:

The annotated source code for Backbone can be found here:

You need to read this: JavaScript: The Good Parts

In fact, anything by the author Douglas Crockford is worth reading/watching IMO: Crockford on JavaScript,

u/jjnguy · 2 pointsr/learnjavascript

I'm not a big learn by book person, but this book really helped me understand JavaScript.

u/8wardialer5 · 2 pointsr/node

Not focused on Node.js, but the following helped me a lot:

u/gin_and_toxic · 2 pointsr/webdev

Some highly recommended books:

u/Dencho · 2 pointsr/javascript
u/w_t · 2 pointsr/gis

For JS in general, I like JavaScript the Good Parts

And you have tons of options depending on what web mapping framework you go might want to check out Leaflet. The API docs are pretty good, but here's a book:
Leaflet.js Essentials

I really like the Manning books,
There's books on a variety of topics, including PostGIS, MongoDB, Node, and D3 for visualization stuff.

u/vanderZwan · 2 pointsr/programming
u/ngly · 2 pointsr/web_design

JavaScript books I'd recommend:

JS Good Parts. Short read but interesting and important concepts covered.

Professional JavaScript for Web Developers. Covers every detail of JavaScript in web development. Huge book with about 900 pages of information. This covers all the technical details from syntax to core concepts.

I haven't read the one you linked, but have seen it around. It's probably good.

u/owale2 · 2 pointsr/brisbane

Get this book and read it to get a decent understanding of JavaScript:

It's probably the best out there... It's rather small for a book on a programming language, but you'll learn all the bits you need to know.

u/ryanplant-au · 2 pointsr/learnprogramming
u/ABrownApple · 2 pointsr/learnjavascript

Have not read but heard others recomend:

I personally like:
Because it covers a lot in very few pages.

u/zzgzzpop · 2 pointsr/javascript

If you're picking up JavaScript as a first language, it might be a bit difficult. It's used so often for the web that you'll most likely be required to learn at least some HTML and CSS as well. But, if you're not discouraged by this there's a lot of resources out there.

The one stop shop that'll give you everything is MDN ( Which has pretty much everything you'll need about JavaScript (

If you don't know anything about HTML or CSS you might want to at least go through the introductions before jumping over to JavaScript:

As for programs to use, to start, all you really need is a text editor (I recommend and a browser. If you're using Chrome press F12 and that should bring up the developer console and type:

console.log("It is " + Date());

Congrats you just wrote JavaScript.

Once you feel more comfortable you'll definitely want to pick up JavaScript: The Good Parts (

u/Tdawgy69 · 2 pointsr/learnprogramming

JavaScript the good parts by Douglas Crockford

u/noprompt · 2 pointsr/javascript

In addition to the others mentioned, these are also well worth your time:

Eloquent JavaScript

JavaScrip: The Good Parts (This one is essential)

As far as functional programming goes, google "functional programming in javascript." There are several articles on the subject and you'll learn some very useful and interesting techniques. Using a functional style in JavaScript can be extremely rewarding and not to mention a lot of fun!

u/yoqu · 2 pointsr/javascript

>At first I searched for a good guide for an average programmer, I found the [1] MDN JS Guide which is good, but I think not very good: At first I wasn't sure what is part of the language itself and what is only available at the HTML-DOM (they use a lot alert-dialogs - JS hasn't a Standard Library like Python or Java, has it?).

They use a lot of alert because it's the easiest possibility to show something for starters, you can however of course use console.log, console.warn and error. For the HTML DOM thing, well c'mon - at least try that examples in your console, will you? Just press [F12] or google for how to open the JS console for your browser.

>Is there a "JS Bible"? I know there is the tutorial for python ([2] click me) and as well there is the book/bible/reference for C (from dennis ritchie) and C++ (from Stroustrup). Does something like that exists for JS?

JavaScript: The Good Parts by Douglas Crockford

>Second Question: For my purposes, it is worth to use a Framework like jQuery? I'm using it right now, but I think it's not a big deal to code everything without using an 3rd-party framework.

I like to be able to swim, before I learn to drive a boat - and you? :)
Anyways, that depends - if you do this for clients, use jQuery, it's tested, on multiple browser, sure it has bugs, and plug ins should be reviewed by you before being used. jQuery helps to code less though, and has plenty of beginner questions already answered - just use it.

> Last Question: Atm I'm using Django as webframework and i'm very happy with it. But it looks like Node.js got lots of attention in the last couple of month, is mature enough to use it for real world problems?

It's "mature" enough yeah, but use what you need - not what is all the rage right now.

u/m4tchb0x · 2 pointsr/javascript
u/SoftwareEngineur · 2 pointsr/javascript

You're probably going to get a myriad of reactions to this question, but usually the consensus is usually JavaScript: The Good Parts

u/Neurotrace · 2 pointsr/readablecode

Regardless of if the code is contrived, it's still a possibility. I wasn't saying that I couldn't figure out if it was an if statement or an assignment. I was saying that I can more quickly parse one over the other if you end all of your statements with a semicolon.

I said I don't agree with much of his stuff but Crockford has written entire books on JavaScript so disagreeing with much of it still leaves a whole lot to be taken in to account. As I'm sure you've heard from others, I would highly suggest reading The Good Parts to see what he's all about. Perhaps saying "much" was a bit strong. Really I only disagree with his idea of placing all of your variables at the top of a given scope.

How can you say that code statements don't flow one after the other like sentences? The very notion of programming is that steps are executed "programatically" i.e. one after the other (we could argue about asynchronous code but the reality is that async code just adds a level of variability in the line of execution).

I find semicolon-free code less readable because, again, the moment I see a semicolon my brain automatically says "that's the end of the statement." For example: I might write some jQuery like this

$('#really-cool-thing').css('color', '#FFF')
.css('background-color', '#000')
.attr('value', 'Awesome');

Because I always end with a semicolon I automatically know that this is a chain and I don't even have to look at the beginning of the line to check if we're acting on a new object. Without semicolons, I have to scan back to the beginning of the line, check to make sure there's only a period, then continue to read. It adds more time and forces me to load just the tiniest bit more complexity into my head. Why should I "allocate" some of my mental memory to checking for where semicolons are going to be inserted when I can just insert them myself and never even think about it?

Most C based languages (i.e. most programming languages are semicolon terminated or, in the very least, semicolon separated. So if you program in any of these regularly then typing them in becomes second nature. I literally don't even notice when I type a semicolon anymore.

If you have a background in languages like Python then I can see the anti-semicolon sentiment because while Python allows semicolons, it isn't considered "pythonic." Likewise, I would make the argument that although semicolons can be left out in JavaScript, it isn't considered "JavaScriptic" to do so.

Do whatever suits you best but I don't understand the idea of having to keep track of more things, no matter how small, in your head rather than covering your ass. In the case of the bootstrap code that I linked you to, it can also cause issues in minification if you don't use a minifier that puts in your semicolons for you. Finally, it does make your application a little bit slower because the parser has to read in the line break, attempt to read in the next statement, determine if it can be considered part of the previous statement, and if not rewind back and shove a semicolon in. But if you place it in explicitly then the interpreter reads it, automatically understands the statement has ended, and goes about its business.

u/OrneryFellow · 2 pointsr/javascript

I started out with going through the book Javascript: The Good Parts. It's fairly straight to the point and goes over the parts of Javascript that differs from other classical OOP languages pretty well. As the book title suggests, it doesn't go over everything in Javascript, but only the practical parts. Great short read.

u/tangentsoft · 2 pointsr/programming

Although Lua does allow you to implement an OOP system yourself, that just leads to The Lisp Curse. Humans being humans, everyone will build their OOP system differently, so an expert in one augmented Lua dialect moving to another project with its own dialect loses their expertise.

A language with a mediocre OO system which is fixed in stone by the language definition is better than one flexible enough to let you define any OO system you like, from a training and community expertise standpoint.

You see echoes of this in Perl and JavaScript, too.

Like Lua, Perl also had an OO sidecar bolted onto it after it became popular. Because there is no one single way to do things, you get classic Perl OO users vs. the Moose people vs. those that go totally their own way, doing weird shit like blessing arrays.

In JavaScript, it's both better and worse than Lua or Perl. JavaScript can at least claim, with a straight face, that it is OO to the core. The problem is, that core has two different ways of manifesting: pure prototypal extensions of Object and such vs. the C++ inspired paintjob on top, all that business with new and constructors. The Scheme/Lisp-inspired flexibility of JavaScript lets you bring The Lisp Curse down on yourself again, because there's nothing telling you how you must implement your constructors or factory methods. In Douglas Crockford's lovely book on how to program in JavaScript with style and panache, there are three or four different ways to build up objects. Add to that the one your JS framework of choice probably gives you. Then of course you know best, so you ignore that and define a sixth style for your project. It becomes a tarpit.

I'm no hater of any of these languages. I happily use them all. It's important to realize, however, that there's something to be said for languages that nail things like OO down in the language definition.

u/nwilliams36 · 2 pointsr/learnprogramming

Javascript: The Good Parts

There are also quite a number of his presentations to conferences on Youtube. He is currently employed by Paypal and is writting a version of the web which is designed to be secure. He is calling it the Seif Project.

u/ducksauce · 2 pointsr/programming

That book is terrible. If you really want to learn javascript (versus completing mandatory coursework), check out this one:

The author has a great site, too:

u/jimbolla · 2 pointsr/pittsburgh

Logic/match shouldn't really be an issue. To me, the main parts of JS are interacting with the page/DOM and keeping your code clean and organized. A couple of resources to look into:

  • JavaScript: The Good Parts for general JS good practices.
  • jQuery to handle simplifying many JS tasks and abstracting away some browser incompatibilities.

    I don't know where I'd start with teaching someone to code but if you had code that needed reviewing, I could probably help with that.
u/Selesthiel · 2 pointsr/node

I can't possibly recommend Douglas Crockford's Javascript: The Good Parts enough. It's a quick read; I read through it in an afternoon. I've been doing professional node development for three years now, and I still reference The Good Parts.

Similar to what /u/AlexanderC89 said, there are high-level architectural and pattern differences between javascript and PHP. The key concepts, off the top of my head, that are most important to understand are:

  • Prototypal (js) vs Classical (php, c/c++) inheritance
  • Functions as first-class objects (and lambda functions)
  • Asynchronous/event-driven I/O model
  • Block scope (php, c) vs Function scope (and closures)
  • Variable hoisting
  • "==" vs. "===" and "falsy" values

    You can probably find good descriptions of all of these somewhere on the web, but I'd just as soon recommend reading The Good Parts. I'm not affiliated with Crockford or anything at all like that, quite simply just that The Good Parts is really that helpful.

    Honestly, I wouldn't sweat promises until you have a strong grasp of the callback model. They're important and very useful, no doubt. Its just that I've tried to introduce promises to a few colleagues whose understanding of the async callback model wasn't the strongest, and it really tripped them up. Once the callback model clicked for them, promises were a snap to pick up. YMMV.

    I can throw together some quick examples and descriptions for you, if you find that sort of thing helpful.

    (edit: formatting)
u/ChamplainBridgeTroll · 2 pointsr/montreal
u/CronkDocker · 2 pointsr/vmware

Ahh I see that you are not familiar with Google, please see reference to an amazing book that can assist you with your troubles.

u/Neurobug · 2 pointsr/DerekSmart

Beaten? I've literally been laughing at you. Lol. Good job, guess someone should tell CIG they are broke then! Lol. It obviously takes a genius to understand that a company keeps selling their product to not go out of business. Quick, tell Amazon!

And sorry thought you MIGHT have two brain cells to do a search. Guess I was wrong! Here ya go!

Still waiting on your successful crowd funding campaign. Just gonna ignore that huh? Derek was wrong about names, about FTC investigations, about lawsuits, about studios closing, about CIG being out of money, about 2.0 being impossible, about 2.63 being shown at gamescom, about Ali B being fired, about Tony Z leaving CIG, about mass walkouts, about money laundering, about Amazon buying CIG, about the engine switch ( he doesn't even understand what a fucking game engine is) about his own fucking games ever launching. He was caught red-handed taking made up bullshit from "Steve" and IMMEDIATELY tweeting it, and then tried to play it off like he actually knew all along. So, is it worse to be wrong, or just pretend to be wrong and still be wrong? lol You taking anything he says seriously is just sad. And anyone who believes him after he's been proven such a liar and moron, must equally be as idiotic. But sure, lets beleive him, thats why CIG is out of money and not making the game....except they are. So...your "facts" or reality? pick one? Obviously it isn't the latter. So, I repeat, fuck off troll lol. You aren't "winning" you're just making yourself look stupider with each post.

u/TheHelgeSverre · 2 pointsr/PHP

If you want a very comprehensive (althought maybe a bit dry) resource on web app security, I recommend The Web Application Hackers Handbook, it covers most of the web security stuff like remote file inclusion, sql injection, csrf xss etc etc.

u/CodeThree · 2 pointsr/HowToHack

OWASP Testing Guide

Also check out the Web App Hackers Handbook. This is an extremely handy book to reference to during tests. It would be a good starting point for you to check out.

u/PM_ME_YOUR_0-DAYS · 2 pointsr/AskNetsec

> Ps; anyone know of a good recommendation on how to start on web apps on the labs. Looking for a good book or resource.

The OSCP web app portion is good, but if you're like me you might benefit from some supplemental materials. Not necessarily specific to the course, but I found these resources really helpful for working on my web app skills

u/MikeCodesThings · 2 pointsr/AskNetsec

Some great resources are The Web Application Hackers Handbook. It's a long read but very in-depth. Link

If you want to practice as you read look into Damn Vulnerable Web App (DVWA) [Link] (, Pentester Lab challenges [Link] (, bWapp. Learn how to use tools like Burp, ZAP, sqlmap, and BEEF (among others).

I've also heard that Security Tube has a lot of great videos but I haven't checked it out personally yet.

As for fundamental knowledge, you'll need to understand how the web and web applications work. Things like HTTP/HTTPS, HTTP methods, forms, Javscript, sessions, cookies, databases. Also about application input, application frameworks, application firewalls. If you don't have any programming experience, you should start learning some fundamentals to understand application logic and structure. This can help you think of assumptions that developers made and how you might be able to bypass or work around those assumptions to do things that weren't intended or anticipated.

u/pixel1 · 2 pointsr/IWantToLearn

I don't know if you're specifically interested in learning about the security and security flaws of web apps specifically, but I would definitely recommend The Web Application Hacker's Handbook as it's an amazingly thorough guide on vulnerabilities.

Typically you start testing sites by using a security toolkit underneath your browser, such as Burp Suite. I don't do much of this stuff myself so hopefully this'll get you started.

Also /r/howtohack might be helpful, along with this thread to find some good hacking practice (DONT hack sites you don't have permission for)

Good luck!

u/ITestPenetration · 2 pointsr/security

Penetration Testing: A Hands-On Introduction to Hacking by Georgia Weidman is similar to the OSCP syllabus and a good introduction.

The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws 2E is the web application hacking bible.

Don't take any shortcuts, if you don't understand any topics read around them and make sure you do - that is usually a good start.

u/science830 · 2 pointsr/learnprogramming

When i was in the process of applying for Matasano Security, they had me read this book and said it covered web security (fit application security is your thing):

u/kira156 · 2 pointsr/AskNetsec

The web application hacker's handbook is an excellent book for web applications pentesting.

u/TailSpinBowler · 2 pointsr/netsecstudents

What kind of coding, and what are you interested in regarding security exactly? I would brush up on some python personally.

If you are inclined to read, I think the following are essential.

u/ladywanking · 2 pointsr/cscareerquestions

Just do your degree and start exploring ethical hacking, get involved with community.

Personally, I think great ethical hacker needs great understanding of networking, assembly, and OS, all of which you can learn in UofT.
These 3 topics are critical, you actually need to understand how to find vulnerabilities to be great in cybersec.

Also, start attending

This book has been recommended to me as a high level introduction:

Also, install cali linux and get some introductory level book on it.

Source: worked for a cyber sec in one of the Big4, worked with ethical hackers, and helped them with security scanning.

u/mhurron · 2 pointsr/AskNetsec

I've had this bookmarked forever (Probably linked to from here)

I have no comments on the quality of the information, it's been on the master to-do list for damn near ever.

If you want to spend some money there is also

(again, it's been mentioned here, and again, can't say anything about it personally, master to-do list)

u/CaptainIncredible · 2 pointsr/ADHD_Programmers

>I timed myself and it took me an hour and a half to finish one section of a chapter to understand it and highlight the important stuff (haven’t even gotten around the notes)

Typically when I read a long, boring, dry text I highlight the shit out of it and take notes. I try not to just read it with words going in one ear and out the other - I'll take it a chunk at a time, sift through the horse shit, and extract the point it is trying to make.

Then I put it in my notes. (I use OneNote a lot. Its free and it allows me to get creative with notes with colors and arranging text and diagrams, etc.)

I sort of got the idea from the "Head First" series of books.

Take a look at this and click "see inside".

The information in the book is in chunks sort of "splattered" on the page. Important concepts are large and colorful - smaller supporting concepts surround the important ones.

Structuring books like this works well for me.

I believe that organizing concepts in text in one long string of black and white letters and words is not always the best way for humans to understand and retain information. Its what were used to seeing, its been around for centuries, but with the flexible publishing tools we have today, I argue better approaches are possible.

u/hamptonio · 2 pointsr/webdev

You might consider one of the "Head First" books. Some of them are a little out of date; they have a very distinctive style that you may really like or really hate. I think the style could be useful if you are dipping in and out of reading at work. Two examples:

u/oliverlikes · 2 pointsr/Bitcoin

more technical book

more general book for everyone

also AA on J. Rogan podcast, very casual conversation for public + many more of course, I'm just AA fanboy

u/gELSK · 2 pointsr/TheRedPill

// , If you're in the mood for a more practical, very recently tested "RedPill" perspective on finance, I recommend The Internet of Money, by Andreas Antonopoulos:

u/btc_is_gold · 2 pointsr/Bitcoin

I think Andreas Antonopoulos: Internet of Money.

I think that "Mastering Bitcoin" by Andreas Antonopoulos is too difficult for "regular people". But Andreas give it for free at So you can check it out and you'll see.

u/slepyhed · 2 pointsr/Bitcoin

You're not too late. Check out this podcast episode for reasons why:

As far as what Bitcoin is, I recommend reading three books: The Internet of Money (Volumes 1 and 2) and The Bitcoin Standard.

Alternatively, watch all the videos you can find from the authors of these books, Andreas Antonopoulos and Saifedean Ammous.

u/1blackhand · 2 pointsr/EnigmaProject

"Andreas is a best-selling author, speaker, educator, and one of the world’s foremost bitcoin and open blockchain experts. In 2014, he wrote the one of the foundational books of the blockchain space, Mastering Bitcoin. He is also the author of The Internet of Money as well as his most recent book, Mastering Ethereum. He is widely respected in the blockchain space for not only his knowledge and ceaseless curiosity about decentralized technologies, but also for his extreme generosity in teaching others."

u/Foureyedguy · 2 pointsr/india

That's ancient. Get into the Internet of money

u/TheGift1973 · 2 pointsr/security

Mastering Bitcoin by Andreas M. Antonopoulos.

It isn't meant for the average Bitcoin enthusiast, but is more aimed at the technically minded/coders/cryptographically minded user. Many security researchers may well (IMO) have to deal with blockchain related security in the future, so having a decent knowledge of how Bitcoin (the tech) and bitcoin (the currency) works can only be advantageous as this field develops. Even if you don't think that your current role in security won't have to deal with this field, I would still advise you read the book as it is a fascinating read. There is also another version called The Internet of Money that is aimed at those who may not be so technically minded, but still have a genuine interest.

u/Cecinestpasunnomme · 2 pointsr/Bitcoin

Watch this playlist or, if you prefer to read paper books, this one has the same content.

u/pjfrank · 2 pointsr/BitcoinBeginners

Read Andreas Antonopoulos -

I got the audiobook so I treat it like a podcast. Really interesting the way he describes other game changing technologies in history (automobiles, mobile phones, etc) and the adoption of each. Most had significant challenges like crypto does today.

u/mattblack_crypto · 2 pointsr/ethereum

I just purchased the following books:

u/ladfrombrad · 2 pointsr/AskReddit

Just scanning all them reddit comments and eventually went to their site and it looks like they're trying to sell it through Barnes and Noble, Amazon and others from the 28th of next month.


What do you guys think?

u/jayeychess · 2 pointsr/netsec

stormehh has some good points.

I agree, and would argue that you are better off learning the fundamentals at this stage in your life. I understand your urge to get out there and explore different tools and techniques as fast as possible (trust me, I've been there myself), but take my word for it when I say that you will get more out of it when you understand the underlying concepts/technologies/protocols.

This might sound old fashioned, but read these books. It's a lot of material, but well worth the effort. You can get all three of them used for about $75:

"Computer Security: Art and Science" - Matt Bishop

"The TCP/IP Guide: A Comprehensive, Illustrated Internet Protocols Reference" - Charles M. Kozierok

"Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses (2nd Edition)" - Edward Skoudis & Tom Liston

Good luck to you, and follow the light side of the force.

u/ultrabowser · 2 pointsr/linux

I can recommend everyone to read this 1616 page book for a sweet and short introduction to TCP/IP.

u/roobixx · 2 pointsr/homelab

Sorry this has taken me so long to get too. Been busy.

First, understand that Kali is nothing mote than a collection of tools. Its those tools that you are actually wanting to learn.

KaliTutorials is one place you can start.

Also, there is an abundance of videos on YouTube and if you are serious about wanting to learn penetration testing/security makes sure you book mark Irongeek

Like I said earlier, by the time books are written, edited, and published, they can often be out of date.

If you do want to understand some of the basics, here are books you should look at:

Metasploit: The Penetration Tester's Guide



Basic Security Testing with Kali Linux 2 I havent read this one but I have heard good things

The Hacker Playbook

[The Hacker Playbook 2] (

Also a good list of resources can be found here:

u/pres82 · 2 pointsr/HowToHack

msfvenom -p windows/meterpreter/reverse_tcp LHOST=<your ip> LPORT=<port for listener> -f exe -e shinikata_ga_nai -i 9 -o <where you want it saved>

you can use --help-formats for other file formats other than exe. I recommend you do that to get experience.

alternatively, try using the web_delivery module in metasploit to generate lethal urls.

climbs upon soap box this is the problem with Armitage. Raphael is the nicest guy in the world, but putting that gui over the tools took the script out of script kiddie. you're not understanding what's going on under the hood, so you dunno, fundamentally why things are broken.

buy this and read it. you'll be miles ahead of where you are now and you'll see that armitage is only holding you back.

u/brew-balls · 2 pointsr/HowToHack

Buy and read this.

Metasploit: The Penetration Tester's Guide

u/Rikim4ru · 2 pointsr/sysadmin

I personally like nessus. However, since you call yourself a security novice, you might want to hire a specialized IT firm to make an (first?) audit for you. Backtrack and such are not the friendly tool you should use in a production environment plus, if you are not sure of what you are doing... your audit might end up completely useless and give you a false feeling of "security".

Get this book, and set up a home lab (WITHOUT INTERNET ACCESS!). You'll learn a lot, without endangering your JOB.

u/darthsabbath · 2 pointsr/cscareerquestions

Okay so there are a couple of good places to start with malware. The first is Malware Analyst's Cookbook. It is a pretty decent beginner level resource.

From there, Practical Malware Analysis is excellent and goes a lot deeper.

For free resources I've heard good things about Dr. Fu's Malware Analysis Tutorials.

You will need to have a strong understanding of reverse engineering. I like Practical Reverse Engineering or Reverse Engineering for Beginners. The latter is free.

With RE comes assembly. I learned from the free book PC Assembly Language. The RE books should have some info on assembly as well.

You should also know the systems programming API and OS internals for whatever OS you're interested in. This is most likely Windows, so I recommend Windows System Programming and Windows Internals. You can find similar books for Linux and macOS too. Having a good understanding of C and C++ is helpful for this. Also get comfortable using your assembly level debugger on your OS of choice. WinDBG, x64dbg, and OllyDBG are all good on Windows. GDB is pretty much the default on Linux, and LLDB on macOS.

I also highly recommend some scripting language, whether it's Python, Ruby, Powershell or whatever for hacking up your own tools.

Lastly, there is a list on GitHub with a ton of helpful links.

I think that's enough for now.

As far as demand it's hard to say and probably depends a lot on where you're from. It's certainly not like the demand for webdevs but there's also not nearly as many people with the skillset. I'm not a malware analyst myself, I'm more focused on security research and embedded development.

I know those skills are especially high in demand around the Washington, DC area with defense contractors and government agencies. Especially if you can get a security clearance. Most other security firms I know of are always looking for good people with strong reversing and OS internals knowledge.

Let me know if you have any questions and I will try to answer.

u/indigochill · 2 pointsr/HowToHack

Analyzing malware takes some learning, but fortunately there are books on this exact topic. For instance:

Cybrary also has a course on it:

u/emtuls · 2 pointsr/ReverseEngineering

Sure thing! I don't do a whole lot of Malware RE, but where I started was with the book:

u/specter800 · 2 pointsr/IAmA

Sec+ and a drive to grow and learn are pretty good. Network Security degrees are still in their infancy and I haven't interviewed anyone who has one that can differentiate themselves from people with certs. SANS certs like GCIH are nice but they're expensive as hell and probably not within the means of someone who can't leverage corporate education funding. Depending on what you want to do people can point you in the right direction. For example, if malware analysis/reverse-engineering are your thing, Practical Malware Analysis will give you a lot of knowledge that will help you. It's pretty overwhelming at first but just having touched on the concepts in the book will make you a more attractive hire.

u/PunkPen · 2 pointsr/CompTIA

Not a course, but a book. Practical Malware Analysis I have not read this book, yet, but it seems to be highly recommended in the field.

u/kimchi_station · 2 pointsr/netsecstudents

If you are looking for books, there are:

The Basics of Web Hacking by Mike Shema

Hacking Webapps by Mike Shema

and The Tangled Web by Michal Zalewski

Check around Udemy, edx, and all those other sites that offer free online courses. Also I know lots of schools, MIT included, put their full courses (lectures, assignments, syllabus, etc) online for anyone to access. Search around and work through the books. Find a good online community to go to if you ever have questions or need advice.

u/TacticalTurkeyBacon · 2 pointsr/security

Good news is that you've got the educational creds to have a solid foundation for a future career. Now it's time to build the background or at least skillset to prove that you're dedicated to the field. An internship is helpful but you're going to need a lot more than helpdesk. I'd focus on finding a small consulting firm or getting in with IT at a company but treading carefully to not take on a title that states 'help desk.'

Showing that you have raw talent is the most important. Demonstrating skills such as learning python or spinning up your own secure server in Softlayer, AWS, or another provider is a massive resume booster and it shows you mean business. I'm not saying that you should sink a bunch of cash, but figure out a small server that you can use, secure, and play around with it over a period of a few months. There's a wealth of information you can pull from just 'doing' without having direct work experience.

Help desk can be a trap, so avoid that and go the networking route or sys-admin path by learning Unix. Help desk seldom leads to better roles in that it's catered to keep you trapped in tier 1 - 2 IT hell. Take it from me as someone who learned quickly that it's a dead end if you want to progress your career.

Hope this comment helps. In an attempt to help you find some good resources I'll post a few below.

Start to Python

Secure AWS:

Helped me get my CCNA:
Read up on GNS3 LAB, it's not supported by Cisco so I wont officially endorse, however you can Google and learn about this on your own. - study before your test.

KB for general security. There's a lot out there but this is an easy start.

For learning application security, you'll need to know burp. I'd take a look at this link, and then see if you like what you're reading, do the right thing and go buy this from Amazon if you continue down this path.

If you learn BURP or Python, you should own this book:

u/DCoder1337 · 2 pointsr/webdev

After going through the OWASP materials already mentioned, read through Michal Zalewski's The Tangled Web.

u/konukoii · 2 pointsr/digitalnomad

Learn how to learn fast. Be curious.
I really like the No Starch Press books for when you are starting out. They have all sorts of books for hacking websites, android, cars, etc.
If you want a good simple intro to hacking (to get a feel for it) I would recommend: Penetration Testing: A Hands-On Introduction to Hacking

u/GimmeThaShekels · 2 pointsr/oscp

For your specific situation I would highly recommend purchasing Georgia Weidman's book and working through it with a new kali.
You will learn an inordinate amount simply from fixing the broken packages and commands. Aside from this the exercises are very similar to the lab material.


u/Cerkoryn · 2 pointsr/cscareerquestions

Your most important starting step is to make sure that you have the foundational knowledge, at least at a conceptual level. I'm a big fan of books, so I would recommend a few to you.

Pick ONE of these. Exam is not necessary, but recommended:
Mike Meyers CompTIA Network+ All-in-One Exam Guide
Todd Lammle's CCENT Study Guide - ICND1

Pick ONE of these. Pay attention to business terminology as well. Again, exam is not necessary, but recommended:
Mike Meyers CompTIA Security+ Certification - SY0-501
CompTIA Security+ All-in-One Exam Guide
Darril Gibson SSCP All-in-One Exam Guide

100% read this. It's the Bible of Python scripting. Second edition is brand spanking new too:
Automate the Boring Stuff with Python

This is a good all-around Penetration Testing book that teaches Linux too. You don't *have* to use Kali, Ubuntu is probably less intimidating to those new to Linux, but you will have to install your own software/packages. This is the only book on this list I haven't read, but I often see it recommended:
Penetration Testing: A Hands-on Introduction to Hacking

While you read these books, you should install some kind of Linux distro on a home computer and use it for practice. I would also recommend doing HackTheBox(first challenge is to hack the login page) and starting with the easy boxes. Do as much as you can on your own first, but if you get stuck, watch IppSec's YouTube walk-through for the box you are on. Might be a bit overwhelming until you get through most of the books on that list though.

You should also start looking towards either the eJPT/eCPPT, the OSCP, or GPEN at this point, as those are the best value certifications in this field and will hold a lot of weight at an interview. There's some stigma with certifications in IT/CS, but the ones I listed are all baseline knowledge and/or high value for those in this field. At the very least the knowledge will go far. But definitely avoid anything from EC-Council like the plague.

u/zkilling · 2 pointsr/blackhat

I really enjoyed Python Crash Coarse and Black hat Python for learning scripting

Also any ting from No Starch Press. They have some great books.

u/pbrand · 2 pointsr/Unity2D

Unity in Action by Joseph Hocking is a solid book for programmers who wish to learn unity. The /r/gamedev thread is here:

Unity has excellent official documentation from my experience, especially compared to Unreal.

u/seigneur101 · 2 pointsr/gamedev

Oh yes they are. The last one I had (the one that passed in April) was by far the best cat I've had.

I looked at all the engines available, and I decided I would use Unity. I used to do Java, but never did any C#, but when I started I'd read some C# scripts and they were basically the same as in Java, so I figured I could learn it.

I read one for Unity, and one for C#.

Here are the links to the books I've read (they're from because I'm a frog/canuck):

I've also changed jobs in October, a job in which I'll do programming. So I've read other books in the past few months pertaining to development in general, not just games. (Long story short: I've studied actuarial sciences, always have had a keen interest in IT, and I got hired at a consulting firm where they hire actuaries to do some of their IT development).

I tried to learn Gimp and Blender, but I can't seem to transform into an artist overnight lol :P

u/ApathyCorps · 2 pointsr/Android
u/Waitwhatwtf · 2 pointsr/programming

For iOS devices, you're going to want to start here, this will get you familiarized with the NeXtStep family of jive turkeys, followed up with a more formal introduction to Objective-C. I'll be honest, having some working knowledge of C will never hurt you, so after you're done with that, take a peek at K&R.

If you're aiming for Android, you have a bit of a different education outlook, I'd recommend brushing up with Head First Java. When I started poking around with Android, I read Hello, Android most of it should be still pretty relevant. I'm not entirely sure if it has been updated as of late, I outgrew it rather quickly, and if you do too; pretty much anything and everything by Mark Murphy is relevant. Best of luck!

u/americio · 2 pointsr/Android
u/cottonmouthbob · 1 pointr/linuxadmin

Systems Performance - Brendan Gregg

Knowledge of how Apache works, of how MySQL works, of what dhcp does on the wire: all this is good knowledge. But a more fundamental skill is troubleshooting. Troubleshooting is having an idea how something is supposed to work, tracing where it’s misbehaving and then fixing it. I suggest, for any admin, reinforce your ability to troubleshoot.

Performance tuning isn’t always necessary. On an over-provisioned system, you don’t care; just let it run and do its job. But where the study of performance tuning comes in handy is that it’s the systematic troubleshooting of systems. We measured something. Is this what we expect; why or why not? Are we really measuring what we think we’re measuring; how do we validate? What’s the system doing on the inside; how do we find out? What’s impeding this system from operating faster/better; why?

I advocate systems performance, because I think it reinforces troubleshooting. I advocate troubleshooting, because it’s the top-down, fix-my-need now, universal and adaptable approach. In this world of on-the-job training and with new technologies every six months, it’s how to approach new systems and new problems without having to start on page one of the manual every time.

u/timlepes · 1 pointr/linuxadmin

I few years ago my youngest brother got his first IT job, and he fell right into an admin role. He too is very sharp. I bought him the following books as a gift to get him started...

The Practice of System and Network Administration, SecondEdition - a few years old but has lots of fundamentals in there, still well worth reading. Hoping for a third edition someday.

Tom Limoncelli's Time Management for System Administrators

I see others have recommended this great book, and I wholehartedly agree: UNIX and Linux System Adminstration, 4th Edition. I was sad when Evi's ship was lost at sea last year. :-( You could tell she loved sailing old wooden ships... just look at the cover. A great loss; she did so much for our community.

Additionally, I will second or third anyone recommending works by Brendan Gregg. I got the Kindle version of Brendan's Systems Performance: Enterprise and the Cloud. I really like this book. It was written to be a good foundational book for the next several years. I am planning to get a hard copy version too. While you're at it, check out these links...

Brendan Gregg:

Tom Limoncelli:

Introduce him not only to books, but online resources and communities like /r/linuxadmin :-)


u/sammew · 1 pointr/computerforensics

> Understanding the types of attacks is a great start.

408 is pretty basic forensics. It is more bad leaver / criminal with a physical device forensics than IR. I would say if you have to read one book, it would be . It will give you a nice foundation for what will be talked about.

u/Goovscoov · 1 pointr/computerforensics

Do you have the image file itself?
If yes, open it in a tool like Active @ disk-editor.( This tool highlights disk information in colours and gives verbose information for you to easily understand what parts on the disk/image you're looking at. Great way to start off and learn things about filesystems. Also I highly recommend the File System Forensics book by Brian Carrier. (

u/blizz017 · 1 pointr/netsecstudents

You're going to have a real rough go at it;

That said; 508 is largely derived from the following two sources:

Brian Carrier's File System Forensics (This book is actually given out in the course)


The Art of Memory Forensics by MHL, Andrew Case, Jamie Levy, and AAron Walters

That'll get you ~75% the way there. But it's a lot of material to cover and retain without a reference source. I don't know if SANS has an official policy on what specifically you can take in with you during the test outside of your personal notes and their material.

Outside of those two books; get very familiar with The Sleuth Kit and timelining.

Honestly; this would be advice for someone taking the course just as much as it would be for someone not taking the course.

u/wataf · 1 pointr/csharp

Yep, I've googled class naming patterns more than a couple of times. I found this stackoverflow answer, looks like handler might work well in this case.

If you want to go overboard and waste a little corporate money, you could always get your manager to order this for you.

u/RagtimeWilly · 1 pointr/csharp

I'd recommend taking a look at Framework Design Guidelines: Conventions, Idioms, and Patterns for Reusable .NET Libraries.

It's a pretty easy read and gives very comprehensive guidelines for designing libraries.

u/rapid_business · 1 pointr/AskReddit

Yup. Take a look at Nicolas Carr's book, 'The Shallows'. It speaks to this exact problem, and what it is doing to a generation that can only digest bite size bits of information.

u/Axana · 1 pointr/Foodforthought

There's an entire book about this.

Interesting read, too.

u/synthetase · 1 pointr/AskReddit

Ahem. Everyone is starting to have this problem. Read this. It's scary and enlightening.

This is the article that made me read the book.

u/Fading_Hope · 1 pointr/politics

>'It is probably down to the texting culture. The use of textonyms and so on. But it is also to do with the way young people read on screen. The digital age cuts back reading and, as a consequence, young people are losing the ability to think seriously. They get distracted more easily, breaking off to check an email. Speed-reading is exactly the wrong thing to do. You have to think about what you are reading.’ He gives me his sideways look. ‘You have to ponder.’

Basically the topic of Carr's new book The Shallows. Unfortunately I notice this behavior all the time now. Even reading this article once or twice my mind was wandering toward other tabs on my browser :P

u/subtextual · 1 pointr/IAmA

Good lord, if I could solve that problem, I'd be a billionaire, don't you think? :)

Sadly, while I have a pretty good idea why it is happening from a functional neuroanatomical perspective, I'm afraid that doesn't do me a lot of good... here I am at work on a Sunday, trying to catch up on some reports I am way behind on, and yet instead, I am once again on reddit!

Ah, the inescapable pull of the dopamine reinforcement provided by reddit's perfectly bited-sized, just-enough-information-to-make-my-brain happy links (and the orangered envelop, of course).

And on a related note, have you checked out Nick Carr's The Shallows?

u/Targren · 1 pointr/homelab

No offense, but if you're that unfamiliar with basics like DNS records, please don't try to run your own mailserver.

I'm not picking on you, honest. It's not a task for the green or the faint of heart, and the best case scenario is you end up in blocklists from now until doomsday before too much damage gets done.

I really can't recommend the ORA animal books strongly enough (I just ordered 2 more while getting these links.) The Cricket has all you need to know about DNS, even if you're not using BIND and Safe, though a few years old, is still an excellent resource, just not, perhaps, an exhaustive one.

u/stan_qaz · 1 pointr/pihole

If you want to run Bind to learn it I'd install it on another computer and point your pi-hole to it. That way if you break Bind you can tweak the pi-hole and get your DNS back working.

I run a pair of pi-holes pointed to a copy of Unbound on a different server that is then pointed at OpenDNS. I could use the Unbound as a resolver rather than a forwarder but I like some of the OpenDNS features.

Playing with Unbound a bit before jumping into Bind is a good idea, for Bind I'd suggest this 600 page book:

A 500 count bottle of aspirin and some ice for your forehead after you start banging it on your desk.

u/81300 · 1 pointr/networking

DNS can be confusing, I'd recommend 'DNS and BIND' by Cricket Liu for some light reading on DNS structure, records, and best practice implementation... I found it to be incredibly informative

u/admlshake · 1 pointr/PowerShell

Learn Powershell in a month of lunches
and DNS and BIND are two I always recommend to people looking to learn about the windows side of things.

u/IAmGalen · 1 pointr/sysadmin

> DNS is simple

On the surface, mayhaps. Dig a little bit deeper-- DNS and BIND - 642 pages

...and deeper-- Internet Systems Consortium DNS RFC - a collection of all 185 ISC recognized DNS related RFCs

u/microseconds · 1 pointr/networking

Cricket Liu's book is pretty much the definitive resource on DNS. It has been for years.

u/yooman · 1 pointr/AskComputerScience

Specific questions will be more helpful, but some general good places to start for javascript:

A Javascript Primer for Meteor -

This is my favorite introductory document on Javascript as a language, even though it's geared toward building apps with the Meteor framework it applies mostly to the language itself and is a good read even if you don't plan to use Meteor.

Javascript: The Good Parts by Douglas Crockford -

Very good and to-the-point book by one of the best JS experts out there.

u/dkbot · 1 pointr/webdev

I found that this book was great for improving my knowledge of JavaScript to really jump to the next level in my JS expertise:

I found that after a few years my JS knowledge was still quite limited and it took me reading this book to really understand how little I knew.

It's very easy to fall into the jQuery trap as you have highlighted as well. I use jQuery in my workplace as I have no choice, but I find using things like OOP as well can really help when you start building larger scale applications.

My main advice would be to improve your knowledge on core JS and CSS and avoid being sucked into libraries / frameworks / toolsets, they will come and go whereas JS / CSS will always be around. Many developers burn through time just learning things like bower, webpack, sass, jasmine, react, react-flux etc etc. I tend to stay away from trends and learn only what's popular on the job market. I always find that if you understand JS / CSS, you often can pickup any other framework built on top of it. I also burned a lot of time learning Angular 1.x which I never ended up using (except for side projects), with Angular 2.0 coming out it made me realise I need to be very careful when investing time into something which might not exist a year from now, or at least not have a demand on the job market for.

u/rjcarr · 1 pointr/learnprogramming

I'd just teach from the book JavaScript: The Good Parts. It's a bit old but is still pretty good. I don't like some of the things about it but you could just take out the parts you don't like.

Here's a direct link to the book:

u/mobcat40 · 1 pointr/PHP

Sure, though I've also read people in your position are better at building apps with JS if they're new to it because things like PHP are completely different in how you start growing an app (classical vs prototypal inheritance) not to mention that if you also do PHP instead of just straight JS you're getting used to and learning 2 languages that are completely different in how you code. In either case you're right you have to learn JS anyway, here are the best resources after codeacademy basics stuff:

JavaScript: The Definitive Guide: Activate Your Web Pages (Definitive Guides):

JavaScript: The Good Parts:

Programming JavaScript Applications: Robust Web Architecture with Node, HTML5, and Modern JS Libraries:

A cool talk from last year of the Fluent conference (and the author of that last book) explaining how different something like PHP and JavaScript are and why JS doesn't deserve the bad rap it used to get (He's a pretty cool guy from Adobe and I got to talk to him last week about all of these things we're talking about right now and where web development is heading, and why JS as a single language for the web can work even better):

This was a really cool overview on JS today, and you get to see Unreal Tournament and the Unreal 4 engine run in a web browser:

u/g1i1ch · 1 pointr/explainlikeimfive

I'm going to go against the grain here with my recommendation. I'm a guy who was in a similar position years ago. I've since transitioned from web development to game programming and have working knowledge of 7+ languages.

Dude, don't sweat these feelings you're having. You're just at a wall. We all reach different kinds of walls in this career and they're really the best thing ever. It means you're about to jump ahead in skill by at least 10x. You just got to find the trigger for it. Be patient and try different things. Go check out Udacity and do some courses on there. Also this is the time to start reading books. Not just any cheap book you find. Good books that will give you the perspective of an industry professional. Books like JavaScript: The Good Parts, Code Complete, The Pragmatic Programmer, or The Little Schemer. Also it doesn't matter what language the books are in to enjoy it. 98% of all programming languages are the same anyways, which you'll soon learn. For the most part, they just have moderately different ways and syntax to do the same thing.

I would recommend not switching platforms from the web. One of the most important skills guys like us can have is seeing where technology is heading and betting on the right horse. It's very clear that webapps are going to be even more important in the future. You can already make desktop apps with web technology naively in pretty much all major OSs now.

I say learn JavaScript front and back. Read JavaScript: The Good Parts and JavaScript: The Definitive Guide cover to cover. Once you learn JavaScript it'll be very easy to transition to any C-based language, which is most of them. In fact I credit JavasScript for giving me the basics to jump to just about any language comfortably and pick it up in a few weeks.

After that, learn a good server side language like Java, Python, or C#. (C# is in very high demand, and has many applications) Or learn all three and you'll be very well positioned career wise. Well, make sure to get some experience with SQL too for good measure.

Also if you want to have a good challenge instead of being bored on those easy things, like drawing shapes, why don't you try Udacity's fine WebGL course? Jumping in the deep end isn't bad as long as you don't expect it to be easy.

u/Gacnt · 1 pointr/javascript

Javascript: The Good Parts

Javascript: The Definitive Guide

I use the Definitive guide as a reference book, but if you have the patience and want to learn, definitely a good read.

u/namklabs · 1 pointr/Web_Development

The jQuery documentation is very, very helpful. Every piece of jQuery has example code and a user comment section to provide extra insight. Don't be afraid to check it out, even if you are an absolute beginner. I actually "learned" how to use jQuery before I learned how plain JavaScript works, so it makes for a good introduction to the language because of how easy it is to use. If you learn by doing, then it's a great place to start.

However, you must have a full understanding of JavaScript to get the most out of jQuery in the long run, so you should definitely look into learning JavaScript without jQuery when you are comfortable enough to do so.

I would recommend the text I used in college for learning JavaScript, but I've since learned that it has a 2-star rating on and it is still very expensive. It did a good job of teaching a practical application of JavaScript for beginners, but it has a lot of typos that may trip you up if you do the practice examples, and for the price it really should be perfect. If you can find it for cheap, pick it up.

A cheaper alternative that I have not read is JavaScript Step by Step by Steve Suehring. Much cheaper than a college text and highly recommended. An introduction to getting a grasp on JavaScript is most definitely worth more than the 25 bucks you'll spend.

When you start to feel like you could do some damage (in a good way) with JavaScript, you should definitely check out JavaScript: The Good Parts. It will shed a whole new light on JavaScript and help you realize both how powerful and strange the language is. I don't know if your job duties or passion for programming would lead you this deep into JavaScript, but if your goal is enhancing your career, JavaScript is most definitely the next step in the world of web.

When people ask me what JavaScript is to a web developer, I tell them this: HTML makes up the bones of a website. CSS is the skin. JavaScript is the muscles that makes your website live and breathe. Learning it is essential!

Best of luck!

u/kson34 · 1 pointr/PHP

For PHP I would definately recommend PHP 5 Objects, Patterns and Practice. Pro PHP Refactoring is also pretty good. And the latest book on PHP Security is good too.

For javascript I would start with the Good Parts, go to Javascript Enlightenment and read what is available in EAP for Secrets of the Javascript Ninjas because although the book may never actually be finished what is there is worth 30 average javascript books.

u/spencercooley · 1 pointr/javascript

I am self taught and I have to say that the best way to learn is to have a very clear idea of a simple project that you can realistically complete. I learned javascript with "JavaScript: the good parts", and I built a page with a deck of cards that shuffled when you press a button. I still have it on github

Both books you mentioned are probably good, but the real learning happens when you are trying to accomplish a specific goal and get stuck on something.

"Javascript the Good Parts" is definitely good, very light and to the point.

u/molebert99 · 1 pointr/Frontend

Learn pure JavaScript. It will not only help when learning new frameworks but will also help you to realise that frameworks are not always necessary and by understanding them better, will not rely on them as a crutch.

From my perspective, these two books helped me "level up" from jQuery to full-blown JS developer:

I am also a member of Udemy, which has a great selection of courses to work through.

Once you understand JavaScript without frameworks, just pick up a framework and start playing with it. Do the tutorials or pick your own goal/application to build with it. I find I learn more than doing something rather than simply reading about it.

u/eddyvanhelgen · 1 pointr/javascript

Books that helped me to get the hang of JS

John Resig's Secrets of the JavaScript Ninja and Douglas Crockford's JavaScript: The Good Parts are pretty much the only ones worth reading in my opinion.


The best thing would be to build something you want to use yourself. Maybe you try cordova and build a small app with the browser platform so that you can create a simple App that you can bring to your Smartphone.

More advise

Read a lot of code: TODO MVC is a good place to start, people try to write good code for this one because they want you to use their framework :-). The problem with the source code of many projects is that the JS ecosystem is in a constant flux and ES6 modules are skyrocketing right now. You may want to check out the jQuery source code - you can pretty much watch the evolution by looking at older versions of the source code and how it evolved.

If you feel really adventurous the NodeJS source code is a fun read - although it's a very big project that also got some C/C++ code sprinkled in - but that shouldn't be a problem for you :-).

I would advise you not to bother reading the Angular1 code for the time being, Angular2 maybe interesting but its written in Microsoft's TypeScript - which is a nice language on top of JS that is worth learning about.

u/ard0 · 1 pointr/webdev
u/zokker13 · 1 pointr/node

I don't think there are any good books out there that are bound to node. There seem to be a few JS books worth noting but the only one I ever read was Javascript: The good Parts. It's a fine read but pure JS.

If you want to dig into nodejs just search for talk on youtube and begin to lurk in this sub. Sometimes you find great talks/reads that you'll adapt rather quickly.

The problem is that any book written will be outdated extremely fast.

u/justhamade · 1 pointr/learnprogramming

>But since JS is more optimized for client side execution and just being more popular for this...

Javascript is the ONLY language the is natively supported in all browsers. If you want to use an other language in the browser you will need to transpile it into javascript. Even if you did you a transpile like PyJS you would still need to understand how browsers work, the DOM and Browser Events.

Javascript, unfortunately, is a growing language, and is not the most popular language based on the stack overflow surveys.

One of the reasons that I think it has become so popular is that you can very quickly make something very powerful. The downside to JS IMO is that the language and community are still quite immature and it is evolving very fast.

One of the highest regarded JS book

So to answer your question, if you want to do web development knowing some javascript is a requirement, and you should learn it.

u/N8Programs · 1 pointr/learnjavascript

Things have changed a lot! A good summary would be:

Front-End Frameworks: Robust libraries that make developing good-looking UIs easier and make your code more scalable. (ex: Vue, React)

No More Frames: Only the <iframe> tag remains. The use of frames is discouraged, and CSS flexbox (a responsive style that makes your site work for desktop and mobile if used correctly) is used.

Fancy New Paradigms: It is no longer encouraged to program javascript in traditional OOP styles with classes + inheritance. Instead, a paradigm called Functional Programming is encouraged. Functional Programming drifts away from classes and inheritance, and towards functions, and specifically, higher order functions. In addition, creating mutable variables in excess has fallen out of favor.

So, while a lot has changed, if you know Java 8, are familiar with Lambda Expressions + Closure, and ready to devote some time to JavaScript and the frontend, you'll be making near-professional to professional looking websites in around 6 months (at least, that is my experience). And even if you aren't, JavaScript isn't hard to learn. I would recommend the following books + websites:

MDN - Good JavaScript Resource + Tons of documentation.

Javascript: The Good Parts - (Bit outdated)

How Javascript Works - (Recent)

Javascript: The Definitive Guide - (Bit outdated)

u/jlpoole · 1 pointr/programming

Crockford, Douglas, JavaScript: The Good Parts

u/achen2345 · 1 pointr/javascript

Personally, I find I learn best from books but only for two narrow facets: theory and reference.

The books everybody recommends are:

  • Eloquent JavaScript -
  • JavaScript: The Good Parts -

    That first one can be read online.

    Once you get past the how do I write code basic literacy stuff and really want to step up into architecture you might want to get a little bit of Lisp and Scheme. The fundamental concept to learn in this language is scope. In my experience computer science grads tend to learn things like C++ and Java or C# and work really hard to get really good at OOP. Those techniques of inheritance aren't quite so helpful in this language if you never learn this language's scope model. If you fall in love with the scope model you might find you don't need the OOP/inheritance stuff.

    When you are ready to interact with the web here is a quick guide I wrote to teach DOM access: Could you let me know where this guide fails you so that I can improve it for other people?
u/Rounddacorner · 1 pointr/webdev

Have you tried any books? Or are you more of a visual learner. I read this book and really helped me understand js patterns better. I first learned programmer in php, and now doing some javascript ( node.js ) with the express framework.

u/jdauriemma · 1 pointr/learnjavascript
  1. Depending on the app you're building, certain libraries and frameworks will help you keep your code cleaner and your business logic more apparent.

  2. Useful and good are not the same. PHP is not good, but useful. jQuery is good and useful, and is a dependency of many libraries and frameworks. A foundational knowledge of jQuery is a must for web developers, IMO.

  3. You're talking a lot about what you're reading, but what are you writing? I'd say keep the books you have, learn git, start making projects that interest you, and put them on github. That said, this: is a good book once you have an understanding of JS basics.

  4. Talk to developers. There's a lot of BS out there on blogs and social media from self-promoters and content aggregators. Go to meetups in your area and learn from the people doing what you want to do.
u/w4nderlusty · 1 pointr/TrollXChromosomes

Some more learning tools:

  • Tuts+ has a number of great coding video tutorials, many of them free. Definitely worth a look.

  • If you like the code-as-you-go kind, check out Code School. It's $30us a month but the courses are more in depth than codecademy.

  • Book wise, Eloquent JavaScript is a good place to start (and its a free download!).

  • Id also recommend JavaScript Enlightenment for advanced beginners, and JavaScript the Good Parts for those with a bit more experience.

  • Another good beginner book is JavaScript & jQuery by Jon Duckett, it's got a great design and is much more illustrative than traditional books.

    edited to add links; formatting
u/SharkyMarksworth · 1 pointr/web_design

I can code HTML5 and CSS3 pretty well, honestly it's really easy for me now. - Once you get the hang of them look at a couple of frameworks - I have used Bootstrap and Skeleton and putting them on a resume is an easy +1.

The biggest thing that has helped with Javascript for me is game development, it's really fun and you have to have a decent understanding of javascript to make a playable game, it also gives you an opportunity to work on a bigger project. (thousands of lines of code) So you can get a better idea of how the overall layout mechanics of Javascript work. - So I would recommend making some simple games using just HTML5 canvas and vanilla Javascript with no libraries.

Books I would Recommend --




    Youtube Channels

  4. learn.codeAcademy - for Jquery, Modern tools professionals use
  5. PHPacademy - for PHP, and some other stuff
  6. DevTips
  7. Jesse Warden - ( this guy has a GREAT javascript series, I would start with that for Javascript)

u/Ob101010 · 1 pointr/learnjavascript

And if you look at the comments attached to that same thread youd see :

> "Good coding practice" should never be sufficient reason in itself. It amounts to "some guys on the internet said this is how my code should look".

And if you bothered to actually read Crockfords notes on this matter :

> All variables should be declared before used. JavaScript does not require this, but doing so makes the program easier to read and makes it easier to detect undeclared variables that may become implied globals. Implied global variables should never be used. Use of global variables should be minimized.

> The var statement should be the first statement in the function body.

> It is preferred that each variable be given its own line and comment. They should be listed in alphabetical order if possible.

Source :

Youll see that he never says 'always using var is good coding practice'. He says to declare them before use (and I suggest giving them a value too), but nothing about requiring var or var being part of good practices. And why is this? Because traversing up the scope chain (or not) is a feature of the language, and not a bad one if you bother to watch his video or read his book.

Crockfords video (should be required watching for all javascript devs) His video :

And his book, Javascript the good parts

u/Danielbaniel · 1 pointr/IWantToLearn

Best way to do it is to learn by doing. Bury yourself in a personal project and use Google as your best friend. I'm unsure of what type of code you are looking to write but if you are leaning towards Front End development and would rather read a book first, Javascript: The Good Parts was a good read.

u/mmmmm_pancakes · 1 pointr/ProgrammerHumor

You should be careful about ragging on JS - while it's sometimes fun, the loudest JS-haters are universally just ignorant or unskilled devs. Which, of course, are very common in webdev...

I'd recommend Crockford's Javascript: The Good Parts if you'd be interested in a more positive perspective.

u/ryosen · 1 pointr/jquery

Depends on what you want to do with jQuery. If you are simply interested in the toolkit as an extension of JavaScript, the JQuery Cookbook or jQuery in Action are both fine. If you want to know the finer aspects of jQueryUI and how to customize it, then you'll want a book that focuses on that. If, however, you are interested in writing plugins, then I would suggest adding JavaScript: The Good Parts to the list.

u/honestlytrying · 1 pointr/golang

Yeah and it's probably not fair of me to dismiss JS before reading about The Good Parts. That said I just looked at TypeScript again. Looks interesting and has some IDE support. I'll keep it in mind next time JS makes me want to drink a Gin & Clorox just to make the hurting stop.

u/jbacon · 1 pointr/webdev

Well, you could obviously pay someone to create it for you. If Wordpress or other off the shelf CMS software doesn't cut it, then you're likely rolling your own solution.

I would recommend learning. Here's how to do it:

  • Get a good development environment. I love Webstorm for general web work - great code completion, and makes a lot of things easy. For Rails, I would recommend RubyMine. Those guys at JetBrains make some really kickass software, let me tell you.

  • Learn the basics of web development, and the roles of each technology involved. Use HTML to create templates for your pages, use your server-side backend to accept and provide content, use CSS to make it pretty, and JavaScript to make it dynamic.

  • Understand the difference between and limitations of client-side and server-side code, and use each appropriately.

  • Learn the tools. Pick a real technology stack and learn it, whether that be Ruby on Rails, LAMP, whatever you like. Doesn't matter - this is all about learning. Using jQuery will make your JavaScript life much easier, and try out SASS if you're feeling frisky.

  • Don't expect a good-looking, reliable site on your first try - it's going to take a lot of effort.

    GET BOOKS. Books are the best programming resources around, believe it or not:

  • The Pragmatic Programmer - The de facto programming best practices guide.
  • Javascript, the Good Parts - How to JavaScript, by JS guru Douglas Crockford. Not really a beginner book, but a great reference once you get a handle on JS.
  • Ruby on Rails 3 - Learn Rails by Example - This looked like a really nice beginner level intro to general web development and Rails.
u/ScopeChain · 1 pointr/javascript

no problem, i strongly recommend that your read javascript the good parts by Douglas Crockford who is considered the god of javascript, it's a short read which will clear a lot of confusion and teach you what a powerful and nice language js is

u/piglet24 · 1 pointr/webdev

JavaScript: The Good Parts is one of if not the best JavaScript book money can buy. If you have a C background you should pick it up quickly - in the first couple pages it will help you set up a simple HTML page to help test some simple js on, and then get's into more serious stuff.

After that it really depends on what your objective is with web development. If you want to get into business, finance, etc. you should start looking into C#, Java, or maybe Ruby.

I know lots of people swear by SciPy which might appeal to the physics student in you.

u/CharityBot_ · 1 pointr/test

Help charities by using this Amazon link:

Link 1: Supports The AbleGamers Foundation

This comment was posted by CharityBot, a Reddit bot that helps raise money for charity. Learn how CharityBot works

u/SoBoredAtWork · 1 pointr/learnprogramming

If you're looking for best practices, check out "The Right Way" series of sites:

For a JS best practices book, check out Javascript: The Good Parts

For interactive online tutorials, Code Acadamy is pretty cool and there are others like it.

And here's an advanced guide to HTML & CSS to learn more in-depth best practices.

Tip: stay away from W3Schools! There's a lot of bad info on the site.

edit(s): I didn't grammar correctly.

u/sleepybychoice · 1 pointr/learnprogramming

Note: I haven't actually read either of these, but they do have good reviews on Amazon. :-)

u/nikoskatsos101 · 1 pointr/javascript

Start here , but don't forget to check

The first one will help you to get started and the second one will help you to build a strong base on what's happening and why.

u/pierotofy · 1 pointr/gis

To start, this line:

if radioanswer == qanswer{

Is not valid JS. You need to put parenthesis:

if (radioanswer == qanswer){

Then radioanswer should be assigned within the function block, not outside of it. Otherwise it will always have the same value.

Please, please do not try to improvise Javascript (even if you are not a developer by profession). You will fall into the many confusing pitfalls of the language. Find some time to read (at a minimum) and

It will save you countless hours of troubleshooting.

u/cuchoi · 1 pointr/web_design

Read "Javascript: The good part". Short and great book, all you need to know about JS.

u/PhishGreenLantern · 1 pointr/javascript

A quick google search will turn up a PDF of it. I'm almost certain that it's a legit, free copy, but I'm not positive. You can get a used, physical copy for $9:

u/brentonbrenton · 1 pointr/learnprogramming

> Javascript : The good parts.

This book is a great reference. Here's a link.

u/need_tts · 1 pointr/poker

start with this one

u/erasedeny · 1 pointr/WTF

Did you mean...

I'm not really sure what point you're trying to make. Their market research not only examines whether there's a large target audience, but also whether that audience is willing to spend money on this topic. Sure, neither of us spend our time or money on these games, but there are hundreds of millions of people who play obsessively and sink cash into the microtransaction model. They are, in fact, already spending money - what makes you think they wouldn't buy a book about their hobby as well?

u/KevinHock · 1 pointr/netsec

Senior Security Engineer

Hi, I'm Kevin Hock and I work on the DataDog security team.
We are looking for some talented security engineers to join our security team here in NYC.

How Do I Apply

Send me an email with your resume and GitHub at [email protected]

What you will do

  • Perform code and design reviews, contribute code that improves security throughout Datadog's products and infrastructure
  • Eliminate bug classes
  • Educate your fellow engineers about security in code and infrastructure
  • Monitor production applications for anomalous activity
  • Prioritize and track security issues across the company
  • Help improve our security policies and processes

    Who you should be

  • You have significant experience with network and application security
  • You can navigate the whole stack in pursuit of potential security issues

    Bonus points

  • You contribute to security projects
  • You're comfortable with python, go and javascript. (You won't find any PHP or Java here :D)
  • CTF experience (I recommend you play with OpenToAll if you don't have any)
  • Program analysis knowledge

    Sample interview questions

  • Flip to a page of WAHH, TAOSSA, CryptoPals, ask you about it.
  • How would you implement TCP using UDP sockets?
  • How do you safely store a password? (Hint: scrypt/bcrypt/pbkdf2)
  • How does Let'sEncrypt work?

    Hat tip to chrisrohlf at Square, also on this Q1 thread. Random other places you can apply in nyc: Blink Health, MongoDB, Spotify, Jane Street, 2 Sigma, Greenhouse.

    I personally applied because I love Python but I like the company a lot so far.
u/dougsec · 1 pointr/computerforensics

Since this is the subreddit for DFIR, that's what you're going to end up with as far as suggestions go. For pentesting stuff, checkout:

-Web Application Hacker's Handbook: (this has some labs, but just reading through the various weaknesses in WebApps will be a great start)

-The Hacker Playbook:

Red Team Field Manual:

Those two are good general pentesting books. You might also try /r/AskNetsec for other suggestions.

u/Makhann82 · 1 pointr/netsecstudents

Are you referring to this book;

I see in the description that it says it's not a big deal if you don't know programming. Do you find this to be true?

I've also had

Recommended to me. The description talks about html etc. do you need to know these languages before you dive into these book? Or is it more like they teach you just what you need to know about a specific language / vulnerability inside of a language/piece of code.


u/Roxxo9001 · 1 pointr/learnprogramming
u/checky · 1 pointr/HowToHack

The Web Application Hackers Handbook is your best bet.

*For your next book purchase

u/Packet-Fox · 1 pointr/HowToHack

I see this book recommended a good it:

For the price I think it is a decent resource.

For playing around you can also use - there are a few good challenges on there.

u/wolf2600 · 1 pointr/cscareerquestions
  1. CS would be the obvious choice, but you have to look at the courses required/electives offered for each major. You're going to want to have courses in assembly programming, networking, security, and web development at a minimum.

    2-5) What Lamat said.

    A good book to study from is The Web Application Hackers Handbook.

    Also, prepare for and take the US Cyber Challenge. You don't have to ace it, but if you do decently well (60-70%) you will likely receive an offer to attend a Cyber Camp this summer... this is a week-long series of seminars about all sorts of security topics, with a job fair at the end. It is probably the very best chance you have of getting into an entry-level technical (ie: malware analysis, memory forensics) type security job/internship.

    Typically, the challenge will require you to use WireShark to analyze a file of captured network packets. You will analyze the packets to determine whether an attack occurred (from & to IPs, time, what attack method was used.... this is where the handbook I mentioned above will prepare you).

    After you've done your analysis (and taken LOTS of notes), you take the test.... it's 24 multiple choice questions such as: What is the IP of the hacker who stole John Smith's bank password? What attack was used from on Mar 10? etc.

    When I did the analysis a couple years ago, I had a pad of paper and just went through the whole file writing down the packet number, timestamp, relevant IPs, relevant data (usernames), and what I thought was occurring. So when I took the test, when it asked those questions, I could check my notes to find the corresponding event.

    I think I got around a 70% in 20 minutes. Which didn't even put me on the top 100 scoreboard (those spots will be taken by people with 100% in 20 seconds scores). But I still was offered a spot at the cyber camp.
u/coffeeUp · 1 pointr/cscareerquestions

Depending on the company and organization you're a part of, the SDET role can sometimes be flexible enough to begin blending into DevOps (Infrastructure) or Tooling territory.

I'm an SDET myself and I imagine I'll eventually find my way to a DevOps/SWE/SDE/Infosec type role myself. But in the meantime, I enjoy what I do. A friend of mine was an SDET and was able to demonstrate his SDE-specific skills and land a full time SDE role with a Big 4 company. So definitely possible, just make sure you're strong on coding and algorithmic understanding / problem solving.

I do have some specific feedback to assist with your goals though:

> Some other interests of mine that I don't get to really work with are linux administration, front-end web development, data analyst/sql stuff, and information security.

Some of these can be incorporated into your work depending on your role:

  • Front-end web dev: Build out some internal tools to assist with different QA or Test specific tasks (or take existing test tools or scripts) and put them into a React or Angular app. Lets you build out something interesting while still being related to your role and work responsibilities.

  • Data Analyst/SQL stuff: Build out some dashboards or other reports to show QA or Test coverage, better aggregate test records over time (how often has this test passed or failed historically, etc). Will provide value to others and help with oversight/insight into test - best to work with potential stakeholders (Managers, Directors) who may be interested in this data after you have a basic proof of concept, see if they can support (or would like) this data.

  • Information security: Start reading up on some resources to support your testing of potentially vulnerable systems or web apps that you support (ie, read up on if you test web applications). Obviously this type of testing would be best carried out in a sandbox test environment, to give you better logs and if you discover something impactful it is contained to a test machine you can just rebuild if it breaks.

    Hope this helps and good luck!
u/tweaked540 · 1 pointr/promos

Hey Jaedekdee,

Yup, still checking these out. I'd recommend you read only the 2nd book (as it's more up-to-date) and if you are a web developer, an old but great book is "The Web Application Hacker's Handbook"

There are a ton of great resources out there, but it's all about which security niche area you want to go into. For example, malware reversing, forensics, pentesting, metasploit, mobile, low level (like shellcoders handbook), and etc. If you are looking for more general books on hacking, the Hacking Exposed series also has a good grasp on the basics. Let me know if that helps!

u/Jeseh · 1 pointr/suggestmeabook

Here are a couple to consider. My apologies if the formatting sucks. I'm on mobile.

The Web Application Hacker's Handbook 2nd Ed

The Tangled Web

u/standardoutput · 1 pointr/netsec

Yes, here's the book ( The key with web application security, the one main rule is, never trust anything the user sends you. That means, you can do a lot (almost everything) just manipulating HTTP requests, which usually requires only minimal HTML/CSS knowledge.

Without understanding some HTML/CSS/JS, you may have a hard time with getting XSS to pop, without knowing some XML, you might have trouble understanding things like XXE, and without understand SQL, you might have issues with SQLi. BUT, there are a lot of things you can start doing without that.

In general though, you can do a lot by just learning how to proxy requests with Burp and setting up a vulnerable web app. If you're trying to learn and gain fluency in HTML/CSS, you're going to be doing a lot of unnecessary work. It's good to understand how these work, but you'll pick up most of what you need as you research and learn about specific vulnerabilities.

u/JustinEngler · 1 pointr/AskNetsec

Great intro resource to web attacks and defenses. Start with their "top 10":

In-depth discussion of exactly how to carry out different types of attacks:

u/tacobellsupport · 1 pointr/AskNetsec

I would recommend reading:

and looking at CTF challenges focused on web over at

u/gaten · 1 pointr/netsec

I'd suggest "The Mobile Application Hacker's Handbook" (

Combine it with "The Web Application Hacker's Handbook" ( and you should have a pretty good handle on testing mobile security, including the backend stuff.

These are both from a "breakers" point of view, but they go into how to secure/prevent the various attacks they teach, so are a very good source for developers.

As some general tips and what to look for, especially concerning secure communications, look into certificate pinning, message signing, and don't store anything sensitive on the device without encryption (or on the server).

Source: I break mobile apps and websites for a living

u/2017_goal · 1 pointr/cscareerquestions

Hiya. Are there any books you would recommend to someone wanting to shore up their knowledge on security?

I'm intending to go through the below to get a grasp of the field:

u/Evexor · 1 pointr/hacking
this book is definitely what you're looking for, it talks about EVERYTHING in web security.

u/Eric1084 · 1 pointr/slavelabour

Edit: Closed\

Hello everyone! New quarter so looking for the following textbooks:

1) Head First JavaScript Programming ISBN 978-1449340131 < Must be 2014/2015(1st edition) or newer!

2) Head First jQuery ISBN 978-1449393212

If this post is still up then it indicates the offer is still open!

u/davidbuck0 · 1 pointr/webdev

Hi James!

One of the best books for a novice web developer/designer (and not just novice, for anyone who wants to get up to speed with the newest editions of HTML and CSS) in my opinion is the "Learning Web Design" by Jennifer Robbins. The 5th edition was published in May last year, so it's pretty recent. You won't be learning any outdated stuff from this book.

The book is quite big, with around 800 pages, but the author is really great. She explains everything you need to know and she explains it really good. Throughout the book you'll be building an example web site by doing a lot of exercises.

The book starts with an explanation of how Internet works in general. It doesn't go too deep into this topic, just enough for a beginner. You'll then learn HTML, and after that CSS. There are two chapters on JavaScript, but it covers only bare essentials. You'll need another book(s) for JavaScript, though. The one I would recommend is Head First JavaScript Programming, which somebody already recommended it, too.

The Head First HTML and CSS and HTML and CSS: Design and Build Websites (also already recommended by other users here) are also great, but they are a little bit old now, as they are from 2011. Not that you won't learn anything from them. You could read these two, and then the book by Jennifer Robbins, so you get better familiarity with HTML 5 and CSS 3.

u/sundried_tomatoes · 1 pointr/javascript

my friend vows by the head first series. I never liked it, but might be good for beginners.

u/Rogue_Philosophy · 1 pointr/learnprogramming

There are some good suggestions here, especially DonnyTheWalrus's reply.

However, regarding books I'd personally suggest the book "Head-First Javascript Programming"(make sure you get the latest the one that says "programming" in the title, as that is the more modern one.) or "A Smarter Way". In my opinion, these books are really good at taking a newbie into the intermediate level of Javascript by taking advantage of some of the best things we've learned about learning in general.

u/ohmyapplepi · 1 pointr/Frontend

Definitely agree, it's hard to get these concepts to stick unless you've used them. I've struggled with JavaScript in the past but I'm currently reading Head First JavaScript from O'Reilly and I find it's suuuper helpful because it explains everything clearly with good examples and also has you code along with it to help you really grasp the concepts.

u/youngrubin · 1 pointr/booksuggestions

I was in the same boat as you and read a number of books on the subject. Most of those book didn't have much proof and got redundant. It felt like the books were selling me on hypothetical scenarios about how blockchain could change the world instead of explaining how it is changing the world.

That all changed with "The Internet of Money: Talks by Andreas M. Antonopoulos". This book changed the way I look cryptocurrency. I definitely reccomend it.

If you're technically inclined and want to learn more about how crypto currencies work, "Mastering Bitcoin" is a good book too.

Both these books have open source versions that can be found on github:

Internet of money:

Mastering Bitcoin:

However if you would like the kindle/softcover version you'll need to purchase them.

The internet of money:

Mastering bitcoin:

u/video_descriptionbot · 1 pointr/ethinvestor

Title | Joe Rogan Experience #844 - Andreas Antonopoulos
Description | Andreas Antonopoulos is a bitcoin entrepreneur, he also serves on the advisory boards of several bitcoin startups and serves as the Chief Security Officer of Blockchain. Links to "The Internet of Money": Paperback - Kindle - Give-away (No purchase necessary) (5)Paperbacks -
Length | 2:18:47


^(I am a bot, this is an auto-generated reply | )^Info ^| ^Feedback ^| ^(Reply STOP to opt out permanently)

u/BitcoinAllBot · 1 pointr/BitcoinAll

Here is the post for archival purposes:

Author: SirSkylark


>Hey, just a teen who uses bitcoin daily and just really interested in the world of cryptocurrency. Anyways, so summer is already here and I thought why not use this time to read up and learn more about cryptocurrencies.

>So after some researching I've come across these 2 books which Im thinking about buying: The Internet of Money , Ethereum: Blockchains... . However, I was wondering if these books are readable and understandable for non-technical people like me (no coding knowledge) and if you do/don't recommended it.

>Also thinking about getting Mastering Bitcoin 2nd Edition and Mastering Ethereum later on when it comes out but I feel like those 2 books are really technical and I will not able to understand it. Any thoughts?

u/beowulfpt · 1 pointr/eupersonalfinance

Look into BTC, bonds are a joke at the moment.

u/Adamsd5 · 1 pointr/Bitcoin

The Internet of Money: A collection of talks by Andreas M. Antonopoulos

Also good.

u/DropaLog · 1 pointr/Bitcoin

> You're suggesting that to reach people who don't know about Bitcoin he should sell on a platform that requires they already know about Bitcoin. All rightyo.

What makes you think that? Hopefully nothing I've written? Please quote, so that I may correct. Actually fuckit, I'll explain it again:

He's advertising it here, on this Bitcoin sub, to us bitcoiners, with a promoted post pictured at the top of this thread. If you're using some perverted Opera thing that doesn't show pictures, open the thread in a browser like the kind grownups use. Clicking on the post leads you, the Bitcoin-savvy, not to OpenBazaar, a decentralized marketplace where the book may be purchased with bitcoins, but straight to Amazon, here, where the book is offered not for BTC, but only for filthy fiat.

Is this any clearer?

u/Kain_niaK · 1 pointr/talkcrypto

Have you actually read the internet of money? If you had you would now that all these thinks that AA is speaking about only become possible when Bitcoin becomes money. Otherwise the system won't grow enough to become stable and remain stable.

u/dmar198 · 1 pointr/Bitcoin

You can buy it with bitcoins from

And yes, they still use Amazon to fulfill the purchase. (But you do get a discount for paying with bitcoins!)

u/notyourdadsdad · 1 pointr/politics

but its funnier when you don't

u/Yerginsnurf · 1 pointr/funny
u/Jumbo_Janxbot · 1 pointr/funny
u/NathanDahlin · 1 pointr/todayilearned

To quote David Thorne, "the internet is a playground."

u/szor · 1 pointr/Random_Acts_Of_Amazon

Labor Day

I love this passage from Anna Karenina:

>"Now, I beg of you not to confuse matters! It is of no consequence what I have written; but it is a fact that I love a cuttlefish."
"That need not prevent your loving a wife."
"No; but my wife would object to my loving the cuttlefish."

u/xnoise · 1 pointr/PHP

There are a ton of books, but i guess the main question is: what are you interested in? Concepts or examples? Because many strong conceptual books are using examples from java, c++ and other languages, very few of them use php as example. If you have the ability to comprehend other languages, then: definetly a must read. Beware not to memorize it, it is more like a dictionary. It should be pretty easy to read, a little harder to comprehend and you need to work with the patterns presented in that book. - has already been mentioned, is related directly to the above mentioned one, so should be easier to grasp. - one of the most amazing books i have read some time ago. Needs alot of time and good prior knowledge. - another interesting read, unfortunatelly i cannot give details because i haven't had the time to read it all.

u/wild_eep · 1 pointr/networking

There's this book on Metasploit...

u/DOc713 · 1 pointr/netsec

I am currently a penetration tester with a small Healthcare penetration company. We perform black box security tests for Hospitals and Health Care organizations.

If you are looking for actual schooling then I suggest looking for a university with a Network Security/Information Assurance Degree. There are not too many with dedicated degrees, but it is becoming a much more popular field.

Most importantly go get some literature on the subject. Although reading can not take the place of actual experience, most books these days are designed to go along side of hands on experience or provide information if you wish to "further refine your skills".

If you are new to security I would suggest "The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy" By Patrick Engebretson. It is a great entry level book designed to introduce you to the concepts of penetration testing.

If you want to get down and dirty quickly "
Metasploit: The Penetration Tester's Guide
" By David Kennedy is another great book though a bit more technical then the last.

These are only a few of many great books. If you want to become a good penetration tester, taste the fundamentals and then pick a focus to get good at. There are few jacks of all trades in Penetration testing.

u/granduh · 1 pointr/Ransomware

For anyone interested a good book to pick up is Practical Malware Analysis:

u/wither88 · 1 pointr/ReverseEngineering

I rarely just recommend one source, since often authors have a specific take (say, a book might be targetted towards the academics, people who use a specific tool, or people who are doing some specific task) - but is absolutely incredible from every angle.

Follow that with learning kernel syscall/monitoring tools [procexp,procmon,the sysinternals suite], disassembly tools[IDA/radare/whatever], and a debugger[WinDBG] + Mark's book on Windows Internals 6th edition both volumes (it's long but its worth it). And youre well on your way.

For Linux/BSD, look at kernelnewbies for Linux and the online handbook for at least FreeBSD, ktrace/ptrace/truss/strace for the syscall analysis type stuff, IDA/radare/hopper all are cross platform so you're golden there, and perhaps calling conventions (cdecl vs what-not).

u/justjosh25 · 1 pointr/computerforensics

Check this out. Goes from really beginner levels stuff to more experienced by the end of the first section. This book will answer all your question about tool during all phases of forensics analysis. Hope it helps.

u/Ampere_Sand · 1 pointr/cscareerquestions

Only have a few minutes to elaborate, but I'd recommend familiarizing yourself with the in and outs of the OSI networking stack like you plan to, and also study Operating Systems. A traditional OS class would be nice, but if you can complement that with a forensics class you will be balling.

It's also a good idea to figure out what subfield(s) of security you would like to pursue. Security is becoming so big and technical that it is almost impossible to be an expert in all aspects of security, so try them all and stick with 2-3 that you like - if the subfields complement each other you will make yourself an even stronger professional.

There's a ton of good resources online; if you make it a habit of browsing the links /u/eooe provided, you will learn about a lot more resources that will help. I would recommend the Life of Binaries class on, and to add to the fun, Practical Malware Analysis by Sikorski is an amazing book on malware analysis that comes with exercises and labs that you can run with a pretty simple VM setup. The book describes how to set that up as well.

u/wishicouldpentest · 1 pointr/learnprogramming

I'm not too sure if this is the sort of answer you're looking for because it appears that you are pretty new to all this but...

If you read these books, then you will know everything you need (ranked by reward to required effort ratio):

However, the books might be pretty difficult to understand with how much you currently know.

u/TheFakeITAdmin · 1 pointr/sysadmin

This is a pretty solid resource Practical Malware Analysis - Amazon

u/Kkari · 1 pointr/HowToHack

Your welcome. :) If you are truly interested there is a pretty comprehensive book on practical malware analysis, I have never read it but I assume it demands a solid knowledge of the above mentioned topics.

u/rspic · 1 pointr/csMajors

Like qaisjp said, do a lot of CTFs.

Cyber security is a vast field with many potential sub-categories you can delve into: software reverse engineering, hardware reverse engineering, pentesting, cryptography, steganography etc. - The list is long.

For more info about ctf's and which ones are hosted:


    CTF's are usually separated into different subcategories and many people specialize in a few of them (not necessarily all), so I'd recommend you take a look around and see what you find interesting.

    Useful sites to visit:

  • (very HQ technical books)

    Reading CTF write-ups is also very useful, taking a look at how challenges are structured and how people solved them will give you insight into different ways of thinking about various problems. Reading a few might be a good idea, and perhaps you fill find a few categories that might be interesting: (Other write-ups may be found just by googling, a lot of blogs and github's out there)

    Personally, I am very reverse engineering focused so I will mostly be able to help you with resources in that area.

    RE links to take a look at:

  • (Must read book if you want to delve into RE)
  • (a blog my friend made)

    If you do RE, coding is also vital (people tend to do C++ and/or C together with x86/x64 ASM, the latter which is essential for RE in the first place), but it is not exclusive to RE, coding is crucial in many if not all CTF categories and I think having a start as a programmer is a good way to enter parts of cyber security.

    There is also a reverse engineering discord, which I think you could benefit from, a lot of information can be found on there about various kinds of reversing:

    I think a lot also boils down to reading books, blogs etc. and having good knowledge of how various things work, the links above should be of help, and should lead you to other useful resources as well. You do not necessarily have to switch majors, good computer knowledge is very helpful, and most cyber sec people I know do either compsci, math + compsci, or just math. In the end it just boils to doing things however, and ctf's are a great way to do that.

    PS. With reversing you can also delve into game hacking which is super interesting and a lot of people do really funky shit with things like the windows kernel!

    If you have any questions about anything, feel free to ask.
u/JoshBrodieNZ · 1 pointr/AskNetsec

It's the standard reference for web application testing. I'm a security consultant who spends a significant portion of my time reviewing web applications and we hand WAHH to every junior who comes on board, while intermediate/senior testers brush up on it periodically alongside the OWASP Testing Guide.

Once you're comfortable with the material in WAHH, also check out The Tangled Web: A Guide to Securing Modern Web Applications which starts to look into browser mechanics and their impact on web application security.

u/token_negro · 1 pointr/CompTIA

Penetration Testing: A Hands-On Introduction to Hacking

I personally think it doesn't go into enough detail, which I suppose is to be expected for an introductory book that covers an absolutely massive subject. It doesn't help that there's not much info out there so I'm kinda flying blind.

I have a Safari Books subscription through my job so I'm trying to supplement it with CEH resources I find.

u/icarrysig · 1 pointr/hacking

OK. If you can get to civilization, you might find this useful:

u/Bad_Laika · 1 pointr/oscp
u/FuzzyPickles02 · 1 pointr/Pentesting

OP, get this book. It’s a great starting point. Hands on approach to setting up a home lab and using common pen test tools.
Penetration Testing: A Hands-On Introduction to Hacking

u/bitcoin-dude · 1 pointr/Python

I like data analysis, but if that's not your thing then maybe you'd be more interested in hacking

u/vinotok · 1 pointr/learnpython

(edit, books are not for beginners and black hat has better reviews)

There are two books, not sure if they are too advanced and I think both are writen for python 2.7 but they are more or less on the subject, one is called 'Gray Hat Python' and another 'Black Hat Python'

You could read reviews of these two books to see if this would be a good starting point. Othervise I would search youtube for keywords like 'python network security' and similar...

u/AZXXZAZXQ · 1 pointr/AskNetsec

How useful do you think books like these to be?

I just finished up a mini project in python and am looking for something else to do (other than learning C and another text on data structures). These books seem to be more about pen testing so I'm not sure it's really relevant.

u/xiongchiamiov · 1 pointr/Python

Black Hat Python (Amazon) is oft-recommended. So is Violent Python.

u/HydraBroodmaster · 1 pointr/hacking

Black Hat Python is a good one, since you know python

u/Rhianu · 1 pointr/1917studios

If your interested, there's a book called Unity in Action that I've found extremely helpful for learning C# in the context of the Unity game engine.

u/perladdict · 1 pointr/Unity3D

Cool, the book is Unity in Action

It does touch on 2D but primarily 3D. I went from knowing nothing about Unity or game dev to making this: Platformer In 2 Months and that was after I scrapped some ideas! Good luck!

u/trojanfoe · 1 pointr/Unity3D

I have found Unity In Action to be great, but there isn't much competition as most other books are by Packt and they are crap.

I cannot tell you how much you will learn from it if you are already experienced, but the only reference is from Unity themselves.

u/drelidan · 1 pointr/gamedev

I can't personally recommend any of these, but just looking at Amazon yielded a few interesting prospects. You're probably beyond the basics in most of these books - but they all target slightly different things, so you'll end up gaining useful knowledge from any of them.

(search link:

u/my_name_is_mike · 1 pointr/learnprogramming

Is a wonderful read, very easy to follow along. And as the code was tested within the community before publishing, it's way more accurate than i'm used to in dev books. Sometimes hard to justify development books for something that is such a fast moving target, but this is definitely worth looking at.

u/pixelgerm · 1 pointr/Android

I found Hello Android to be a decent introduction to Android development.

u/FreelanceSocialist · 1 pointr/AndroidQuestions

Head-first Java is really easy to run through. Hello, Android is a good primer, though I kinda skimmed a lot of it. After that, maybe Java in a Nutshell and Android in Action to supplement the Cookbook?

u/chateau86 · 0 pointsr/gatech

But CS1371 touched exactly none of these things. They should just fork all that into a new class. Maybe call it Matlab: The good parts or something.

u/jcc333 · 0 pointsr/learnprogramming

Javascript is a hopeless morass of kludgey code masquerading as a working language, but here's a shot: read Javascript: the Good Parts by Douglas Crockford. Also note the following:

  • Javascript has first class functions, unlike java.
  • Javascript has prototypal inheritance, which will throw you for a heinous loop if you're enamored of classical inheritance.
  • Javascript arrays aren't arrays, they're dictionaries.
  • Any object in javascript is a dictionary with some additional sugar.
  • NEVER use the 'with' key word. It's ill-defined and has multiple possible valid interpretations.
  • Javascript has no linker, and as such has one global namespace, so it's a good idea to wrap the code in your files in js objects to fake modularity.
u/serentilla · 0 pointsr/nottheonion

This is why in bookshops you see The Bible, The Definitive Guide and The Bible, the good parts

u/Bray4ever8 · 0 pointsr/WikiLeaks

Clearly I do know how to use Google as I found the information rather quickly and easily and responded. You couldn't.

This should help and when you figure it all out, let me know.

u/sportsokkendrager · 0 pointsr/worldnews

> How is this any worse?

Who said this was worse? Or is there a rule that there can only be outrage about one thing at a time?

> wheres the outrage there?

I think this would be a good starting point for you to find the outrage.

u/playaspec · 0 pointsr/skeptic

> Because it's not bullshit.

It is bullshit. I check for it's location prior to replying to your post. If you can't find it, that's on YOU, not Google.

>"Tools" is not an option on either the default search page

Nice qualifier. "default search page". I see that about once every other month. 99.999% of people don't load the man page to search. They type their search query into the URL box and get a results page, that has the option to further restrict results by date.

>It's also not anywhere on the "search settings" page.

That's it. Keep looking for it EVERYWHERE it's not, while simultaneously denying that it's been available on EVERY results page since forever.

>It's possible they're using more than one page for different markets.

It's also possible you're overlooking the obvious.

>The ONLY time-based option for advanced search that shows up is "Last update." "Custom range" is nowhere on this page, at all.

Perhaps this book might help you.

u/returnvoid5 · 0 pointsr/CryptoCurrency
u/BTC_Forever · 0 pointsr/Bitcoin

Why? Is not so clear that statement?
If you don't know what are "bitcoin keys" maybe is time for you to read more about Bitcoin.
That statement is like the golden rule of Bitcoin, you have to understand it in order to be able to use Bitcoin in a safe mode. Otherwise, you will come back here in few weeks complaining that your "bitcoins get stolen"...
Bitcoin = Be Your Own Bank = act accordingly
Here are 2 great books to start:

u/jhulbe · 0 pointsr/sysadmin

I was given about 20k worth nexpose and metasploit licenses to start doing public pen testing.

i don't know what the i'm doing. So maybe this will help thanks heartbleed, bash, and coldfusion exploits

u/silicon_w01f · 0 pointsr/cybersecurity

This is a really good book to get you started in the right direction.

By the time you've finished the Napier degree you'll be in a very good place with the addition of a couple of certifications such as CISSP. It's not actually that great a course but it appears on a lot of job requirements.

u/remembertosmilebot · 0 pointsr/gamedev

Did you know Amazon will donate a portion of every purchase if you shop by going to instead? Over $50,000,000 has been raised for charity - all you need to do is change the URL!

Here are your smile-ified links:

Unity in Action


^^i'm ^^a ^^friendly bot

u/jsprogrammer · -1 pointsr/programming

As long as you stick to the good parts Javascript is a pretty nice language that supports both functional and OO styles.

Once you use things that aren't the "good parts" then you are going to run into trouble.

u/mcoalson · -1 pointsr/DunderMifflin

Glad you took time out of your day to accuse me of karma whoring... must have a lot of friends =) Was watching the office and thought to google something. Again sorry this is so out of this world that it must be a lie. If you'd like, here's some reading that can help with the difficult task of thinking something to yourself and then asking google about it.

u/sasquatch_tech · -2 pointsr/learnprogramming

Javascript is a "bad" language in that it has a lot of issues. is a thin book, and rightly so. That said, you should focus on learning Javascript and not Python. Javascript is primarily used in the browser, but you can build an entire application stack with it if you user Node.JS. I'm primarily a Java guy, but Javascript is the way I'd go starting out and trying to become a web developer. If you wanted a secondary language I would definitely learn Java, not Python. Straddling the realm of strongly, statically typed languages (Java) and weakly, dynamically typed languages (Javascript) gives you a broad range of understanding. Also Javascript tends to be much more functional in nature than Java which tends to be more imperative (though that is changing).

u/terrapinbear · -2 pointsr/programming

Please don't ever separate the word javascript again. Javascript is not script-able Java. And why link a book to a youtube video? Why not Amazon? Or O'Reilly? Or even the author's web site?

u/Mob_Of_One · -4 pointsr/javascript

This book will save you MANY hours of pain.

JavaScript is not OO.

Good JavaScript is not imperative.

Good code period doesn't rely on mutating globals.

u/rodion_89 · -5 pointsr/javascript

Don't listen to jakelear, w3schools is an excellent resource for beginners.

That said, once you are on your feet and getting deeper into JavaScript check out these books. They are wonderfully useful and informative.