I can definitely relate, this sounds just like me last year! I've done things the hard way and it took me 5x longer. I also prefer screencasts to books. I always need to create a project to solidify those fresh skills, otherwise they'll be gone in a month. Also tutorials for things like Backbone assume you know how to use jQuery, Underscore, and things like REST, and JSON responses... this can quickly get confusing if your not familiar with all of these. My largest regret is not building enough practice apps in the last year. I really should have applied more by doing, instead of staying in the theoretical world.

Here are some insights that i've made and the courses/tuts/projects that helped me the most:

Learn the language first:

• https://tutsplus.com/course/javascript-fundamentals/
  
• https://tutsplus.com/course/object-oriented-javascript/
  
• https://tutsplus.com/course/advanced-javascript-fundamentals/
  
• http://eloquentjavascript.net/ If you feel you need more coverage of the same topics (interactive html like CodeCademy).
  
• Build something interesting, things like games seem to also challenge your programming skills at the same time. Something like Whack-a-Mole, Connect 4, etc... Don't worry too much about the looks, unless you want to practice that too. At this point you should be able to do basic dom manipulation, events, and basic logic.
  
• The tut-plus courses cost a little for a few months but they're really high quality... most of them also give you projects too.
  
  

  Set up a comfy environment
  

  
  Take some time to start optimizing your development environment, the Paul Irish explains it very well below, but some of the topics are a bit too advanced for now (modules, build tools, etc...).
  
  

• Javascript Development Workflow of 2013
  
• Setup a jshint plugin (~4min above), read the website/docs for all the options. http://www.jshint.com/
  
  
• A more entry level talk on setting up your environment Front-end Tools for the Young Developer
  
  
  

  Learn the native DOM and it's API
  

  
  

• http://domenlightenment.com/
  
• Create your own DOM manipulation library
  
• While this one is a book, it's small and has js-fiddle examples for every code block to try it out... i'm currently going through this and it's great! They have a free HTML version (not final edit) and a cheap softcover on amazon. This will make using jQuery much easier and less 'mysterious'.
  
  

  Learn jQuery
  

• https://tutsplus.com/course/30-days-to-learn-jquery/
  
• https://tutsplus.com/tutorial/jquery-anti-patterns-and-best-practices/
  
• http://fixingthesejquery.com/#slide1
  
• https://tutsplus.com/course/jquery-plugin-development-best-practices/
  
• Re-write one of your previous apps to use jQuery instead of vanilla.
  
• While I love vanilla, jQuery just saves time. Learn when you can easily not use jQuery to gain some easy performance.
  
  

  Read "The Good Parts"
  

  
  Though very cliche at this point, read through this classic. If you don't really understand it all 100%, make sure you hang on to it though as it gets better with age. Try and follow it as close as possible, then later feel free to break the rules. By then you'll know why you can break them.
  
  

• JavaScript the Good Parts
  
  

  Learn Underscore
  

  This is a great library that gives you a lot of cross browser ES5 features and features that should be in JS. Not a lot of tuts on this one, reading the docs and source helps a ton here.
  
  

• http://net.tutsplus.com/tutorials/javascript-ajax/getting-cozy-with-underscore-js/
  
• http://vimeo.com/60216668
  
• http://underscorejs.org/
  
• https://github.com/bestiejs/lodash
  
  

  Learn Backbone
  

  There are lots of these libraries but Backbone is the most popular and easiest to learn. Keep in mind this is a library, not an entire framework like ember. This means in a larger app you will essentially use Backbone to help build you own SPA framework for your app.
  
  

• https://tutsplus.com/course/connected-to-the-backbone/
  
• https://tutsplus.com/course/advanced-backbone-patterns-and-techniques/
  
• http://addyosmani.github.io/backbone-fundamentals/ Great book!
  
• Build a Todo app with backbone
  
• Build a backbone powered Reddit mobile web app, read the following posts for inspiration.
  http://cheeaun.com/blog/2012/03/how-i-built-hacker-news-mobile-web-app
  http://cheeaun.com/blog/2012/03/how-i-built-hacker-news-mobile-web-app_26
  
  

  Learn Node
  

  
  

• https://tutsplus.com/course/introduction-to-node-js/
  
• Build a command line app ( I built a scaffolding app to spit out my boilerplates, and a really janky language transpiler)
  
  

  General Front-End, Programming
  

• Baseline for front end developers
  
• So you want to be a front end engineer
  
• http://pineapple.io/wiki
  
• https://www.edx.org/courses/HarvardX/CS50x/2012/about
  
• I can't stress how helpful the CS50 course has been to me, even on the front end.
  
  

  Read a comprehensive JS book
  

  I really like Nicholas Zakas's book over the definitive guide. I find that he is able to tell more of a story and makes it easier for me to absorb.
  
  

• Professional JavaScript Development
  
• JS the Definitive Guide
  
• Re-read "The Good Parts", this should make much more sense than the first time you read it.
  
  

  Testing
  

  
  Make sure you're comfortable with everything before moving onto testing... this includes frameworks etc.. Learning testing will only slow down the learning process if you're not comfortable with the rest. Mocha is the newer test runner and is better with async. However, Jasmine is very popular and time tested. The "Lets code javascript" below is an awesome course. Don't let the first sections turn you off, they may seem tedious at first (integration server, etc...) so feel to skip to dom/browser testing and then loop back when testing is more normal.
  
  

• http://www.youtube.com/watch?v=eVpXkyN0zOE - Short intro to Jasmine and TDD
  
• https://tutsplus.com/course/javascript-testing-with-jasmine-2/ - Nice n Easy course to Jasmine & TDD
  
• http://www.letscodejavascript.com/ - epic comprehensive JS TDD course from server to browser
  
• 
  
• http://visionmedia.github.io/mocha/ - My favorite runner (with Chai)
  
• http://karma-runner.github.io/ - Test in mult. browsers from the command line (advanced)
  
• https://github.com/rmurphey/js-assessment - test your skills (no pun intended)
  
  

  --
  

  I just started sketching out a website to try and solve this problem. It has different paths to follow to fill in gaps of JS knowledge quickly (much like hackdesign.org)... unfortunately it's not finished yet! Watch LevelUpJS on Github in the future. I also have some more links on app architecture and things like modules but this list is getting a bit large!
  
  Cheers and good luck!
  

A few of my favorite books I reference and recommend. Just a note, many of these are older and can be purchased used for much less. Also if you can afford it, get a Safari subscription. I use my work Safari subscription but this alone has saved me from my book buying habit. Now I only buy "must have" books. :)

Official Ubuntu Server book - I really like this book as the writing style helped me "get it" with Linux. Kyle Rankin has a very good method of showing you the technology and then a quick run down to get the server working, followed by some admin tips. It's a just scratching the surface type of book but it's enough to get you started. I rarely use Ubuntu now, but this book helped me understand DNS and other topics that were IMHO harder to grasp from other books.

As a bonus, this book also has an entire chapter dedicated to troubleshooting. While this sounds obvious, it's a great read as it talks about dividing the problem, how to approach the facts, etc. Stuff a seasoned admin would know but might be hard to explain to a new admin.

The Linux Command Line: A Complete Introduction - You can read this book for free on the site, but having a paper copy is nice. As mentioned, you should have a very solid understanding of the command line. In my experience, I have seen co-workers struggle with basic shell scripting and even understanding how to make a single line for loop. This book covers the basics, moving to shell scripting and I think it's a good solid reference guide as well.

DevOps Troubleshooting: Linux Server Best Practices - This book is referenced a few times here but I'll throw another comment for it. Another book from Kyle Rankin and has the same straight to the point writing style. It's very quick reference and simple enough that you could give this to a new sysadmin and he or she could get started with some of the basic tools. While the book covers a good selection of basic services and tools, it's easy to get deeper into a chapter and find it's only discussing a handful of troubleshooting steps. The idea with this book is it's a quick reference guide, and if you want to get deeper into troubleshooting or performance, take a look at other books on the market. Either way, this is a great book I keep on my desk or reference through Safari.

UNIX and Linux System Administration Handbook (4th Edition) - Another popular book based on the comments here. This is a pretty big book, thin pages, but it's like a small brick of UNIX/Linux knowledge. While it's starting to get dated, it does give a great reference to many topics in the system administration world. The chapters can dive deep into the subject and offer more than enough information to get started but also understand the technology. The e-mail chapter I thought was great as well as the DNS. I think of this book as a overall guide and if I want to know more, I would read a book just on the subject, that's if I need more information. One thing to point out is this book makes use of different OS's so it's filled with references to Solaris, different UNIX versions, etc. Not a problem but just keep in mind the author may be talking about something outside the scope of vanilla Linux.

Shell Scripting: Expert Recipes for Linux, Bash and more - I found this book to be a good extenstion of the Linux Command Line book, but there are many many other Bash/Shell scripting books out there. The author has many of the topics discussed on his site but the book is a good reference for scripting. I can't stress enough how important shell scripting is. While it's good to know a more formal language like Python/Perl/etc, you are almost certain bash will be on the machine you are working on.

Systems Performance: Enterprise and the Cloud - I can't comment on this book beyond the first chapter, I'm still reading it now but it's reading similar to Brendan Gregg's site, and that's a great thing. If you don't know who this guy is, he's one of the top performance guys in the Solaris and now Linux world. He has some great infographics on his site, which I use for reference.

Use method for Linux

Linux Performance

Example of Linux performance monitoring tools

Hope this helps!

Start by trying to understand the CSS and HTML on the sites you like going to. If you haven't already, become familiar with the F12 developer tools each browser provides. You'll want to get comfortable with them all because early on you will want to discover why your pages aren't looking the same in one browser to the next. Using the dev tools in the browser you can actually change the way the page is styled by literally changing the CSS in the developer tools. Or you can add styles as well which is GREAT when modifying your own site so you dont have to go back and republish it each time you make a change. IE's dev tools are actually pretty great. You can also simulate older browsers by changing the document/browser mode in the Emulation tab (this isn't perfect btw, but works well for the most part)

Next start using JSFiddle.net or CodePen.io and try to recreate some elements on a site you like. Do this daily, and do not get frustrated. By using the dev tools you can see how they used CSS to get the style you like, and the surrounding divs/spans/p/etc around it. You can also right click on the page and select "inspect element".

Codecademy is GREAT but one thing it doesn't do well is using real world tools since you are using their environment. You will learn far more by manipulating the dom in F12 or using JSFiddle/CodePen. Plus you can post a page you are working on in JSFiddle/CodePen to a forum like this one for help with what you are working on for a lot better discussion.

Another good site to keep in your toolbox is Can I use. This will help you with understanding which CSS can and can't be used for your specific browser support needs. One example that comes to mind is wanting to use text-shadow which isn't supported in IE9.

Because this is a post in a CSS sub, I'm not sure if you are going down the web developer route, but if you are, then continue reading. Otherwise, feel free to skip to the last paragraph.

Next you will want to move on to the final tool in your front end development toolbox you will want to master and that is JavaScript. Learn straight JavaScript first, and avoid mixing in jQuery until you feel like you have a great understanding of how JS works on its own. I believe the JS tutorial on Codecademy mixes jQuery early on, and if you are just starting out you may not realize the difference. Don't get me wrong, learning jQuery is almost as important as learning JavaScript, it's just important to understand it is a library for JavaScript, and as a framework has its uses and limitations. I really liked the JavaScript tutorial on Code School, so that would be a great place to start. It's not free, but I believe they have a free trial. Otherwise everyone will tell you JavaScript: the Good Parts and Eloquent JavaScript (which is online and free) are required reading.

After that you'll want to learn some of the more popular libraries and frameworks for CSS & JS, such as LESS, Sass, jQuery, AJAX, node.js, backbone.js, and Bootstrap to name a few.

After this, then you'll need to decide if you prefer to lean more to the designer side or the back-end developer side. Front-end developers are usually the bridge between the designer and back-end developer.

In my experience though, you fall in to either being an all-in-one or the designer who does front-end work. Learning designer tools like Illustrator and Photoshop will be helpful if you are asked to or need to create your assets. I actually prefer Fireworks (though I hear it is being discontinued) for creating quick assets I couldn't create with CSS instead of Illustrator because its a little less robust and for someone new its much easier to learn. Otherwise if you are going the back-end route you'll probably want to research which server-side language you want to start with like PHP, Ruby, Python, .NET, etc and then what database such as MySQL, MSSQL, etc.

The best advice I can give you though, is don't be a "master of none" web developer. Become a master at CSS before you move to JavaScript. Then become a master at JavaScript before you move to another language, or whichever language you choose next. When I started out I tried to learn CSS, JavaScript, ASP, PHP, jQuery, C#, AJAX, SQL, and a few others because I wanted to get started quickly...along with pressure from the company I worked at. You will get overwhelmed, burnt out, and start making mistakes, or even worse, not get to the bread and butter of the language you are trying to learn.

That's a good setup you have going on, honestly. If you're looking for more resources, I can think of a few resources to supplement what you're already reading/doing

The Tangled Web - https://www.amazon.com/Tangled-Web-Securing-Modern-Applications/dp/1593273886

SQL Injection Attacks and Defense - https://www.amazon.com/gp/product/1597494240

Hacking Exposed: Web Application - https://www.amazon.com/HACKING-EXPOSED-WEB-APPLICATIONS-Edition/dp/0071740643/

https://pentesterlab.com/bootcamp - At this point, you can probably filter out what's relevant to you or not, this will map out other topics related to what you need to know, and may fill in any gaps you have at this point.

OWASP - https://www.owasp.org/index.php/Main_Page [Borderline vital to web app exploitation, Highly recommend if you haven't explored this site yet]

Now, the books and study materials are nice and all, but the most important thing is practical experience, and I see you've identified that by engaging yourself in DVWA. A few additional hands on labs you could dive into are vulnhubs that target the web (Broken Web Applications Project by OWASP is a must):

https://www.vulnhub.com/?q=Web&sort=date-asc&type=vm

Wargames (Overthewire / Smashthestack):

http://overthewire.org/wargames/natas/

SecurityInnovation (canyouhack.us):

http://canyouhack.us/ - It will start off with web challenges, feel free to stop when it starts getting into binary exploitation. What you've learned up to this point should carry you through the web application portion of this challenge, although some lateral thinking is required, which is also a skill you'll need for the GWAPT.

Google-Gruyere - https://google-gruyere.appspot.com/

Since you stated that you were going through the WAHH book, the labs over at mdsec may be a good investment for you at this point to follow along (although not exactly required if you properly use the resources above)

http://mdsec.net/labs/

https://www.wechall.net/challs - Again, filter out what you need to practice here. Lots of good challenges for multiple different areas of study.

CTF's: Be on the lookout for CTF's on http://ctftime.org and put a focus on the web challenges. These challenges will encourage lateral thinking like the securityinnovation challenge.
http://shell-storm.org/repo/CTF/ is an archive of older CTF's if you're having a hard time finding upcoming CTF's with good web exploitation sections. In my opinion, CSAW is especially good when it comes to web challenges, but check most of them out if you get time.

Another recommendation to you is to develop a decent understanding of how a web application is structured. It becomes easier to visualize how to attack a web application, when you can engineer one. So I will recommend that you learn:

HTML/CSS - don't spend way too much time on this, codecademy should suffice here

Javascript: The source of the client side exploits you will find in the future. Get your feet wet in javascript via codecademy, and progress further.

PHP: Source of the majority of server side exploits you will find (RFI/LFI, SQL Injection, etc). As with javascript, get your feet wet through codecademy, and try to progress further from there.

SQL: Important to know for SQL Injection. PHP is responsible for the implementation that leads to SQL Injection, but you should really know SQL to actually manipulate the DBMS to your needs.

With the web languages I listed, the end goal for you, should be to identify vulnerable source code, as well as being able to intentionally develop vulnerable source code, and fix it.

At this point, you should be relatively comfortable with the concepts covered in the GWAPT, however if not, take a look at the bulletin/syllabus of the actual exam, and individually research each topic.

http://www.giac.org/certification/web-application-penetration-tester-gwapt

Looking at the syllabus for the actual course that maps to GWAPT may provide some insight as well.

https://www.sans.org/course/web-app-penetration-testing-ethical-hacking

Hope I was able to help. Best of luck to you, and if you have any questions, feel free to let me know.

Hey there, I happen to design electronics for construction and ag equipment. Construction and ag companies generally like to use the automotive EMC standards as a baseline so I am familiar with those standards and designing for them (ISO 11452 for radiated/conducted immunity, ISO 10605 for ESD, CISPR 25 for radiated/conducted emissions, ISO 16750 vehicle battery transients, ISO 7637 vehicle transients). I think it's helpful to walk through the required tests and determine what protection you need for each.

For the purposes of this post, I will assume that your "RTD signal conditioning" block consists of some sort of op amp circuitry or similar.

ESD

A suitably sized TVS diode is my go to. I usually choose it based on the data sheet calling out that it meets a particular ESD standard that is comparable to the one I am using. However, for analog lines you need to be careful about leakage current from the TVS diodes causing error in your analog reading. Maybe that's why you have the resistors in series? I haven't seen that before. Overall, set the clamping voltage of the TVS to something higher than your analog signal voltage so that you are guaranteeing an acceptable amount of leakage current from the TVS diodes for your application.

When you lay out your board, you need to put the TVS diodes as close as possible to the connector pins. make connections between the connector pins and the TVS diode pads as wide as possible, up to the width of the pads of the smallest component pad. Do not have any traces routed to your connector pins in between the connector and the TVS diode. You want the easiest path for ESD to go is directly to the TVS and shunted back out onto the cable connection. Any traces that need to be connected to the connector pins should be routed to the TVS pads. This is absolutely critical for passing the packaging and handling ESD test where the unit is unpowered and they hit the connector pins directly with +/-8kV.

Now, one more thing about ESD. You will likely have to pass a test where the unit is powered and ESD (+/-8kV direct, +/-15kV air typically) is applied to your device. Zaps are applied to locations that could touched when the unit is plugged in and powered. So, no TVS is really going to help you here because your connector pins are likely not exposed (since the connector is plugged into something else). The path for ESD to your board is not through the connector and thus you need to protect the board in other ways. This is where you need to either (a) ensure that any zaps applied to your electronics go around them and straight to ground (e.g. a grounded, metal housing) or (b) ensure that you have no exposed metal subject to the ESD test that is within 15-20mm of your electronics (use mechanical design to ensure nothing an be zapped that will be able to jump to your board). Why 15-20mm? Well, the dielectric strength of air is about 1kV/mm. With 15-20mm, you are ensuring that you have at least 15-20kV of isolation between the ESD gun and your board. Consequently, there is no path for ESD in that case. If you can't do that, then you are down to changing materials, adding shields, using "tortured path" mechanical design, or just simply having to deal with ESD on your board and the effects of that (bad!).

Immunity (i.e. protecting against injected noise)

Here you're likely looking protecting against noise at frequency ranges in the 1MHz to possibly 3GHz range. It depends on the company you are designing for usually. However, this is where you usually want to start off with a pi filter (cap - ferrite - cap) right after your TVS diode. A good bet is something like a 0.1uF cap - ferrite - 0.1uF cap. Whatever you do, you want to try and filter in the frequency range where the test will be done. One caveat here is that there are some standards (ISO 11452-4) where there is a bulk current injection test. It's a lot to get into, but generally you need to take special care in passing a BCI test if it is required.

Emissions

You have two circuit defenses against emissions. The first and best is to have ample decoupling and bulk capacitance on your board. Conduction emissions is a result of your board not having enough local charge storage and thus pulling high frequency currents across your power cables. This can also lead to radiated emissions. Two things are critical in providing this local storage. (a) You can't have too many bulk caps. Use many and ensure they are sprinkled about your board so that no IC is more than say 1-5mm away from bulk capacitance. (b) Decoupling caps need to be placed as close as possible to the VCC pins of each IC. 0.1uF is a good starting point. Keep traces very very short. Keep vias to ground and power planes directly off of the side of the cap, as close as possible to each other to keep the loop areas small. The more you do this, the more effective they will be. Multiple vias for each connection to the power and ground planes can be used to increase performance too.

The second circuit defense for emissions is the pi filter from the Immunity section above. That will help filter remaining emissions before it reaches the cables and outside world where emissions are measured. Conducted emissions is typically around 150kHz to 100MHz. Radiated emissions is typically higher, about 200MHz to 3GHz.

Board Layout

This is where EMC performance is made or lost. You need to be a complete stickler about your board layouts. Don't settle for bad practices in layout because they will be the thing that kills your EMC performance. I've mentioned a few layout related things already, but here's a couple more.

• Board stackup - I won't go into too much detail, but more layers = better performance. A 2 layer board is almost guaranteed to fail emissions testing. 4 Layer is a minimum. At my job, we use 6 layers as our standard. Your goal here is to tightly couple the signals to the planes by having small dielectric heights and the proper layer order.
  
• Component placement - Always filter at the periphery of the board. Keep all other components away from the connections to the board (13mm is a good rule of thumb here). Keep components at least 2mm away from the edge of the board. Keep sensitive analog circuits away from digital circuits (note that a digital trace can have return currents up to 50x the dielectric height away from the digital trace. A digital trace routed on an internal layer will reduce this to 3x. You want to ensure those high frequency return currents are not interfering with your analog circuits. Keep separation there but do not break up the ground planes. Thou shalt have one ground plane!
  
• Critical trace routing - Mentioned this above but route fast traces first and keep them away from the analogs. Use internal layers if you can. Never route a trace over a gap in the ground/power plane. Never route a trace over an area without ground/power (i.e. at the edge)
  
• Ground/Power Planes - Pull ground plane back at least 0.5mm from the edge of the board for avoiding manufacturability issues. Now, pull the power plane back another 0.5 to 2mm back from the edge of the ground plane to ensure that stray fields are contained on the board.
  
• Routing with layer transitions - Any time you switch layers and the trace now has a new reference plane, you need to provide a stitching cap or via to allow the return currents to make it to the new reference plane within, say, 1mm of the layer transition. An example of this would be a 4 layer board where a top layer trace goes through a via to the bottom layer. Where that happens, you want to add a decoupling cap (0.1uF) right there between the power and ground planes.
  
  These are the types of things you really want to take care about if you are serious about designing high quality boards for automotive. Henry Ott's book is a great resource that I feel can greatly help explain the above comments in much better detail than I can here.
  
  ​
  
  Good luck! Let me know if you have questions.
  
  ​

The usual advice is "get out and program!" and that works, but it can be very tricky coming up with something to write that's also satisfying. The idea is that you learn best by doing, and that many topics in programming can't really be learned without doing. All that stuff is true and I'm not denying that at all, but some of us need more. We need something juicier than spending hours configuring a UI for a project we couldn't care less about. It shouldn't be an exercise in masochism.

I guess what I'm saying is that there are a lot of ways to learn to write code and books are great if you can really sink your teeth into them (a lot of people can't). Code Complete is a great book on the practice of programming. You also say that you "get" OO pretty well, but it might open your eyes to read up on design patterns (e.g., Head First Design Patterns). You have a long way to go before you really get it

In addition to those, you could delve deeper into your languages of choice. There's no way around JavaScript if you're a web programmer, and a book like JavaScript: The Good Parts is pretty enlightening if you've got some experience in JavaScript already. It's a pretty interesting and unusual language.

But sometimes programming is about building gumption, so instead of just being practical, try to figure out what you like about computers and keep going deeper into it. If you have an interest in computer science and not in just building apps, then something like Structure and Interpretation of Computer Programs could instill in you an enthusiasm for computers that trickles down to everything else you do. If you're more interested in web design, there are probably similarly interesting books on artistic design principles.

I think what I'm ultimately saying is that you should find what you enjoy doing and just go deeper down the rabbit hole, getting your hands dirty when it's appropriate and interesting.

I'm going to go against the grain here with my recommendation. I'm a guy who was in a similar position years ago. I've since transitioned from web development to game programming and have working knowledge of 7+ languages.

Dude, don't sweat these feelings you're having. You're just at a wall. We all reach different kinds of walls in this career and they're really the best thing ever. It means you're about to jump ahead in skill by at least 10x. You just got to find the trigger for it. Be patient and try different things. Go check out Udacity and do some courses on there. Also this is the time to start reading books. Not just any cheap book you find. Good books that will give you the perspective of an industry professional. Books like JavaScript: The Good Parts, Code Complete, The Pragmatic Programmer, or The Little Schemer. Also it doesn't matter what language the books are in to enjoy it. 98% of all programming languages are the same anyways, which you'll soon learn. For the most part, they just have moderately different ways and syntax to do the same thing.

I would recommend not switching platforms from the web. One of the most important skills guys like us can have is seeing where technology is heading and betting on the right horse. It's very clear that webapps are going to be even more important in the future. You can already make desktop apps with web technology naively in pretty much all major OSs now.

I say learn JavaScript front and back. Read JavaScript: The Good Parts and JavaScript: The Definitive Guide cover to cover. Once you learn JavaScript it'll be very easy to transition to any C-based language, which is most of them. In fact I credit JavasScript for giving me the basics to jump to just about any language comfortably and pick it up in a few weeks.

After that, learn a good server side language like Java, Python, or C#. (C# is in very high demand, and has many applications) Or learn all three and you'll be very well positioned career wise. Well, make sure to get some experience with SQL too for good measure.

Also if you want to have a good challenge instead of being bored on those easy things, like drawing shapes, why don't you try Udacity's fine WebGL course? Jumping in the deep end isn't bad as long as you don't expect it to be easy.

Part of me wants to say just do it. The course starts at a beginner level, but bear in mind that most people, myself included spend between 2-4 weeks of the precious lab time doing the course. Unfortunately there is no way to get the course material ahead of time, so factor that in when choosing how much lab time to prepare.

Having said that, I highly recommend reading Georgia Weidman’s book prior as this covers a lot of the same material as the PWK and is a great way to prep for the coursework so some of the ideas presented are not completely new to you

https://www.amazon.com/Penetration-Testing-Hands-Introduction-Hacking/dp/1593275641

Depending on your ease with programming, you may want to bone up on some python fundamentals as well. I did about 1/4 of this Udemy course before starting

https://www.udemy.com/the-modern-python3-bootcamp/learn/lecture/7991038#overview

Here’s a great guide from Abatchy on OSCP Prep, although a lot of the stuff he discusses in the guide are covered in the OSCP course

https://www.abatchy.com/2017/03/how-to-prepare-for-pwkoscp-noob.html

There is also a YouTuber named IPPSEC that does video walkthroughs for retired Hackthebox machines. some of the machines are very CTF like, so Just watch the OSCP Like ones in this playlist.

https://www.youtube.com/playlist?list=PLidcsTyj9JXK-fnabFLVEvHinQ14Jy5tf

Finally, if your willing to shell out some money, 30 days on Virtualhackinglabs.com is a great way to practice. Their course is very OSCP like and a good way to jump right in.

https://www.virtualhackinglabs.com

Of course Hackthebox is always a great resource to practice your pwnage skills.

https://www.hackthebox.eu

Don’t feel like you have to do ALL of this before the OSCP, the list I gave is pretty much every resource outside of the PWK course I used to pass the exam.

If you only did one thing before you start the course, Definitely read Georgia’s book. Everything else can be used in conjunction with the course if you need extra help.


There is also an active discord channel for PWK students, use it!

I’ve been working on this for a while, so I might as well drop it here. It should provide an authoritative answer for “How do I get started in CyberSecurity”

Before I get started, there are a few things I need to explain about cybersecurity - There are a ton of different areas of “CyberSecurity”.

This post is specifically catered around the core concepts of cybersecurity.

The most basic thing you need to understand about cybersecurity: It revolves around stuff communicating with other stuff. Anything from side-channel attacks to large-scale DDoS’ - stuff is insecure because stuff communicates with other stuff. Communication can be hard understand and even harder to define (let alone secure). I know this is a very vague statement, but it’s one of the core, fundamental concepts of cybersecurity.

The second most basic thing about cybersecurity you need to understand - “hacking” (I hate that word) as it’s known is not some bond-villain type activity. It’s intentionally mis-using something that already exists in a way that introduces a security flaw into the environment. Sometimes the right circumstances line up and this flaw can be leveraged into something, but sometimes it can’t.

I split up my resources into offensive-based and defensive-based because it’s important for you to understand that while each of these groups are individually important, each knowledge area is not as effective without the an understanding of the other one.

One other thing to note - Certifications are great, but you need to de-couple the idea that certifications=knowledge/skills in this field. There are certainly certifications that break out of that mold, but for the most part, this holds true. I’ve ordered them in the order in which I used/learned with these resources, so you can follow-along directly in order (if you want to). I learned offense first, so that’s the way I’m laying it out here.


Offensive-Based:


I started my career in InfoSec by studying for the most basic, foundational certification: The Security+. This is the best beginner-level cert that says “I know something about security.”

I learned by going through Professor Messer’s entire course, and I felt pretty ready after I went through it all. Here’s the link to his Sec+ course

Now, lets get into some practical stuff. OverTheWire. These are war-games, or CTF’s - challenges designed to test your practical ability in security, but also designed to help you learn new things. CTF’s are the absolute best way I’ve found to learn security. Here’s the link to OverTheWire in case Google is down. If you get stuck, here are some helpful write-up’s.

Do them in this order:

• Bandit
  
• Leviathan
  
• Natas
  
• Narnia.
  
  At this point, you should be set to start with the books and Hacking Labs.
  
  
• Penetration Testing (Book, Follow-along labs)
  
  
  
• Hacking, the Art of Exploitation (2nd Edition, Book, follow-along labs)
  
  
  At this point, I’d recommend going for another certification - CEH. Once you have the CEH, you’re ready to move into more practical-based certifications. Here's what I used to learn and practice the CEH:
  
  Now, lets get into some more practical exploitation. PentesterLabs focuses a bit more on WebApp stuff, but I’ve found its the best intro-environment (as it is relatively scripted scenarios, and you don’t have to do as much recon). They're fairly explanatory, and will walk you through the solution if you get stuck.
  
  
• PentesterLabs
  
  
  Next, lets get into HackTheBox (Exploitable virtual machines, ranging in difficulty. You’re going in mostly blind here, so you have to do your own recon and enumeration): HackTheBox
  
  Here are some helpful write-ups (Written Explanations):
  
  
• GitHub
  
  
• 0xRick Webiste
  
  Also, there’s some super awesome video explanations by IppSec
  
  
  After you get through most of these, you should be set to start on your OSCP. The OSCP contains a course (Penetration Testing with Kali), a lab environment (~50-60 vulnerable boxes), and a practical lab test at the end. OSCP
  
  After you’ve completed the OSCP, then you have enough knowledge to continue directly down the cert path, and the courses (in combination with the certs) put out by Offensive Security contain enough good content to where you don’t have to study other resources. The certification path from here on out splits into two different areas: Technical, and management.
  
  
• Technical:
  
  • OSCE (OSCP 2, basically)
    
  • OSWE (OSCP but for web exploitation)
    
  • OSEE (OSCP 3, really fucking hard).
    
    If you’re at this point, getting past the OSEE, you can pretty much walk into any offensive-based job, slap you’re cert on the table, and they’ll hire you. You don’t need my help anymore here.
    
    Now, here's the management path:
    
    
• Management:
  
  • CISSP
    
  • PMP
    
  • MBA
    
    Having the technical background of the OSCP, plus a CISSP, PMP, and MBA would create an extremely potent executive - one who can understand the technical details and risk, and who then could translate that into verbiage that other executives could understand.
    
    
    So, you’re overall standard security offensive certification path should look something like:
    
    
• Security+
  
• CEH
  
• OSCP
  
• OSCE
  
• OSWE
  
• OSEE
  
  OR
  
  
• Security+
  
• CEH
  
• OSCP
  
• CISSP
  
• PMP
  
• MBA
  
  Now, for the Defensive-based side.

The jQuery documentation is very, very helpful. Every piece of jQuery has example code and a user comment section to provide extra insight. Don't be afraid to check it out, even if you are an absolute beginner. I actually "learned" how to use jQuery before I learned how plain JavaScript works, so it makes for a good introduction to the language because of how easy it is to use. If you learn by doing, then it's a great place to start.

However, you must have a full understanding of JavaScript to get the most out of jQuery in the long run, so you should definitely look into learning JavaScript without jQuery when you are comfortable enough to do so.

I would recommend the text I used in college for learning JavaScript, but I've since learned that it has a 2-star rating on amazon.com and it is still very expensive. It did a good job of teaching a practical application of JavaScript for beginners, but it has a lot of typos that may trip you up if you do the practice examples, and for the price it really should be perfect. If you can find it for cheap, pick it up.

A cheaper alternative that I have not read is JavaScript Step by Step by Steve Suehring. Much cheaper than a college text and highly recommended. An introduction to getting a grasp on JavaScript is most definitely worth more than the 25 bucks you'll spend.

When you start to feel like you could do some damage (in a good way) with JavaScript, you should definitely check out JavaScript: The Good Parts. It will shed a whole new light on JavaScript and help you realize both how powerful and strange the language is. I don't know if your job duties or passion for programming would lead you this deep into JavaScript, but if your goal is enhancing your career, JavaScript is most definitely the next step in the world of web.

When people ask me what JavaScript is to a web developer, I tell them this: HTML makes up the bones of a website. CSS is the skin. JavaScript is the muscles that makes your website live and breathe. Learning it is essential!

Best of luck!

That's sort of a tricky one, because there are two distinct aspects to learning JavaScript. The first aspect is figuring out how to solve problems using code, and the second aspect is understanding the nuances of JavaScript. (Ideally, the second phase should require much less time, but unfortunately, JavaScript is a bit of a quirky language so even developers who are experienced at solving problems in other languages might need some adjustment time to get used to the unexpected bits).

Regarding the first aspect, I'm unfortunately a little out-of-touch with the JavaScript ecosystem, and am not aware of too many resources that I think do a good job of teaching you how to problem-solve using JavaScript (which, I should emphasize, is different, and probably harder challenge then just teaching you JavaScript).

That said, freecodecamp seems like a potentially good one. If you care only about JavaScript, you're probably going to want to skim through the first bits on HTML and CSS, but the exercises and projects they provide seem pretty damn solid.

Eloquent JavaScript might also be a good one -- the only main problem is that I think it ramps up a little too quickly in places (in particular, the chapters about writing objects). This might be a good "second resource", after you complete a more basic tutorial and have one or two projects under your belt.

Beyond taking courses, the best thing you can do for yourself is just constant practice, whether it's by working on exercises or working on your own personal projects. The only way to get better at problem-solving is via constant practice.

Regarding the second aspect, here are some good resources that I think do a good job of teaching the nuances and tricky bits of JavaScript. I would consider these beginner-intermediate resources -- they might not be entirely appropriate for somebody completely new to programming, but certainly would be useful for somebody who's completed one or two projects and wants a deeper understanding of JavaScript, or for an experienced programmer who hasn't used JavaScript before and needs to ramp up quickly:

• JavaScript: The Good Parts -- it's a pretty small book, and does a good job of giving a very concise and precise definition of what clean JavaScript code looks like.
  
• MDN's JavaScript guide -- this is a no-nonsense set of guides to JavaScript, and has a variety of different tutorials targeted towards different audiences.

Only have a few minutes to elaborate, but I'd recommend familiarizing yourself with the in and outs of the OSI networking stack like you plan to, and also study Operating Systems. A traditional OS class would be nice, but if you can complement that with a forensics class you will be balling.

It's also a good idea to figure out what subfield(s) of security you would like to pursue. Security is becoming so big and technical that it is almost impossible to be an expert in all aspects of security, so try them all and stick with 2-3 that you like - if the subfields complement each other you will make yourself an even stronger professional.

There's a ton of good resources online; if you make it a habit of browsing the links /u/eooe provided, you will learn about a lot more resources that will help. I would recommend the Life of Binaries class on http://opensecuritytraining.info/, and to add to the fun, Practical Malware Analysis by Sikorski is an amazing book on malware analysis that comes with exercises and labs that you can run with a pretty simple VM setup. The book describes how to set that up as well.

Wow, 24 hours and no replies?!

Fine, you know what? FUCK IT!

Alright, first off - While you can concentrate on physical, understanding the basics of the digital side of things will make you more valuable, and arguably more effective. I'll take this opportunity to point you at Metasploit and tell you to atleast spend an hour or so each week working to understand it. I'm not saying you have to know it backwards or inside-out, just get a basic understanding.

But you said you want to go down the physical path, so fuck all that bullshit I said before, ignore it if you want, I don't care. It's just a suggestion.

Do you pick locks? Why not? Come on over to /r/Lockpicking and read the stickied post at the top. Buy a lockpick set. You're just starting so you can go a little crazy, or be conservative. Get some locks (Don't pick locks you rely on!) at a store, and learn the basics of how to pick.

Your fingers will get sore. Time to put down the picks and start reading:

• Social Engineering - The Art of Human Hacking
  
• Practical LockPicking - A Physical Penetration Tester's Training Guide
  
• No Tech Hacking - A Guide to Social Engineering, Dumpster Diving, and Shoulder Surfing
  
• Unauthorised Access - Physical Penetration Testing For IT Security Teams
  
• Ninja Hacking - Unconventional Penetration Testing Tactics and Techniques
  
• Metasploit - The Pentration Tester's Guide (OPTIONAL but suggested)
  
• The Basics of Hacking And Penetration Testing - Ethical Hacking and Penetration Testing Made Easy (OPTIONAL but suggested)
  
• Keys to the Kingdom: Impressioning, Privilege Escalation, Bumping, and Other Key-Based Attacks Against Physical Locks (OPTIONAL but suggested)
  
  That reading list right there gives you over 2000 pages to read. Read. Read More.
  
  Tired of Reading? Have you been listening to the Social-Engineer.org Podcasts? 53 quality podcasts right there. Time to catch up!
  
  Tired of listening? Take a break! And by "Take a break" I mean grab your lockpicks, a lock, and start picking while you relax with a Jayson Street video. He's fun to watch, and will hopefully distract you while you try picking a lock. Also, he highlights how you don't have to be a computer-genius to be good at PenTesting. Go watch more of his videos while you pick locks - It's entertaining at least, and informative/educational at best. Now go watch Deviant Ollam's videos if you're done with Jayson Street.
  
  Sounds like a lot? It's not. You'll spend a bit of money getting started with picks, locks, and books. It's the nature of the game, no good way around it. It's time-consuming. You may have to give up playing your favourite games for a while. But the things you learn and skills you develop will pay more than that game did. By the time you're halfway through any one of those books you'll have a much better idea of what questions you want or need to ask in order to progress further and faster every day.
  
  Go to Security Cons. DerbyCon is awesome, and happens in late September, plenty of time to start saving money and making reservations. Talk to people, ask questions, and make connections. You will learn more in those 4 days than some people learn in months or years and you'll have tons of fun.
  
  If you can swing it, attend Deviant Ollam's "Physical Security Skills for Penetration Testers" class. The things you will learn in that class will make it worth every damned penny, and you'll feel like a bad-ass at the end of it.
  
  Is this what you wanted?

Like qaisjp said, do a lot of CTFs.


Cyber security is a vast field with many potential sub-categories you can delve into: software reverse engineering, hardware reverse engineering, pentesting, cryptography, steganography etc. - The list is long.


For more info about ctf's and which ones are hosted:

• https://ctftime.org/ctf-wtf/
  
  
  CTF's are usually separated into different subcategories and many people specialize in a few of them (not necessarily all), so I'd recommend you take a look around and see what you find interesting.
  
  
  Useful sites to visit:
  
  
• https://www.hackthebox.eu/
  
• https://overthewire.org/wargames/
  
• https://ringzer0ctf.com
  
• https://cryptopals.com/
  
• http://ae27ff.meme.tips/
  
• https://ctftime.org
  
• https://nostarch.com/ (very HQ technical books)
  
  
  Reading CTF write-ups is also very useful, taking a look at how challenges are structured and how people solved them will give you insight into different ways of thinking about various problems. Reading a few might be a good idea, and perhaps you fill find a few categories that might be interesting: https://ctftime.org/writeups (Other write-ups may be found just by googling, a lot of blogs and github's out there)
  
  
  Personally, I am very reverse engineering focused so I will mostly be able to help you with resources in that area.
  
  
  RE links to take a look at:
  
  
• https://github.com/wtsxDev/reverse-engineering
  
• http://amzn.to/2jljYqE (Must read book if you want to delve into RE)
  
• https://beginners.re/
  
• https://revers.engineering/applied-reverse-engineering-series/ (a blog my friend made)
  
  
  If you do RE, coding is also vital (people tend to do C++ and/or C together with x86/x64 ASM, the latter which is essential for RE in the first place), but it is not exclusive to RE, coding is crucial in many if not all CTF categories and I think having a start as a programmer is a good way to enter parts of cyber security.
  
  
  There is also a reverse engineering discord, which I think you could benefit from, a lot of information can be found on there about various kinds of reversing:
  
  https://www.reddit.com/r/ReverseEngineering/comments/9n2qcb/join_the_reverse_engineering_discord_active/
  
  
  I think a lot also boils down to reading books, blogs etc. and having good knowledge of how various things work, the links above should be of help, and should lead you to other useful resources as well. You do not necessarily have to switch majors, good computer knowledge is very helpful, and most cyber sec people I know do either compsci, math + compsci, or just math. In the end it just boils to doing things however, and ctf's are a great way to do that.
  
  PS. With reversing you can also delve into game hacking which is super interesting and a lot of people do really funky shit with things like the windows kernel!
  
  If you have any questions about anything, feel free to ask.

Start here.

Read those left to right. You will learn a lot about networking, a lot about Python and how that is commonly used to hack, and then a lot about Kali Linux. You won't learn how to use the tools, but you will learn what they are.

I would also recommend "Operating System Concepts" but it is a bit pricey. I like that book because it doesn't teach you how to use a bunch of commands in linux, rather it teaches you how operating systems work and why they work that way. Very interesting, and there is an entire section on security. Also, "Penetration Testing" is a good one, and it is cheap too. You will learn how to use some Kali tools, but you'll also learn the important stuff. Buffer overflows and format string attacks are what you need to know how to do. You need to know how to look at and manipulate memory.

If you want to figure out how to do it yourself, read the first four books. If you want a step-by-step guide of exactly what to do, read the last book. It is also pretty important, IMHO, to know a bit about operating systems, but honestly you don't need that one. It just tells you why things are the way they are, which is sometimes helpful when you're like "oh I wonder if I can hack in like this" but then you remember that you could, but they changed it because you could.

Good luck on your endeavors!

Edit: I looked at the sidebar and it agrees with me about learning how OS's work. It says: I think the best place to start is to get a solid understanding of OS concepts first. The combo of Linux, C, and ASM are almost essential to really understanding how everything melts together. I like this resource: http://wiki.osdev.org/Expanded_Main_Page.

Sorry for getting back to this so late, it's been a long week.

1. You will need a good understanding of HTML/CSS, mostly how to manipulate and traverse the DOM tree. Luckily, this is very simple and straightforward once you figure out how the pieces fit together. On top of that, Javascript does a great job of hiding the need to actually write HTML or CSS markup, though you should still understand how it works. The better you understand the pieces of the puzzle, the more interesting and creative graphics and visualizations you can create!
   
   
2. The graphics are very easy to show off, seeing as they live on the web :) There are a ton of ways to host graphics, either on your own website, or on one of the many free online platforms like Github and CodePen.
   
   
3. As far as preserving interaction outside of the web, I do not have any knowledge of how to do that with Javascript (not to say that it doesn't exist).
   
   
4. As far as resources, I highly recommend reading Javascript: The Good Parts to understand how the language is put together, why it was put together that way, and how to take advantage of its unique style. It is a pretty short read. As far as learning visualizations, I learned most of my fundamentals from taking courses on Lynda, and then used good old Stack Overflow to figure out how to create the specific things I wanted to do in my visualizations. Other good sources for video tutorials are Pluralsight and sometimes Youtube.
   
   
5. YES! That is the beautiful part of creating visualizations on the web, you can power them with any web technology. Most of my visualizations retrieve data from some web API and use that to build graphics or show an interactive dashboard, meaning they look different every time I load them up. This gives you a ton of freedom and flexibility to create graphics that are both pretty AND useful. It's very common to hook them up to databases to query and display data.
   
   
6. As far as IDE's, I absolutely love Visual Studio Code if you have a Mac. It is VERY different from regular Visual Studio and has some great features like a built in terminal window, built in git support, a very lightweight directory structure, and a good community for 3rd party add-ons. It was built with Javascript in mind but I now use it for C++ and Python as well. If you run a windows, I use Sublime Text 2 which has many of the same features. If you want something with a bit more out of the box, Atom is a good IDE that lets you view your site as you build it and also deploys a small web server which is useful if you are not running your own.

Cool, well if you're serious, this is a very good book: http://www.amazon.co.uk/PHP-5-Objects-Patterns-Practice/dp/1590593804

It can be a little dense at times, so I'd read it carefully and definitely try out some of the examples as you go along with it.

For me, the whole OOP thing didn't really 'click' until I understood the real usefulness behind interfaces and abstract classes (basically, polymorphism). It's something that I just didn't get, and I'm talking about having been using classes and objects for over a year without understanding why an abstract class would ever be a good thing.

Polymorphism is one of those things that I'd read about before but just couldn't quite "get". It's one of those things that I just didn't click with until I came across a problem in a real world situation that could benefit from it. I had a go with it and suddenly a whole new world opened up.

So here's the problem: I was asked to output csv based reports from our system at work. It was clear from the initial meeting that there would probably be other reports coming in the future, and some of these might be in different formats such as json or even excel.

Here's where some of the key differences between OOP and the traditional (almost always messy and unorganised) PHP mentality really come to shine.

Instead of explaining the underlying theory behind it, let me show you the end result first:

I ended up with a system that could create new reports really easily. As soon as a new report was created, it was INSTANTLY available in csv, json or excel format, and I had an absolute guarantee that adding a new report would not break anything in my existing system.

Here's some typical use cases:

1. Create a daily summary report in csv format:
   
   $report = Library_Factory_FinancialReports::create(Library_Factory_FinancialReports::DAILY_SUMMARY_REPORT);
   $writer = new Financial_Report_Writer_Csv();
   $writer->write($report);
   
   
2. Create the same report in json format:
   
   $report = Library_Factory_FinancialReports::create(Library_Factory_FinancialReports::DAILY_SUMMARY_REPORT);
   $writer = new Financial_Report_Writer_Json();
   $writer->write($report);
   
   
3. Create a monthly financial report in excel format:
   
   $report = Library_Factory_FinancialReports::create(Library_Factory_FinancialReports::MONTHLY_FINANCIAL_REPORT);
   $writer = new Financial_Report_Writer_Excel();
   $writer->write($report);
   
   
   Do you see how easy that is?
   
   This is achieved through polymorphism and abstract classes.
   
   Whenever you want to create a new report, you simply create an object called a 'ReportReader'. This object ALWAYS returns it's final data in a set format, so the writer objects can understand them. They will always be compatible. For this reason, I can write a writer object just once, and so long as it works, it will work with all reader objects, and vice versa. I want to create a new format for my reports? Just create a new writer, and once it's finished, ALL reports will become available in that format. Want to create a new report? Just create a new ReportReader object (this object is what is set to the $report variable above - it's returned by the Library_Factory_FinancialReports::create() factory method), and this report will instantly be available in ALL formats that are available in the system - and even better, it will never touch any existing code (except to add a couple of lines to a switch statement in the Library_Factory_FinancialReports::create() method to return the correct ReportReader object).
   
   I can test each class independently and I can add and remove things with ease.
   
   This is due to polymorphism.
   
   I can explain it a bit further if you want... It basically comes down to thinking about problems in a more abstract way, and then working out a common interface that can be guaranteed between all objects...

Are you a beginner to programming, or have you been programming for a while in other languages and are just getting started with JS?

If you're a beginner to programming altogether, this is a good resource, but I'd also recommend some dead-tree books. I've heard good things about Javascript: The Good Parts, though I've never read it myself.

Edit: One thing to be careful of when you're just getting started, by the way: try not to focus too much on any single language and its features. You want a good solid base of fundamentals, you don't want to hyper-specialize from the start. Don't just learn Javascript, for example. Try Java and Clojure and C and Haskell too, and any other language you can get your hands on. They all have their own idioms and lend to certain styles of problem solving, it's good to be able to figure out which one is best for the task you're facing.

If you've done some coding before, and are branching out into JS as a new language, there's no better way than reading about it and then trying it out on your own. JSFiddle is a great resource for just playing around. You could try implementing solutions to Project Euler puzzles in JS. Or you could pick a pet project you want to work on that has some client-side behavior and implement it in HTML5/JS. Or server-side behavior and do it in node.js. Or you can find an open-source project using JS that you're interested in, and get involved there.

Edit: Also, Stack Overflow has dozens of JS-related questions answered every hour. Sometimes those answers come attached to a lot of useful information. Try browsing there, and if you have questions, ask them. It's a great resource.

So, everyone has different learning styles and there's no completely "best" way to learn something. Here's a couple suggestions on how I'd recommend starting:

• The simplest starting point would be to follow an online tutorial. It's been too long since I learned my first bits of javascript, so I don't remember what I used, but after a bit of looking, this one looks decent: https://javascript.info/ EDIT: Like /u/HothMonster recommended, I've heard good things about CodeAcademy. A friend went their their javascript course and found it useful. Haven't done it myself, but worth a look too.
  
• Are you the type that'd like a book to guide you through? There's one that I read and loved while I was learning: Javascript: The Good Parts. If you google it, there's a PDF in the top few results too, but I have no idea if that's legal or not.
  
  Using tutorials or a book, get a basic start going. Once you have a little bit of HTML/JS knowledge going so that you can make a index.html file and have it load a javascript file that does anything, like log to the console, then you're started. Go through a tutorial/book to get a bit more understanding and then.... build something.
  
  It's hard to choose a topic, but try to find something that you're interested in. Then work on making it. You'll learn an incredible amount by doing it. Don't try to master the language first, just make something with it. Then you can ask specific questions about the parts that you're having trouble with and it will help guide you through it and people will generally be willing to help someone that's working.
  
  Plus, getting help is easier when it's a specific use case that someone can help with vs. "Please teach me everything about this language" because even those of us that have worked with a language for quite a while often don't know all of it. :P

Servers should always be hardened and because everyone likes long guides the National Vulnerability Database actually maintains a lot of information regarding hardening servers. So for the actual server itself can be hardened using the following guide located here. That is for Red Hat Enterprise Linux 5. It will change from distro to distro, but some things are pretty standard. I agree with PalermoJohn as well that learning more about networking will certainly help you in securing your server and network.

For applications running on your web server the link for OWASP Top 10 that Rsaesha posted will help you. If you have more time and would like to learn about Application Security, The Web Application Hacker's Handbook is a great resource to learn a lot about security in Web Applications.

Both application and network level security are required to truly secure your web server.

Cheers!

Depending on the company and organization you're a part of, the SDET role can sometimes be flexible enough to begin blending into DevOps (Infrastructure) or Tooling territory.


I'm an SDET myself and I imagine I'll eventually find my way to a DevOps/SWE/SDE/Infosec type role myself. But in the meantime, I enjoy what I do. A friend of mine was an SDET and was able to demonstrate his SDE-specific skills and land a full time SDE role with a Big 4 company. So definitely possible, just make sure you're strong on coding and algorithmic understanding / problem solving.


I do have some specific feedback to assist with your goals though:


> Some other interests of mine that I don't get to really work with are linux administration, front-end web development, data analyst/sql stuff, and information security.


Some of these can be incorporated into your work depending on your role:

• Front-end web dev: Build out some internal tools to assist with different QA or Test specific tasks (or take existing test tools or scripts) and put them into a React or Angular app. Lets you build out something interesting while still being related to your role and work responsibilities.
  
  
  
• Data Analyst/SQL stuff: Build out some dashboards or other reports to show QA or Test coverage, better aggregate test records over time (how often has this test passed or failed historically, etc). Will provide value to others and help with oversight/insight into test - best to work with potential stakeholders (Managers, Directors) who may be interested in this data after you have a basic proof of concept, see if they can support (or would like) this data.
  
  
  
• Information security: Start reading up on some resources to support your testing of potentially vulnerable systems or web apps that you support (ie, read up on https://www.amazon.com/Web-Application-Hackers-Handbook-Exploiting/dp/1118026470 if you test web applications). Obviously this type of testing would be best carried out in a sandbox test environment, to give you better logs and if you discover something impactful it is contained to a test machine you can just rebuild if it breaks.
  
  
  Hope this helps and good luck!

I have recently read this book. I didn't like it at all. Just to give you an idea of my skill level, so you can compare it with where you are at, I've been doing HTML/CSS/Javascript for over a decade. My Javascript skills though have been more script line by line style as opposed to OOP intermediate level stuff. So I bought this book look to increase my Javascript skills.

While the book says its HTML5 with Javascript programming, it doesn't really cover the basics very well for either, even saying you should be familiar with both before reading it. At the same time, it spends half the book, quickly covering the basics, in such little depth, I would struggle to understand who its for.

The second half of the book, just spends one chapter at a time going over the various HTML5 APIs and how to use Javascript with them. For a 600 page book, there is so much fluff here, its unbearable. Its a really poor book. Its not for beginners, but its probably too simple for intermediates.

...

If you need to know HTML/CSS I'd highly recommend http://www.htmlandcssbook.com/

You'll want to install Sublime Text to do your work in it.
You'll want to create a Github account and download the client and learn how to version control.

After you've done the HTML/CSS book. I'd recommend learning about SASS from DevTips https://www.youtube.com/watch?v=1XmUUa_pWw8

You can install CodeKit to make compiling it easier.

...

For Javascript, I recommend "A Smarter Way to Learn Javascript" https://www.amazon.com/Smarter-Way-Learn-JavaScript-technology/dp/1497408180/ref=sr_1_1?ie=UTF8&qid=1473808304&sr=8-1&keywords=a+smarter+way+to+learn+javascript

It's a really good, QUICK, and straight to the point book on beginner Javascript. ~250pages

Then... If you want to round it out, I'd recommend Head First Javascript Programming https://www.amazon.com/Head-First-JavaScript-Programming-Freeman/dp/144934013X/ref=sr_1_1?ie=UTF8&qid=1473808479&sr=8-1&keywords=head+first+javascript+programming. While being full of fluff, as is Head Firsts way, is a much better book than their HTML5/JS one. With a lot of great examples ~600pages

After that, I'd recommend Learning Web App Development https://www.amazon.com/Learning-Web-Development-Semmy-Purewal/dp/1449370195/ref=sr_1_1?ie=UTF8&qid=1473808519&sr=8-1&keywords=learning+web+app+development ~300pages which will start to introduce the full javascript stack to you.

...

I hope that helps mate.

This is kind of a side-answer, but it looks like you are just compiling a list of things that are super popular at the moment.

> React.js with Flux seems more hot than all other frameworks

What concerns me is that you seem to not be concerned with what is the best framework for your project(s), but rather what is "hot".

For a long-term career I would recommend focusing on improving your understanding of concepts and theory that these ever-changing tools are built on rather than trying to chase what people think is cool.

The people who spent time learning JavaScript rather than simply "mastering" jQuery were in a significantly better position when client-side frameworks came out because they knew the underlying concepts.

If you haven't mastered these things yet, I think they have more value than most of the list of specific tools I see listed:

• Eloquent JavaScript & JavaScript: The Good Parts - Master the ins & outs of the language
  
• Understand common design patterns - New frameworks are going to be building with these components, what better way to have a jump on the "next big thing" than by understanding the blocks that it's built with?
  
• Functional Programming - React (and to a lesser extent Angular) are increasingly utilizing this paradigm and it is a jumping off point for more advanced techniques like Reactive Programming that lets you leverage an incredible amount of power especially in the big data space.

I am currently a penetration tester with a small Healthcare penetration company. We perform black box security tests for Hospitals and Health Care organizations.

If you are looking for actual schooling then I suggest looking for a university with a Network Security/Information Assurance Degree. There are not too many with dedicated degrees, but it is becoming a much more popular field.

Most importantly go get some literature on the subject. Although reading can not take the place of actual experience, most books these days are designed to go along side of hands on experience or provide information if you wish to "further refine your skills".

If you are new to security I would suggest "The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy" By Patrick Engebretson. It is a great entry level book designed to introduce you to the concepts of penetration testing.

If you want to get down and dirty quickly "
Metasploit: The Penetration Tester's Guide" By David Kennedy is another great book though a bit more technical then the last.

These are only a few of many great books. If you want to become a good penetration tester, taste the fundamentals and then pick a focus to get good at. There are few jacks of all trades in Penetration testing.

Okay so there are a couple of good places to start with malware. The first is Malware Analyst's Cookbook. It is a pretty decent beginner level resource.

From there, Practical Malware Analysis is excellent and goes a lot deeper.

For free resources I've heard good things about Dr. Fu's Malware Analysis Tutorials.

You will need to have a strong understanding of reverse engineering. I like Practical Reverse Engineering or Reverse Engineering for Beginners. The latter is free.

With RE comes assembly. I learned from the free book PC Assembly Language. The RE books should have some info on assembly as well.

You should also know the systems programming API and OS internals for whatever OS you're interested in. This is most likely Windows, so I recommend Windows System Programming and Windows Internals. You can find similar books for Linux and macOS too. Having a good understanding of C and C++ is helpful for this. Also get comfortable using your assembly level debugger on your OS of choice. WinDBG, x64dbg, and OllyDBG are all good on Windows. GDB is pretty much the default on Linux, and LLDB on macOS.

I also highly recommend some scripting language, whether it's Python, Ruby, Powershell or whatever for hacking up your own tools.

Lastly, there is a list on GitHub with a ton of helpful links.

I think that's enough for now.

As far as demand it's hard to say and probably depends a lot on where you're from. It's certainly not like the demand for webdevs but there's also not nearly as many people with the skillset. I'm not a malware analyst myself, I'm more focused on security research and embedded development.

I know those skills are especially high in demand around the Washington, DC area with defense contractors and government agencies. Especially if you can get a security clearance. Most other security firms I know of are always looking for good people with strong reversing and OS internals knowledge.

Let me know if you have any questions and I will try to answer.

HTML and CSS are pretty simple, I would spend almost no time reading about them (Unless this is for some sort of job interview) for the most part you will just be googling "How to I make round borders" until you can do it by rote memorization.

JS, on the other hand, is a tricky beast. I would spend a majority of my time learning not just how to write javascript, but how to write good javascript.

javascript the good parts and Javascript garden is where I would start out learning. Javascript is easy to write, but hard to write well. You need to follow strong conventions otherwise your code will end up looking like spaghetti right quick and in a hurry. If you start playing around with the language, I would suggest using JSLint to make sure you aren't doing anything stupid.

After getting a good strong base in javascript jquery shouldn't be too hard. It is just a javascript library. perusing through the docs and getting a feeling for what it can do is probably all you really need. Just like any library you've used. You didn't learn all of the .Net framework, rather you would google and lookup specifics as you needed them. That is much the way you are likely to use jQuery. It can do a lot and you don't need to know everything it can do to use it effectively.

In short, javascript is where the traps are. The other things you mentioned are "I'm going to google this anyways" so I wouldn't really spend a large amount of time learning them.

Here is a "curriculum" of sorts I would suggest, as it's fairly close to how I learned:

1. Programming. Definitely learn "C" first as all of the Exploitation and Assembly courses below assume you know C: The bible is pretty much Dennis Richie and Kernighan's "The C Programming Language", and here is the .pdf (this book is from 1988, I don't think anyone would mind). I actually prefer Kochan's book "Programming in C" which is very beginner freindly and was written in 2004 rather than 1988 making the language a little more "up to date" and accessible. There are plenty of "C Programming" tutorials on YouTube that you can use in conjunction with either of the aforementioned books as well. After learning C than you can try out some other languages. I personally suggest Python as it is very beginner friendly and is well documented. Ruby isn't a bad choice either.
   
   
2. Architecture and Computer basics:
   Generally you'll probably want to look into IA-32 and the best starting point is the Intel Architecture manual itself, the .pdf can be found here (pdf link).
   Because of the depth of that .pdf I would suggest using it mainly as a reference guide while studying "Computer Systems: A Programmers Perspective" and "Secrets of Reverse Engineering".
   
   
3. Operating Systems: Choose which you want to dig into: Linux or Windows, and put the effort into one of them, you can come back to the other later. I would probably suggest Linux unless you are planning on specializing in Malware Analysis, in which case I would suggest Windows. Linux: No Starch's "How Linux Works" is a great beginner resource as is their "Linux Command Line" book. I would also check out "Understanding the Linux Kernel" (that's a .pdf link). For Windows you can follow the Windows Programming wiki here or you can buy the book "Windows System Programming". The Windows Internals books are generally highly regarded, I didn't learn from them I use them more as a reference so I an't really speak to how well they would teach a "beginner".
   
   
4. Assembly: You can't do much better than OpenSecurityTraining's "Introductory Intel x86: Architecture, Assembly, Applications, & Alliteration" class lectures from Xeno Kovah, found here. The book "Secrets of Reverse Engineering" has a very beginner friendly introduction to Assembly as does "Hacking: The Art of Exploitation".
   
   
5. Exploitation: OpenSecurityTraining also has a great video series for Introduction to Exploits. "Hacking: The Art of Exploitation" is a really, really good book that is completely self-contained and will walk you through the basics of assembly. The author does introduce you to C and some basic principles of Linux but I would definitely suggest learning the basics of C and Linux command line first as his teaching style is pretty "hard and fast".
   
   
6. Specialized fields such as Cryptology and Malware Analysis.
   
   
   Of course if you just want to do "pentesting/vuln assessment" in which you rely more on toolsets (for example, Nmap>Nessus>Metasploit) structured around a methodology/framework than you may want to look into one of the PACKT books on Kali or backtrack, get familiar with the tools you will use such as Nmap and Wireshark, and learn basic Networking (a simple CompTIA Networking+ book will be a good enough start). I personally did not go this route nor would I recommend it as it generally shys away from the foundations and seems to me to be settling for becoming comfortable with tools that abstract you from the real "meat" of exploitation and all the things that make NetSec great, fun and challenging in the first place. But everyone is different and it's really more of a personal choice. (By the way, I'm not suggesting this is "lame" or anything, it was just not for me.)
   
   *edited a name out
   
   
   
   
   
   

Three esxi servers, each with more than one NIC, and one separate vcenter server is a great starting point. This allows you to tune DRS, HA, and even fault tolerance. Once you get that down, you'll want to be able to tune VMs properly to run most effectively in a virtual environment.

I enjoyed reading these books, though some are "dated" now, the contents are still very relevant. They won't get you anywhere in particular by themselves, but when you combine them with the self-teaching nature of sysadmins I've previously described, these will generously add to your toolset.

HA and DRS deepdive
Sed & Awk

Mastering Regular Expressions. I use rubular.com often.

Pro Puppet

Anything by Bruce Schneier is usually worth your time.

Though I no longer administer a large number of Windows machines, I am a huge fan of Mark Minasi. The Server 2003 book was super helpful in building and maintaining Windows Domains.

I have an old edition of the DNS and Bind book kicking around somewhere.

Understanding the Linux Kernel has largely been useful to me when doing anything "close to the kernel". Not a good beginner's book.

I've never used an apache book, but I enjoyed the Varnish book. This definitely helped me.

Of course, these books don't cover everything, and those listed are relevant to my interests so your mileage may vary. You'll never go wrong teaching yourself new skills though!

EDIT: I forgot about the latest book I've read. I used tmux for a little over a year before purchasing a book on it, and it has improved my use of the program.

Not tutorials, but I highly recommend the following JavaScript books:

JavaScript The Definitive Guide (6th Edition, Flanagan)

http://www.amazon.com/JavaScript-Definitive-Guide-Activate-Guides/dp/0596805527/ref=sr_1_1?s=books&ie=UTF8&qid=1310948024&sr=1-1

Pro JavaScript Design Patterns (Harmes/Diaz)

http://www.amazon.com/JavaScript-Design-Patterns-Recipes-Problem-Solution/dp/159059908X/ref=sr_1_1?ie=UTF8&s=books&qid=1310948075&sr=1-1

JavaScript Patterns (Stefanov)

http://www.amazon.com/JavaScript-Patterns-Stoyan-Stefanov/dp/0596806752/ref=sr_1_1?s=books&ie=UTF8&qid=1310948115&sr=1-1

Object-Oriented JavaScript (Stefanov)

http://www.amazon.com/Object-Oriented-JavaScript-high-quality-applications-libraries/dp/1847194141/ref=sr_1_1?s=books&ie=UTF8&qid=1310948145&sr=1-1

Most people swing from Douglas Crockford's nuts and recommend JavaScript: The Good Parts (http://www.amazon.com/JavaScript-Good-Parts-Douglas-Crockford/dp/0596517742/ref=sr_1_1?s=books&ie=UTF8&qid=1310948183&sr=1-1).

I received a free copy while at Yahoo in 2008 and honestly, I didn't find this book that good of a read. I felt it was definitely geared more towards those with formal CS backgrounds. Keep in mind, I definitely need to re-read it (to see if I feel the same way), but I read it a couple times back in '08 and tossed it on the shelf. The books I mentioned above I've read several times as well and can only say buy them. I'm on my 2nd read of Flanagan's book now.

jQuery in Action is a decent book, but the copy I have is for 1.3, I think. I think I have the first edition and it looks like there is a second.

http://www.amazon.com/jQuery-Action-Second-Bear-Bibeault/dp/1935182323/ref=sr_1_1?s=books&ie=UTF8&qid=1310948303&sr=1-1

jQuery Reference Guide 1.4 is also good, but it's for 1.4 and jQuery is at 1.6 now so it's tough for the books to keep up! I think it's pretty much the online/official reference guide as well

http://www.amazon.com/jQuery-Reference-Guide-Jonathan-Chaffer/dp/1849510040/ref=sr_1_2?s=books&ie=UTF8&qid=1310948347&sr=1-2

Geez, man. Thanks for making me feel old! :P

This subredding is actually a good resource to keep up on what's new. Twitter is another one if you follow the right people. Paul Irish, Addy Osmani, John Resig and a few others.

In terms of training, pluralsight is a GREAT resource. It's not free, but you can get an introductory offer and the low end monthly plan is $30 which isn't too bad. They have courses on web dev and programming by some of the best people in the industry. It's a great way to learn. http://pluralsight.com/training

Online learning:

• Codecademy
  
• Code School This is a paid site. But they have a few free coures. (Their free rails course is REALLY good).
  
  A few books you should read:
  
  
• JavaScript: The Good Parts
  
• Effective JavaScript
  
• Clean Code
  
  Podcasts:
  
  
• JavaScript Jabber
  
• Ruby Rogues
  
  Make sure you learn Git and the Chrome Dev Tools. Code School has a great course on it
  http://www.codeschool.com/courses/discover-devtools
  
  I'm sure I'm missing stuff, but this should be enough to get the ball rolling. Enjoy!
  

> My only problem is I wonder how we will increase the amount of bitcoiners in the network.

By spreading the message on Facebook, Twitter, Youtube, schools, ...
By being an example that bitcoin works and that it has benefits. It's not easy to persuade other people because people don't like changes but there's no other way. People need to see that bitcoin is good for them and that they want to use bitcoin.

Best example is Andreas Antonopoulos. He wants to spread the message. He travels around the globe to give speeches about bitcoin, wrote two books about bitcoin. Has huge amount of videos on Youtube (channel). Has great knowledge of bitcoin, other cryptocurrencies, computers. Has IT diploma. He is from Greece so he knows what it's like to see that government steals money from people.

Great analogy bitcoin vs. automobile by Andreas: Car wasn't accepted when it was invented because people thought horses were better. That it would never work because there weren't enough gas stations to support cars and not enough people would have cars to warrant new gas stations being built. There weren't roads for cars, they had to prove themselves on dirt paths designed for horses which lead to them getting stuck. But as popularity grew roads were designed for cars. Not only were the roads great for cars but they were backwards compatible for horses.

Isn't that analogy same as email vs. letters?

History repeats itself. Bitcoin is still new, it's like the internet in the first years. When the internet was a new thing, only a few people imagined that people all over the world will comunicate with each other...

I recommend this video of Andres: The Death of Money | London Real and I think the book The Internet of Money should be good read.

I don't recommend people like Roger Ver and Charlie Shrem. They may look like good guys of bitcoin but not anymore.

I was in your position, so I can tell you there's not a lot out there that walks a software person through radio and even less that walks a software person through ham radio. I'll share some key things that helped me:

1. The RTL-SDR book is pretty good. They don't explain a lot, but the projects are OK and give you a direction to work in and show what's possible.
   
   
2. You can get an amateur radio book, but be prepared to have to make some connections yourself. Like, they talk a lot about modes. Amateur radio "modes" are basically what you and I would call protocols: An agreement to transmit and receive using certain conventions. The ham radio sources are almost 100% directed at explaining new ham things to people who are already in the hobby, not explaining things to outsiders--it's really frustrating.
   
   
3. You can understand a lot with some pretty simple mental models. Radio stations (large and small), sometimes they transmit analog sometimes digital, etc. However, if you want to understand settings like "FFT size" or "LNA" and why you can only see a certain amount of bandwidth or if you want to build your own application from scratch, you need to dig into the mathematics of digital signal processing (DSP). My favorite free resources for that are:
   
   a. GreatScottGadgets shortish overview of some basic concepts from an SDR perspective
   
   b. A really neat website that introduces many fundamental DSP concepts
   
   c. A free book that explains DSP in detail step by step
   
   

I agree with what the others have said.

However, I'll give you some more direction and encouragement. I'm sort of in a similar position as you (except I'm a senior, and have a few years experience working with systems and networking) who is also looking at Security-focused internships.

The CompTIA certificates are okay, especially as a beginner, but they don't hold much weight. They're great for laying down foundational knowledge, and maybe helping you get an interview, but beyond that, they won't do much else.

If I were in your position, I would put my study time into getting the OSCP (Offensive Security Certified Professional). This thing is intimidating. It's one of the harder certificates to get in the industry, and the main reason for that is the exam is a rigorous 24 hour pentest. The payoff is worth it though; the OSCP has an overwhelmingly positive reputation in the industry (don't take my word for it, read up on other's opinions of it). This certificate doesn't expire, and it's something that can help you in your career further down the road (unlike the CompTIA certs). The biggest reason I'm mentioning it is because you can start as a total noob and still pass the exam (all you need is a basic understanding of networking and somewhat familiarity with linux) - be prepared to spend 300-400 hours in a lab environment until you get to that point, though. Start out with the Georgia Weidman book to see it it interests you, if so, go for it and don't look back. Even if you apply to non-offensive/blue team security positions, the OSCP will still put you and your resume near the top of the stack.

As your interest progresses in the Security industry, know that it's essential to have a thorough understanding of systems and networking - and how everything connects to each other.

Best of luck!

IIRC, if there are multiple equally specific best matches you'll get a compiler error, and will have to disambiguate by making the call as you would with a normal static method. There are potentially issues if you recompile your code and the libraries you use have since added better-matching but functionaly incompatible extension methods, but I don't think there's any real solution to this, and it's unlikely to be a problem with well-designed libraries.

You're certainly correct that extension methods should be defined very carefully and sparingly. The ever-valuable Framework Design Guidelines has a number of recommendations, the first of which is to avoid "frivolously" defining extension methods.

A good IDE such as Visual Studio can tell you that Select is an extension method, which does help to some extent. Also, I suspect the vast majority of uses of extension mathods are through implementations of the LINQ patterns, in which case it's pretty clear from the usage.

Although extension methods can be used to extend existing sealed classes or as cute helpers, or for adding "instance" methods to interfaces, their primary use is for LINQ. It's fascinating how several C# 3.0 & 2.0 features that are individually quite interesting - extension methods, lambdas, type inferencing, iterators, generics, object initializers - combine with the LINQ-to-objects library to form something that's greater than the sum of the parts.

And that's not even getting into fascinating things like expression trees, the AsParallel() extension method, LINQ-to-SQL, the Rx framework...

My short answer to these questions is get my book! It's a book for people who are new to Unity but already know how to program. That sounds like a perfect fit for you; you don't necessarily need to know C# before reading my book (you'll pick it up from the examples) but my book doesn't spend time explaining programming basics like what a variable is, etc.


That out of the way, to address each question separately:

> First of all, in regards to learning C# for use with Unity, how should I go about learning C#?

I would just dive into tutorials about Unity. Learning programming before looking at Unity makes sense to me, but as for the specific language, well, you'll pick up syntax as you follow along.

> Second, does Unity have some way to develop user interfaces with HTML, CSS and JS?

Not really. I did once see a library to parse HTML within Unity, but I haven't heard anything about that in years. Unity has a decent UI system built-in so I'd recommend learning that.

> Third, does Unity have any extensions or plugins to make it so you can use Lua rather than C#? Probably not but I figured it was worth asking considering I'm good with Lua.

Not that I know of. It really won't be much of a challenge for you to pickup C# if you're already good at programming in a different language.

> Last but not least, does Unity support custom shaders? Also, what are some good resources to learn how to do shader programming?

Yes it does. My book doesn't go over shader programming, but Makin' Stuff Look Good is a good video series for this, and Alan Zucconi writes text tutorials about shader programming in Unity.

I'm just two months into my first real job for programming and have a few books I've been going through.

Clean Code is a book not just about writing code, but good code that is easily maintained and passed down to other people to understand.

Working Effectively with Legacy Code was a great read coming into company that has been around for 20 years and is on the third iteration of their product.

I am doing web development so You don't know JS, Javascript: the good parts and then Javascript The Definitive Guide have all been a great help.

If you aren't much a book person, Pluralsight.com is awesome for info on tons of different technologies and is well worth the monthly cost. Go follow every major name in your preferred technologies on twitter. They will tweet all sorts of cool things to learn about. Also, PODCASTS!!!. I don't even listen to music anymore. If I'm in the car alone I'll be listening to Dot Net Rocks or Javascript Jabber.

Lastly, there are subreddits for every tech imaginable. Go subscribe to them and hit everyone up for where they get all their info!

Sure thing! I don't do a whole lot of Malware RE, but where I started was with the book:

• Practical Malware Analysis - It gives a good start to understanding how to work on dissecting Malware and gives a nice set of hands on practice.
  
  Of course, knowing assembly is very valuable for Malware Analysis as well, so it would be useful to still know most, if not all, of the stuff I listed in the other comment.
  
  Other good places to start would be:
  
  
• RPISEC - Intro to Malware
  
• Malware Unicorn RE 101
  
• Malware Unicorn RE 102
  
• Some Recommended Tools/Books
  
• Malware Analyst's Cookbook
  
• MalwareBytes Encryption 101
  
• This Random list of 'Awesome Malware stuff'
  
  Definitely would start with the book, Practical Malware Analysis and get your feet wet a little bit. Then browse through the other stuff or if you're a visual person, watch some videos on youtube of how other people dissect Malware, just so you can see the bigger picture.
  
  Hope that helps!

There are a ton of books, but i guess the main question is: what are you interested in? Concepts or examples? Because many strong conceptual books are using examples from java, c++ and other languages, very few of them use php as example. If you have the ability to comprehend other languages, then:

http://www.amazon.com/Design-Patterns-Elements-Reusable-Object-Oriented/dp/0201633612/ref=sr_1_1?ie=UTF8&qid=1322476598&sr=8-1 definetly a must read. Beware not to memorize it, it is more like a dictionary. It should be pretty easy to read, a little harder to comprehend and you need to work with the patterns presented in that book.

http://www.amazon.com/PHP-5-Objects-Patterns-Practice/dp/1590593804 - has already been mentioned, is related directly to the above mentioned one, so should be easier to grasp.

http://www.amazon.com/Patterns-Enterprise-Application-Architecture-Martin/dp/0321127420/ref=sr_1_1?ie=UTF8&qid=1322476712&sr=8-1 - one of the most amazing books i have read some time ago. Needs alot of time and good prior knowledge.

http://www.amazon.com/Refactoring-Improving-Design-Existing-Code/dp/0201485672/ref=sr_1_4?ie=UTF8&qid=1322476712&sr=8-4 - another interesting read, unfortunatelly i cannot give details because i haven't had the time to read it all.

Good news is that you've got the educational creds to have a solid foundation for a future career. Now it's time to build the background or at least skillset to prove that you're dedicated to the field. An internship is helpful but you're going to need a lot more than helpdesk. I'd focus on finding a small consulting firm or getting in with IT at a company but treading carefully to not take on a title that states 'help desk.'

Showing that you have raw talent is the most important. Demonstrating skills such as learning python or spinning up your own secure server in Softlayer, AWS, or another provider is a massive resume booster and it shows you mean business. I'm not saying that you should sink a bunch of cash, but figure out a small server that you can use, secure, and play around with it over a period of a few months. There's a wealth of information you can pull from just 'doing' without having direct work experience.

Help desk can be a trap, so avoid that and go the networking route or sys-admin path by learning Unix. Help desk seldom leads to better roles in that it's catered to keep you trapped in tier 1 - 2 IT hell. Take it from me as someone who learned quickly that it's a dead end if you want to progress your career.

Hope this comment helps. In an attempt to help you find some good resources I'll post a few below.

Start to Python
https://learnpythonthehardway.org/book/

Secure AWS:
https://benchmarks.cisecurity.org/tools2/amazon/CIS_Amazon_Web_Services_Foundations_Benchmark_v1.0.0.pdf

Helped me get my CCNA:
Read up on GNS3 LAB, it's not supported by Cisco so I wont officially endorse, however you can Google and learn about this on your own.

https://www.freeccnaworkbook.com/

http://www.9tut.com/ - study before your test.

KB for general security. There's a lot out there but this is an easy start.
https://www.cybrary.it/

For learning application security, you'll need to know burp. I'd take a look at this link, and then see if you like what you're reading, do the right thing and go buy this from Amazon if you continue down this path.

https://leaksource.files.wordpress.com/2014/08/the-web-application-hackers-handbook.pdf

If you learn BURP or Python, you should own this book:
https://www.amazon.com/Tangled-Web-Securing-Modern-Applications/dp/1593273886

Well firstly, language is a big choice right now. If you're looking to make a financially fulfilling career in a young company or on your own, I'd recommend learning javascript to later use node.js, and learning ruby. Personally, I'm a node.js developer, so I would recommend moving toward the JS world and using really cool things like socket.io and mongoDB. Ruby is a fantastic language overall. It's a bit slow, but it does a great job regardless, and tons of really cool startups use it. At the moment, I would say that these are the two most profitable paths to take in web development.

http://codeacademy.com is a fantastic place to start. It does a great job at teaching the fundamentals of programming. If I recall correctly, the javascript courses take you from the absolute basics to building some kind of useful application, such as a calculator or todo list.

Once you've made your way through the tutorials at codeacademy, move on to http://codeschool.com. Their tutorials are a bit more advanced, and leave you with a real application and real knowledge on how to take an idea and turn it into a real product. For node magic after you've moved through Codeschool, check out http://nodeschool.io/

Here are a few books I would recommend

JAVASCRIPT

• Javascript: The Good Parts
  
• Node.js in Action
  
  RUBY
  
  
• Why's Poignant Guide to Ruby
  
• Ruby on Rails Tutorial

Some more learning tools:

• Tuts+ has a number of great coding video tutorials, many of them free. Definitely worth a look.
  
  
• If you like the code-as-you-go kind, check out Code School. It's $30us a month but the courses are more in depth than codecademy.
  
  
• Book wise, Eloquent JavaScript is a good place to start (and its a free download!).
  
  
• Id also recommend JavaScript Enlightenment for advanced beginners, and JavaScript the Good Parts for those with a bit more experience.
  
  
• Another good beginner book is JavaScript & jQuery by Jon Duckett, it's got a great design and is much more illustrative than traditional books.
  
  edited to add links; formatting

I'm going to be brutally honest here, and I'm probably going to get down-voted, but I'm not impressed with the underlying code for the project. I don't even know where to begin.

You're obviously passionate about Javascript, but runtime engines and best practices have changed dramatically in the last few years. Some things that stick out could easily be chocked up to coding style or preference, but when those preferences aren't well-adjusted to current-day standards, it leads to a perpetuation of those bad practices and hinders the growth and evolution of web development overall.

I'm posting this here, instead of on Github, because these aren't quite bug reports. I'd be more than happy to contribute though.

1. Syntax and readability are more important than shortcuts.
   
   Cutting corners in the interest of character count is useless. It's better to be able to read the code than to have to interpret it line-by-line.
   
   For hinting, I recommend JSHint. It'll be nicer than JSLint, but it'll still likely hurt your feelings.
   
   Here are some JSHint errors/warnings that popped up:
   
   > The body of a for in should be wrapped in an if statement to filter unwanted properties from the prototype.
   
   > Expected an identifier and instead saw 'arguments' (a reserved word).
   
   > Expected a 'break' statement before 'case'.
   
   A lot of syntax errors can be solved by linting or hinting, and following a style guide. Here's Google's Javascript Style Guide. You'll find that most projects on Github follow the same code conventions, and for very good reason. When you make your code consistent and readable, other developers will be more likely to like you and contribute to your projects.
   
   
2. Read Douglas Crockford's Javascript: The Good Parts and Nicholas Zakas' Maintainable Javascript.
   
   
3. Use an AMD-style, modular system like Require.js or Yahoo Module Pattern because Global variables are evil. The basic idea behind a modular system is that every piece of functionality is broken down to its basic form, and no less. It helps to keep things organized. Even if you choose not to use a framework, following a trusted organizational pattern is a good idea. Consistency is key.
   
   
4. Check out Backbone.js or Underscore for data manipulation.
   
   I really like the project, but the code is unwieldy and confusing.

In my opinion; every book in this bundle is a bag of shit.

Here's a list of reputable books, again in my opinion (All links are Non-Affiliate Links):

Web Hacking:

The Web Hackers Handbook (Link)

Infrastructure:

Network Security Assessment (Link)

Please Note: The examples in the book are dated (even though it's been updated to v3), but this book is the best for learning Infrastructure Testing Methodology.

General:

Hacking: The Art of Exploitation (Link)

Grey Hat Hacking (Link)

Linux:

Hacking Exposed: Linux (I don't have a link to a specific book as there are many editions / revisions for this book. Please read the reviews for the edition you want to purchase)

Metasploit:

I recommend the online course "Metaspliot Unleashed" (Link) as opposed to buying the book (Link).

Nmap:

The man pages. The book (Link) is a great reference and looks great on the bookshelf. The reality is, using Nmap is like baking a cake. There are too many variables involved in running the perfect portscan, every environment is different and as such will require tweaking to run efficiently.

Malware Analysis:

Practical Malware Analysis (Link)

The book is old, but the methodology is rock solid.

Programming / Scripting:

Python: Automate the Boring Stuff (Link)

Hope that helps.

>At first I searched for a good guide for an average programmer, I found the [1] MDN JS Guide which is good, but I think not very good: At first I wasn't sure what is part of the language itself and what is only available at the HTML-DOM (they use a lot alert-dialogs - JS hasn't a Standard Library like Python or Java, has it?).

They use a lot of alert because it's the easiest possibility to show something for starters, you can however of course use console.log, console.warn and error. For the HTML DOM thing, well c'mon - at least try that examples in your console, will you? Just press [F12] or google for how to open the JS console for your browser.


>Is there a "JS Bible"? I know there is the tutorial for python ([2] click me) and as well there is the book/bible/reference for C (from dennis ritchie) and C++ (from Stroustrup). Does something like that exists for JS?

JavaScript: The Good Parts by Douglas Crockford


>Second Question: For my purposes, it is worth to use a Framework like jQuery? I'm using it right now, but I think it's not a big deal to code everything without using an 3rd-party framework.

I like to be able to swim, before I learn to drive a boat - and you? :)
Anyways, that depends - if you do this for clients, use jQuery, it's tested, on multiple browser, sure it has bugs, and plug ins should be reviewed by you before being used. jQuery helps to code less though, and has plenty of beginner questions already answered - just use it.

> Last Question: Atm I'm using Django as webframework and i'm very happy with it. But it looks like Node.js got lots of attention in the last couple of month, is mature enough to use it for real world problems?

It's "mature" enough yeah, but use what you need - not what is all the rage right now.

JS is hard, especially for people new to programming. Basically, JS as we know it today is an evolution of a browser hack that only recently became a seriously useful language. The syntax is terrible, math and numbers don't make any sense, the regex system isn't super robust, oh and it's not really an OOP language. Technically, it is multi-paradigm and includes some oop-like things and classes are on the way to browsers, but it's for naught anyway, because you don't need classes in JS - It's a prototypical inheritance based language.

If you're new to programming in general, I'd say you should start with a more sane environment, like Python. It will teach you programming concepts while railroading you into making good coding decisions. It's really common for people to start with Learn Python the Hard Way - don't. Go to /r/learnpython and search "LPTHW 31" and just count up the people struggling with it. Zed Shaw is an idiot, there are better things to read, I'd recommend watching the google IO talks, get a buddy to learn with. Honestly, I've never read a python book cover to cover, but I feel pretty comfortable with the language from just googling "How do I do X in Python" millions of times, usually if a link comes back to docs.python.org, I click that one first. The docs are wonderful, you don't need a book.

But, since JS is one of the most important languages due to it's integration with the most common form of media distribution in our time, I'd recommend reading / watching talks by Douglas Crockford. Check out Javascript: The Definitive Guide and Javascript: The Good Parts. The second one is a little easier to digest, while the first is really the definitive guide.

In both cases, I'd recommend doing the challenges on hackerrank.com.

> Ps; anyone know of a good recommendation on how to start on web apps on the labs. Looking for a good book or resource.

The OSCP web app portion is good, but if you're like me you might benefit from some supplemental materials. Not necessarily specific to the course, but I found these resources really helpful for working on my web app skills

• Metasploitable2 has Damn Vulnerable Web App and Mutillidae. and a couple other web components. Takes common vulns from easy mode to hard.
  
• Google Gruyere more exploitable web app with a guide. Good info
  
• Pentester Lab exercises Web for Pentester I and Web for Pentester II are great and thorough.
  
• Web Application Hacker's Handbook web app hacking BIBLE.
  
• OWASP Testing Guide industry web app testing standard
  
  Hope that helps! :)

Well, you could obviously pay someone to create it for you. If Wordpress or other off the shelf CMS software doesn't cut it, then you're likely rolling your own solution.

I would recommend learning. Here's how to do it:

• Get a good development environment. I love Webstorm for general web work - great code completion, and makes a lot of things easy. For Rails, I would recommend RubyMine. Those guys at JetBrains make some really kickass software, let me tell you.
  
  
• Learn the basics of web development, and the roles of each technology involved. Use HTML to create templates for your pages, use your server-side backend to accept and provide content, use CSS to make it pretty, and JavaScript to make it dynamic.
  
  
• Understand the difference between and limitations of client-side and server-side code, and use each appropriately.
  
  
• Learn the tools. Pick a real technology stack and learn it, whether that be Ruby on Rails, LAMP, whatever you like. Doesn't matter - this is all about learning. Using jQuery will make your JavaScript life much easier, and try out SASS if you're feeling frisky.
  
  
• Don't expect a good-looking, reliable site on your first try - it's going to take a lot of effort.
  
  GET BOOKS. Books are the best programming resources around, believe it or not:
  
  
• The Pragmatic Programmer - The de facto programming best practices guide.
  
• Javascript, the Good Parts - How to JavaScript, by JS guru Douglas Crockford. Not really a beginner book, but a great reference once you get a handle on JS.
  
• Ruby on Rails 3 - Learn Rails by Example - This looked like a really nice beginner level intro to general web development and Rails.

But for the love of God, please, please, learn JavaScript itself to a good standard before even touching jQuery.

Even though jQuery makes writing web apps a lot easier and saves you a lot of development time, it is still a JavaScript library and as such, if you don't have a good grasp of JavaScript, you're going to be writing jQuery code that may well work correctly, but you're not going to have any idea why it works correctly and as such, debugging and writing advanced jQuery code is going to be a nightmare.

I appreciate that you might not want to spend any money on learning JavaScript, but if you're really interested in the language and want to know it well (and you already have a solid foundation in programming), then I highly recommend getting JavaScript: The Good Parts and reading through that. It's short (176 pages), you can read it in an afternoon (though the first time round, some of the stuff might go over your head), and although it may be very opinionated, most of what Crockford says is pure gold and at the end of it you will have a thorough understanding of how JavaScript works and how you can write good JavaScript, which will aid you tremendously when you start using libraries such as jQuery.

Apologies for my rantiness, it's just that JavaScript is seen as a 'toy' language by many, a simple language that people can just jump in and use without learning it first, as evidenced by people suggesting diving straight into jQuery, which is a reputation that I think is undeserved. JavaScript may not be the prettiest of languages, but it's here to stay, and if you learn to use it properly, you'll find that beneath the design mistakes lies a simple and beautiful programming language that just wants to be loved.

I can't possibly recommend Douglas Crockford's Javascript: The Good Parts enough. It's a quick read; I read through it in an afternoon. I've been doing professional node development for three years now, and I still reference The Good Parts.

Similar to what /u/AlexanderC89 said, there are high-level architectural and pattern differences between javascript and PHP. The key concepts, off the top of my head, that are most important to understand are:

• Prototypal (js) vs Classical (php, c/c++) inheritance
  
• Functions as first-class objects (and lambda functions)
  
• Asynchronous/event-driven I/O model
  
• Block scope (php, c) vs Function scope (and closures)
  
• Variable hoisting
  
• "==" vs. "===" and "falsy" values
  
  You can probably find good descriptions of all of these somewhere on the web, but I'd just as soon recommend reading The Good Parts. I'm not affiliated with Crockford or anything at all like that, quite simply just that The Good Parts is really that helpful.
  
  Honestly, I wouldn't sweat promises until you have a strong grasp of the callback model. They're important and very useful, no doubt. Its just that I've tried to introduce promises to a few colleagues whose understanding of the async callback model wasn't the strongest, and it really tripped them up. Once the callback model clicked for them, promises were a snap to pick up. YMMV.
  
  I can throw together some quick examples and descriptions for you, if you find that sort of thing helpful.
  
  (edit: formatting)

Preface - you have missed years of development in an area (web client front end coding). It's advancing so fast the rest of us can barely keep up. I'm serious - seems like every day there's something new that would take me multiple days to learn well.

See the "Web Development Timeline"





Moving beyond the standard HTML5/CSS3 stuff, I spent part of my evening compiling this list. It's incomplete and some stuff is opinion. WMMV. If you were helped, well, buy me a beer someday :-)

• JS got real popular. Catch up on the current terminology used.
  
• ECMAScript/ES5 language extensions
  
• ES6 ("Harmony") extensions - coming soon; some already here. The current working draft of ES6 as PDF
  
• Exhaustive list of Micro-libraries
  
• HTML5 shims, ES6 shims, Lazy loaders (require.js), Modernizr... It's overwhelming, please see Daily JS for an exhaustive roundup of libraries/frameworks as they are released.
  
• Underscore.js for functional programming niceties
  
• The myriad client-side MVC frameworks - (Backbone.js, Ember.js, Spine.js, etc.)
  
• Stratospheric rise in the goodness of webkit. See Peter Beverloo's blog for weekly reports of WebKit new features added.
  
• Douglas Crockford's JavaScript: The Good Parts was a huge hit - this always comes up in interviews.
  
• IE9 and IE10. IE9 did border-radius, SVG, and added a faster JS engine. IE10 (only for Windows 8) adds CSS gradients, 2D/3D(?) transforms, CSS transitions (and animations now I'm told?)
  
• Opera is now on versions 11 and 12 - and it still rocks. Here's what's new in the development snapshots from their blog. I'm a fan since long ago, it's nice to see them continue to remain competitive with the 'larger' browsers.
  
• Firefox is now on versions 12 through 14.
  
• Chrome is now on versions 18 through 20.
  
• JSLint is now integrated in some editors (I love it in notepad++) and JSLint begat JSHint, which is sold as "kinder, gentler"
  
• Web Workers (aka JS threads)
  
• Web Sockets API
  
• WebGL See the 3-D dynamic terrain/bird demo - awesome!
  
• Death of Ajaxian.com rule, takeover by Daily JS and BadAssJS (IMHO)
  
• Inline images expressed in data/uris which are base64 coded) eg: IMG SRC="data:image/gif;base64,EEEEEEBASE64JUMBLE" online image encoder
  
• LESS and Sass - better CSS with variables, macro expansion, etc.
  
• calc() in CSS3 Really new - chrome nightlies and firefox supports. If you remember way back when, IE 5.5/6.0 had a similar but poor performing feature called CSS expressions
  
• INPUT TYPE="COLOR" and "DATE" should now work well, and have in-browser helpers for selection.
  
• CSS3 display:flex-box
  
• CSS Gradients/Animations/Transitions see this slidedeck/demo
  
• CSS3 Shaders/Filters. Shaders are really really new (as in: last week) as far as implentation in a browser. I'm psyched about creating some vertex shaders (.vs files) for effects.
  
• Local Data Stores (4k cookie - bah!)
  
• Mobile browser coding: events for swiping screen, etc. see jQuery Mobile, Sencha touch.
  
• Node.js based on Chrome's V8 JS interpreter (I know; you know...)
  
• Coffeescript (I know you know, I included for completeness) The JS to Coffeescript is also interesting.
  
• DART. Google's JS-like language for those who like classical Java/C++ oop style - they even have a version of Chromium for Mac which has DART native. Else it transpiles to JS, like Coffeescript does.
  
  
  
  If you didn't click on any links above, well, for shame. There's some good important stuff up there. Below are a couple websites that I think are must-sees, as far as demos of the recent html5/css3/bleeding edge, and news/informational blogs I read daily or weekly... Most were listed above!
  
  
• CSS3 Click Chart
  
• HTML5 Rocks!
  
• Learning threejs/tQuery (WebGL)
  
• Bad Ass JS
  
  
• W3C's blog on CSS
  
• Daily JS - - news on libraries and node, mainly
  
• Steve Souder's blog on high performance web sites. He wrote a couple books too that are very good.
  
• Peter Beverloo's blog discussed what's new in this week's WebKit/Chromium builds.
  
  
  
  
  
  
  Stuff I didn't include, and am going to leave as an exercise to the reader:
  
  
• Vibration API (for tablets, phones)
  
• Battery status API
  
• CSS3 image-set (download different quality/resolutions depending on capabilities)
  
• Video element stuff - Hollywood's next blockbusters may be edited over the web.
  
• Speech API - see Peter Beverloo's blog and W3C...
  
• Audio - there's some full on audio mixers and synthesizers out there now
  
• Web Inspector in Chrome
  

Reversing: Secrets of Reverse Engineering - Is probably the most common book recommendation. Its an older book (2005) but its about as gentle as it gets in terms of the core concepts but its missing a bit due to its age (32bit RE only). I'd liken it to something like Hacking: The Art of Exploitation for exploit developers. Its a solid book, it covers the fundamentals but it'll take a bit more work to get up to speed.

Practical Reverse Engineering - This one is a newer book (2014) while it doesn't cover as many topics as the above book, its less dated in what it does cover, and it does cast a wider net covering things you'll see today like ARM and x64 instead of just x86. I tend to recommend starting with this book, using Reversing and the next book as a reference if there is a chapter of interest.

Practical Malware Analysis - While this one has more traditional RE introduction, where it excels is in dynamic analysis and dealing with software that doesn't want to be analyzed. Now, its from 2012 and malware has changed since then, so its age certainly shows, but again fundamentals remain even if technical details change or are expanded upon.

Practical Binary Analysis - This is the newest book of the list (December 2018). It wouldn't use it alone, but after you've gone through any of the above books, consider this an add-on. Its focus is on dynamic analysis and its modern. I'll admit I haven't read the entire thing yet, but I've been pleased with what I have read.

Edit: s/.ca/.com/g

> After all if javascript is a language like PHP and built into the web browser it should be exactly the same everywhere. Shouldn't it?

Python, IronPython, Jython and Stackless Python are all different implementations of the same "Python" language, yet they're all subtly different. g++ and Visual C++ are two different of the same "C++" language, and yet they're both subtly to completely different in the subsets of the language they're able to handle, and the way they implement it.

So no, there is no reason that it should "be exactly the same everywhere" because there is no single Javascript implementation for everyone to use. And yet it does manage to be mostly the same everywhere...

> Standards don't apply

They actually do, "Javascript" itself, as a standard, is mostly well implemented across browsers (the only quirk I could list being the whole Date.getYear fuckup). The area where various implementations start differing is the DOM, which is not Javascript-the-language but Client-side-javascript-platform.

> Mochakit

MochiKit, please.

And it's not really a framework, much more of a javascript library.

> Rest assured Mozilla will soon create its own framework or library and make things "better"

Why the hell would they do that when they can improve the language itself (as far as they're concerned)? See Javascript 1.6, Javascript 1.7, Javascript 2.0

> Hard to find good books and documentation

Only when you don't know where to look.

Beginner? HowToCreate's JS Tutorial (http://www.howtocreate.co.uk/tutorials/javascript/important) is one of the best resource to get up-to-speed with the basics

Beginner or designer? Go for Jeremy Keith's "DOM Scripting" (http://www.amazon.com/DOM-Scripting-Design-JavaScript-Document/dp/1590595335/ref=pd_bxgy_b_img_b/102-8282999-1322522?ie=UTF8), clear book, not too advanced or clean javascript but more than enough to get things done.

Want some more? PPK's "PPK on Javascript" (http://www.amazon.com/ppk-JavaScript-1-Peter-Paul-Koch/dp/0321423305/sr=8-1/qid=1161173272/ref=pd_bbs_sr_1/104-4964908-7079955?ie=UTF8) is reliable AND practical, plus PPK's WebSite, QuirksMode (http://www.quirksmode.org/) is one of the most practical "advanced javascript" resources one can find, especially on the DOM issues. Could've been more advanced, but PPK wanted it to be an intermediate-level book, not a guru-level one.

You want to know everything there is to know about JS, or are a language lawyer? Javascript: The Definitive Guide 5th Edition (http://www.amazon.com/gp/product/0596101996/ref=pd_cp_b_title/102-8282999-1322522?ie=UTF8) is the ultimate Javascript book & reference. Everything you may need from scoping rules to interfaces to SVG and E4X is in there.

> The community is your only hope

Only a subset of the community is really useful, and most of it already has blogs. Most of the community, on the other hand, is completely and utterly clueless.

Above all, what one must realize to work with javascript is that javascript is not a "sub-language", a "toy" or a "scripting language", it's a full-fledged, dynamically weakly typed programming language.

And it's not java.

My advice? Enjoy your summer. It's one of the last times in your life that you'll genuinely have very little to no responsibilities. The field of CS is very much about learning on your own as an autodidact, so if for some reason you're getting bored doing teenage girl things there are plenty of resources out there to learn CS topics from.

I would focus on these rather than a formal, guided summer program because in your CS career you're likely not going to have the opportunity to have a guided internship every time you need to learn something new. Not to mention you're going to have a hard time finding an internship as a prefrosh since even freshmen/sophomores are looked over in favor of more experienced candidates. Some of these sites I've listed below offer certificates of completion, especially the MOOC-type courses, if for some reason you need vindication of your efforts. Lynda I believe offers their entire collection free through many local libraries. If your local library doesn't have a relationship, try other libraries in other counties or parts of your state.

Other than that, do your best to absorb as much programming knowledge as you can as it will be immensely helpful in your studies. As you learn, try to learn what really interests you in the field of CS (cybersecurity, machine learning, AI, robotics, data science/databases, or maybe you just turn out to really, really like coding) so you can make it a specialty. The field of CS pays enormous dividends when you specialize into things. It's these types of niche consultants that can demand $100-200/hr and get handsomely rewarded.

Oh, and think about subscribing to these subreddits, you might find them useful:

/r/cscareerquestions
/r/learnprogramming
/r/netsecstudents
/r/sysadmin
/r/ITCareerQuestions

If you enjoy programming:

• Codecademy
  
• Cybrary
  
• Lynda
  
• Udemy
  
• Pluralsight
  
• SoloLearn
  
• theodinproject.com
  
• Udacity
  
• https://www.edx.org/course/introduction-computer-science-harvardx-cs50x
  
• https://education.github.com/pack
  
  If you enjoy cybersecurity:
  
  
• CTFtime.org
  
• pentesterlab.com/bootcamp
  
• OverTheWire.org/wargames/
  
• io.netgarage.org
  
• pwnable.kr
  
• www.amazon.com/Penetration-Testing-Hands-Introduction-Hacking/dp/1593275641
  
• https://code.google.com/archive/p/pentest-bookmarks/wikis/BookmarksList.wiki
  
• http://www.amanhardikar.com/mindmaps/Practice.html
  
• https://www.bonkersabouttech.com/security/40-intentionally-vulnerable-websites-to-practice-your-hacking-skills/392
  
  If you're interested in IT certifications:
  
  
• CompTIA A+, Network+, Security+, Linux+
  
• Cisco CCNA
  
• Microsoft MCSA

Excellent questions! If you are a CS grad you are ahead of the game. However, it all depends on what you want to do. I suggested learning programming/CS principles for two reasons:

1. The more you understand how computers, code, compliers, software, stacks, memory randomization, CPU protection rings, and the such work the better you are at hacking. You can find novel ways to get into systems and exploit them, etc.
   
   
2. You can write basic tools on the fly. It is amazing the tools you can create with a few lines of code when you have access to nothing but a GCC compiler in a *nix environment.
   
   If you want to find zero day exploits, yes learn how low level languages work. It would be very helpful in that case.
   
   Otherwise, Learn python (or whatever is popular at the time) to write your own exploit tools....or to modify existing ones.
   
   
   If you want to be apart of a red team learning lower level languages could make you a better exploiter. However, IMO, I would start with just learning the basics of hacking.
   
   
   These two books are old but they are absolute standards for anyone starting off:
   
   https://www.amazon.com/dp/1593271441/ref=cm_sw_r_cp_awdb_t1_GYIACb1Z2YXFA
   
   And:
   
   https://www.amazon.com/dp/1593275641/ref=cm_sw_r_cp_awdb_t1_zZIACbMH0WTMP
   
   
   Also, learn as much as you can on how windows/Linux/virtual machines (and containers) work. The more you know about how an OS works the easier it is to exploit.
   
   Learn to exploit, there are a ton of free sites to help you learn:
   
   http://overthewire.org/wargames/
   
   
   https://www.cybrary.it
   
   
   
   www.vulnhub.com
   
   
   http://google-gruyere.appspot.com
   
   
   
   Learn CTF challenges:
   
   https://ctflearn.com
   
   
   When you are able to hack take part in real challenges:
   
   
   https://ctf365.com
   
   
   Then start your career with a RESPECTED CERT, OSCP:
   
   
   https://www.offensive-security.com/information-security-certifications/oscp-offensive-security-certified-professional/
   
   The OSCP is no joke and it is a timed, 24 hour cert test. Yes, you read that right, 24 hours.
   
   Unless you want a government gig stay away from C|EH, it is a joke cert in the community. Again, unless you need to work for a gov agency
   
   
   
   Finally, and I cannot stress this enough.....LEARN CLOUD COMPUTING!!! It is here to stay and on-prem systems are dying a slow death. It will change how you exploit systems and how software is engineered/deployed.
   
   

A year ago, I probably would have said C/C++ with SDL, or maybe SFML, or maybe even Pygame. Flash would have been an option, but you can't develop for flash on Linux (without jumping through hoops). But this is almost 2012, and there is a very real and very interesting alternative to the "traditional" routes: HTML5 games.

But dude, javascript sucks, right? Not really. Read Javascript: The Good Parts. Javascript is misunderstood and perhaps a little strange, but it doesn't suck. And modern Javascript engines are very fast, it's no longer a second-rate scripting language.

But dude, only people with bleeding edge beta browsers can use it, right? Not really. A year ago maybe, but anyone with a recent version of Firefox, Chrome or IE can play your game. Some people might need to upgrade, but they probably need to upgrade anyway.

But dude, the only other dude to recommend HTML5 was downvoted. So what? It's still an emerging platform but it's ready to be used now, whether the other developers realize it or not.

But dude, none of the browser-based games I play are HTML5, is this for real? Yes, it is! Like I said, it's an emerging platform, but they're out there. Just look at Onslaught Arena or Can't Turn it Off (which, as a bonus, was made with a WYSIWYG game creation program).

So really, HTML5 is probably the best and easiest cross-platform choice for small games out there. The problem with almost all the other suggestions is distribution. Either it's difficult to distribute (it will involve people downloading exe files, bundling Python and Pygame, etc) or it runs on Flash (which sucks, let's be honest). HTML5 is just... there. Who doesn't have a web browser?

Edit: I was looking for this link earlier, the results of a Mozilla Labs competition. Really awesome HTML5 games here.

I'd suggest you should pursue software development as a career path. Once you're working full time as a developer it will be much easier for you to move into a .NET role if you choose.

The career market can be hit or miss. There are plenty of jobs using those technologies but they're less ubiquitous than say Node or Java.

In terms of keeping up your skill, Pluralsight has some amazing content. And I'd recommend these books:

Design Patterns in C# - probably the first book I'd read.

CLR via C# - In-depth, targeted at professional developers, and absolutely crucial for anyone doing it professionally.

Agile Principles, Patterns, and Practices in C# - Will help get ready to work on a professional software development team with a slant towards Cc#.

Pragmatic Unit Testing in C# with NUnit - Also important for working as a professional C# developer.

More Effective C# - Is more of a specialist read. Might be helpful after you've worked for a year or two.

Framework Design Guidelines: Conventions, Idioms, and Patterns for Reusable .NET Libraries - Is better suited for a technical lead or architect. But could be useful to keep in your back pocket.

Senior Security Engineer

Hi, I'm Kevin Hock and I work on the DataDog security team.
We are looking for some talented security engineers to join our security team here in NYC.

How Do I Apply

Send me an email with your resume and GitHub at kh@datadoghq.com

What you will do

• Perform code and design reviews, contribute code that improves security throughout Datadog's products
  
• Eliminate bug classes
  
• Educate your fellow engineers about security in code and infrastructure
  
• Monitor production applications for anomalous activity
  
• Prioritize and track application security issues across the company
  
• Help improve our security policies and processes
  
  Who you should be
  
  
• You have significant experience with network and application security
  
• You can navigate the whole stack in pursuit of potential security issues
  
• You want to work in a fast, high growth startup environment
  
  Bonus points
  
  
• You contribute to security projects
  
• You're comfortable with python, go and javascript. (You won't find any PHP or Java here :D)
  
• CTF experience (I recommend you play with OpenToAll if you don't have any)
  
• Program analysis knowledge
  
  Sample interview questions
  
  
• Flip to a page of WAHH, TAOSSA, CryptoPals, ask you about it.
  
• Explain these acronyms DEP/ASLR/GS/CFI/AFL/ASAN/LLVM/ROP/BROP/COOP/RAP/ECB/CBC/CTR/HPKP/SSL/DNS/IP/HTTP/HMAC/GCM/Z3/SMT/SHA/CSRF/SQLi/DDoS/MAC/DAC/BREACH/CRIME?
  
• How would you implement TCP using UDP sockets?
  
• How do you safely store a password? (Hint: scrypt/bcrypt/pbkdf2)
  
• How does Let'sEncrypt work?
  
  Hat tip to Levi at SquareSpace, also on this thread, he is an awesome person to work with. David Wong, a crypto king of NCC, on this very Q4 thread, is also a great person to work with in Chicago.
  If you're looking to break stuff more than build stuff hat tip to Chris Rohlf's Yahoo! team.
  Random other places you can apply in nyc: MongoDB, Jane Street, 2 sigma, greenhouse.
  
  
  I personally applied because I love Python but I like the company a lot so far.

Copy paste from a post I made earlier

Malware RE isn't really all that much voodoo as it seems, you take the executable and break it down into steps.

First check out the PE headers and find what strings you can, characteristics. Figure out if the malware is packed or not.

A quick and dirty way to get an idea of what it does it run it with certain tools on the system and a linux box to intercept all network communications. This is called behavioral analysis.

After that you can load it into a disassembler like IDA Pro and start looking for interesting functions or windows API calls. Things like WriteFile, VirtualAllocEx, ReadFile then figure out that they are doing.

After that you can take it into your debugger (I like OllyDbg) and set some breakpoints at interesting functions to see what the malware is doing in the stack. Like I said, its not voodoo once you look into it further.

Creating the malware is a whole different story and outside my skill set. In fact I hate programming and know only high level programming, basically I can interpret code and what it wants to do. But I have an easier time reading Assembly (lol) than something like C++. But coding malware is just like coding anything else, design it for what you want it to do and get to work. Stuff like Stuxnet had probably at a minimum 10 extremely talented coders behind it.

Here is a great list of learning sources.

Cybrary.it Malware Analysis Course - Free

Opensource Malware Analysis Course - Free

Dr. Fu's Malware Analysis Course - Free

OpenSecurityTraining.info - Free

SANS FOR610 Reverse Engineering and Malware Analysis - Expensive

Practical Malware Analysis

Practical Reverse Engineering

Malware Analyst's Cookbook

Hi James!

One of the best books for a novice web developer/designer (and not just novice, for anyone who wants to get up to speed with the newest editions of HTML and CSS) in my opinion is the "Learning Web Design" by Jennifer Robbins. The 5th edition was published in May last year, so it's pretty recent. You won't be learning any outdated stuff from this book.

The book is quite big, with around 800 pages, but the author is really great. She explains everything you need to know and she explains it really good. Throughout the book you'll be building an example web site by doing a lot of exercises.

The book starts with an explanation of how Internet works in general. It doesn't go too deep into this topic, just enough for a beginner. You'll then learn HTML, and after that CSS. There are two chapters on JavaScript, but it covers only bare essentials. You'll need another book(s) for JavaScript, though. The one I would recommend is Head First JavaScript Programming, which somebody already recommended it, too.

The Head First HTML and CSS and HTML and CSS: Design and Build Websites (also already recommended by other users here) are also great, but they are a little bit old now, as they are from 2011. Not that you won't learn anything from them. You could read these two, and then the book by Jennifer Robbins, so you get better familiarity with HTML 5 and CSS 3.

I few years ago my youngest brother got his first IT job, and he fell right into an admin role. He too is very sharp. I bought him the following books as a gift to get him started...

The Practice of System and Network Administration, SecondEdition - a few years old but has lots of fundamentals in there, still well worth reading. Hoping for a third edition someday.

Tom Limoncelli's Time Management for System Administrators

I see others have recommended this great book, and I wholehartedly agree: UNIX and Linux System Adminstration, 4th Edition. I was sad when Evi's ship was lost at sea last year. :-( You could tell she loved sailing old wooden ships... just look at the cover. A great loss; she did so much for our community.

Additionally, I will second or third anyone recommending works by Brendan Gregg. I got the Kindle version of Brendan's Systems Performance: Enterprise and the Cloud. I really like this book. It was written to be a good foundational book for the next several years. I am planning to get a hard copy version too. While you're at it, check out these links...

Brendan Gregg:
http://www.brendangregg.com/
http://www.brendangregg.com/linuxperf.html
https://github.com/brendangregg/perf-tools
http://lwn.net/Articles/608497/
http://www.brendangregg.com/USEmethod/use-linux.html

Tom Limoncelli:
http://everythingsysadmin.com/

Introduce him not only to books, but online resources and communities like /r/linuxadmin :-)

Cheers!

Personally, I find I learn best from books but only for two narrow facets: theory and reference.

The books everybody recommends are:

• Eloquent JavaScript - http://eloquentjavascript.net/
  
• JavaScript: The Good Parts - https://www.amazon.com/JavaScript-Good-Parts-Douglas-Crockford/dp/0596517742
  
  That first one can be read online.
  
  Once you get past the how do I write code basic literacy stuff and really want to step up into architecture you might want to get a little bit of Lisp and Scheme. The fundamental concept to learn in this language is scope. In my experience computer science grads tend to learn things like C++ and Java or C# and work really hard to get really good at OOP. Those techniques of inheritance aren't quite so helpful in this language if you never learn this language's scope model. If you fall in love with the scope model you might find you don't need the OOP/inheritance stuff.
  
  When you are ready to interact with the web here is a quick guide I wrote to teach DOM access: http://prettydiff.com/guide/unrelated_dom.xhtml Could you let me know where this guide fails you so that I can improve it for other people?

I realize this is an old post, but I figured I would add my two cents in:

If you have no Linux Knowledge, I would recommend these two books:
http://www.amazon.com/Introduction-Unix-Linux-John-Muster/dp/0072226951

http://www.amazon.com/Introduction-Linux-Manual-Student-Edition/dp/0072226943/ref=pd_bxgy_b_text_y

I would also recommend getting a book on windows server:
http://www.amazon.com/Mastering-Microsoft-Windows-Server-2008/dp/0470532866

After going over those you should have a fundamental understanding of Unix/Linux

Then I would recommend this if you need to brush up on your basic networking knowlege:

http://www.amazon.com/CompTIA-Network-Deluxe-Recommended-Courseware/dp/111813754X/ref=sr_1_1?s=books&ie=UTF8&qid=1369292584&sr=1-1&keywords=network+%2B+delux+guide

Some security theory wouldn't hurt: I'd recommend these in no particular order:

http://www.amazon.com/The-Basics-Information-Security-Understanding/dp/1597496537/ref=pd_rhf_se_s_cp_7_FHWA

http://www.amazon.com/gp/product/1597496154/ref=s9_simh_se_p14_d0_i6?pf_rd_m=ATVPDKIKX0DER&pf_rd_s=auto-no-results-center-1&pf_rd_r=6289C56ED33B4C108B60&pf_rd_t=301&pf_rd_p=1263465782&pf_rd_i=itia2300

And now we actually start getting into penetration testing:

http://www.amazon.com/Metasploit-The-Penetration-Testers-Guide/dp/159327288X/ref=pd_rhf_se_s_cp_3_FHWA

http://www.amazon.com/The-Basics-Digital-Forensics-Getting/dp/1597496618/ref=pd_rhf_se_s_cp_6_FHWA

http://www.amazon.com/Advanced-Penetration-Testing-Highly-Secured-Environments/dp/1849517746/ref=pd_rhf_se_s_cp_8_FHWA

http://www.amazon.com/Nmap-Network-Scanning-Official-Discovery/dp/0979958717/ref=pd_rhf_se_s_cp_10_FHWA



Full disclosure: I have used all these books in my studies. I am not affiliated in any way with these authors, this also isn't something you can just "master" in 24 hours; you may however learn a few cool tricks early. My advice would be to keep at it, not only read these books, but setup Virtual environments to test these concepts in.

Those books I listed should give you a fundamental understanding of: Linux, Windows server, Networking, Information security theory, computer forensics, and basic penetration testing.

I would also recommend you take up a scripting language, Python is pretty simple to learn if you haven't already, and insanely powerful in the right hands.

Oh, one thing I forgot. NEVER EVER EVER run Kali linux as your primary distribution, setup a duel-boot and use something like Debian as your "casual" computer, and then souly use Kali or backtrack as your "Network security distro"

Ninja edited by myself

Sure, though I've also read people in your position are better at building apps with JS if they're new to it because things like PHP are completely different in how you start growing an app (classical vs prototypal inheritance) not to mention that if you also do PHP instead of just straight JS you're getting used to and learning 2 languages that are completely different in how you code. In either case you're right you have to learn JS anyway, here are the best resources after codeacademy basics stuff:

JavaScript: The Definitive Guide: Activate Your Web Pages (Definitive Guides):

http://www.amazon.com/JavaScript-Definitive-Guide-Activate-Guides/dp/0596805527/

JavaScript: The Good Parts:

http://www.amazon.com/JavaScript-Good-Parts-Douglas-Crockford/dp/0596517742/

Programming JavaScript Applications: Robust Web Architecture with Node, HTML5, and Modern JS Libraries:

http://www.amazon.com/Programming-JavaScript-Applications-Architecture-Libraries/dp/1491950293/

A cool talk from last year of the Fluent conference (and the author of that last book) explaining how different something like PHP and JavaScript are and why JS doesn't deserve the bad rap it used to get (He's a pretty cool guy from Adobe and I got to talk to him last week about all of these things we're talking about right now and where web development is heading, and why JS as a single language for the web can work even better):

http://www.youtube.com/watch?v=lKCCZTUx0sI

This was a really cool overview on JS today, and you get to see Unreal Tournament and the Unreal 4 engine run in a web browser:

http://www.youtube.com/watch?v=aZqhRICne_M

First, make sure that you've built some complex apps in vanilla JS, and have faced some sort of issue of scale (ie. problems that came up because your app has a lot of code). Maybe your code is really long and difficult to organize. Maybe you end up repeating the same code in a lot of places. Etc.

That way when you try a framework, you'll have some idea why it does what it does, and what problem it's trying to solve.

As far as specific libraries, I'd try these in this order:

• Lodash (or equivalently, Underscore). This is a really useful utility library, and can be used regardless of what fremework you're using.
  
• Backbone is the most barebones and vesatile of the popular frameworks, and is meant to be used in conjunction with jQuery (which you already know) and Lodash (which you will have learned). Backbone will give you a good sense for what MVC is.
  
• React is a level of abstraction above Backbone, and offers 2-way binding and component-level separation in addition to MVC (more acurately, MVVM). I'd encourage you to use it with Browserify, which lets you use NodeJS's syntax for injecting code, but in the browser.
  
• Angular is more opinionated than React, and introduces high level concepts like dependency injection.
  
• Optionally, also try out Meteor (which introduces full stack, 4-way binding), Ember (a super opinionated framework, most similar to Angular), and Polymer (a very future-facing framework, most similar to React).
  
  For general education, here are a few books I recommended in another thread:
  
  Design patterns:
  
  
• http://addyosmani.com/resources/essentialjsdesignpatterns/book/#designpatternsjavascript
  
• https://leanpub.com/javascript-allonge/read
  
• https://leanpub.com/javascript-spessore/read
  
  The JavaScript language:
  
  
• http://www.amazon.com/Effective-JavaScript-Specific-Software-Development/dp/0321812182
  
• http://www.amazon.com/JavaScript-Good-Parts-Douglas-Crockford/dp/0596517742
  
  Hope that helps, and good luck!

As a pentester you would typically need to follow a methodology of some sort. Here is a well known one http://www.pentest-standard.org/index.php/Main_Page

Typically you would first enumerate all open tcp/udp ports using a port scanner such as nmap. Then you would analyze ports one by one to see if they contain any vulnerabilities. If it’s a service running an outdated version of a particular software you would look up exploit-db and see if there is a corresponding exploit. Then tweak it to give you reverse shell to your IP address in metasploit or netcat. If it’s a web service you would use web methodology such as the one from here https://jdow.io/blog/2018/03/18/web-application-penetration-testing-methodology/ to look for web vulnerabilities in the web application and attempt to gain a shell that way. After you get a shell you might be highest privileged user or you might need to escalate your privileges. If you are regular user you look for ways to escalate your privileges depending on operating system you are logged in to. Get hackthebox vip account because this will give you access to retired vms and especially windows.

The OSCP certification is pretty much is doing combination of the steps described above on multiple machines. There is a book which goes over this methodology as well https://www.amazon.com/Penetration-Testing-Hands-Introduction-Hacking/dp/1593275641

Here is a great resource that many people use as a resource to study for OSCP as well https://xapax.gitbooks.io/security/content/
And if you search for oscp survival guide you can get additional resource to reference. Also rtfm is a good reference book as well.

Edit: here’s a good guide on using methodology with template you can import https://411hall.github.io/OSCP-Preparation/

I can code HTML5 and CSS3 pretty well, honestly it's really easy for me now. - Once you get the hang of them look at a couple of frameworks - I have used Bootstrap and Skeleton and putting them on a resume is an easy +1.

The biggest thing that has helped with Javascript for me is game development, it's really fun and you have to have a decent understanding of javascript to make a playable game, it also gives you an opportunity to work on a bigger project. (thousands of lines of code) So you can get a better idea of how the overall layout mechanics of Javascript work. - So I would recommend making some simple games using just HTML5 canvas and vanilla Javascript with no libraries.

Books I would Recommend --

1. http://www.amazon.co.uk/HTML-CSS-Design-Build-Sites/dp/1118008189
   
   
2. http://www.amazon.co.uk/JavaScript-JQuery-Interactive-Front-end-Development/dp/1118531647
   
   
   
3. http://www.amazon.co.uk/JavaScript-Good-Parts-Douglas-Crockford/dp/0596517742
   
   Youtube Channels
   
   
4. learn.codeAcademy - for Jquery, Modern tools professionals use
   
5. PHPacademy - for PHP, and some other stuff
   
6. DevTips
   
7. Jesse Warden - ( this guy has a GREAT javascript series, I would start with that for Javascript)
   
   

You need to understand there are a couple of ways to do Java web development.

• Servlets & JSPs. - Check out Core Servlets and JavaServer Pages or the Java EE Tutorial. Note that I link to an older EE tutorial because the newer versions try to switch to JSF and not much changed in Servlets and JSPs between Java EE 5 and 6. I recommend learning Servlets and JSPs before anything else.
  
• JSF - A frameworks that is layered on top of Servlets and JSPs. Works well for some tasks like making highly form centric business web apps. Most of the JSF 2 books are okay. JSF is covered in the Java EE 6 Tutorial
  
• Spring - Spring is actually a bunch of things. You'd want to learn Spring MVC. If you learn any server-side Java web tech besides Servlets and JSPs you'd probably want to learn Spring MVC. I wouldn't bother with GWT or any other server-side Java web tech.
  
• JAX-RS - After you get Servlets and JSPs down, this is the most essential thing for you to learn. More and more you don't use server-side Java (Servlets & JSPs) to generate your clients HTML and instead you use client-side JavaScript to make AJAX calls to a Java backend via HTTP/JSON. You'll probably spend more time with JavaScript:The Good Parts and JavaScript: The Definitive Guide than anything else. Also the JAX-RS api isn't that hard but designing a good RESTful api can be so be on the lookout for language agnostic REST books.
  
  Definitely learn Hibernate. You can start with the JPA material in the Java EE tutorial.
  
  As for design patterns, Design Patterns: Elements of Reusable Object-Oriented Software is a classic. I also like Patterns of Enterprise Application Architecture for more of an enterprise system pattern view of things. Probably avoid most J2EE pattern books. Most of the Java EE patterns come about because of deficiencies of the J2EE/JavaEE platform. As each new version of Java EE comes out you see that the patterns that have arisen become part for the platform. For example you don't create a lot of database DAOs because JPA/Hibernate handles your database integration layer. You also don't write a lot of service locators now because of CDI. So books like CoreJ2EE Patterns can interesting but if you are learning a modern Java web stack you'll be amazed at how archaic things used to be if you look at old J2EE pattern books.
  
  p.s. Don't buy anything that says J2EE, it'll be seven years out of date.
  

Hi Pandas_sniff! (love the name) I’m a firm advocate of the Web Application Hacker’s Handbook. I think if you look at the reviews for version 2 i’m probably one of the featured ones. It really is all encompassing for most of what application security testing should start out as. It does suffer from being a textual reference though (a snapshot in time), so I also commonly recommend learning from the OWASP Testing Guide v4 as it has frequent wiki-like updates. I could spend all day talking about resources for learners! There are some excellent (free) videos by Jeremy Druin on using Burp Suite and application testing, I absolutely love Pentesterlab.com and all of their exercises, and Sam has written a very good guide on getting started in bounty work

As for how effective these resources are “out of the gate” i think they are tremendously helpful. For example, using the above resources i’m sure any apt student of them could identify IDOR’s or basic injections. Over time these skills become second nature and free up the tester to focus on newer, cutting-edge hacks/technology. Hope that answers the question =)

I may be a bit too harsh, I admit. I'm a jaded tech douche. But consider this....

>This is the worlds most advanced ethical hacking course with 18 of the most current security domains any ethical hacker will ever want to know when they are planning to beef up the information security posture of their organization.

>In short, you walk out the door with hacking skills that are highly in demand, as well as the internationally recognized Certified Ethical Hacker certification!

This is directly from their website. I feel like they make some pretty bold claims there. My instructor was, overall, a pretty solid guy. But my qualms were with the 3rd-party training facility, (my employer had made me do this as OSCP wasn't recognized by the client I was working with), as well as the material. I felt that EC misled people taking the course by what skills they would gain and that it also misleads others by what cert holders are capable of.

But I think we get off of topic - I would suggest that a better book for someone is this.

Maybe v9 is very different. I had several EC Certs as I was once subject to the DoD 8570. But I let them expire as I have several issues with EC Council. One of which being you need 120 CPEs annually. Taking another one of their certifications, gives you a full 120. But discovering a vulnerability is only 5 CPEs. (What?!)

Certs will always be more reputable in the IT Sec field then a degree (up until you want to get into a management position, then the MS would be worth it) but after your BS go directly for certs.

If you want to get into Web App Pen Testing then I suggest you pickup the basics of networking, how Packets work, how they are transmitted across the internet. OSI Model, HTTP POST, GET, PUSH, DELETE , how Switches and Routers work as well as how backed server functions on Linux such as Ngix, Apache, how does PHP work.

From that you basically need to learn SQL, HTML, PHP, JavaScript, Python (or Ruby) and some C along with basics of Assembly if you want to learn how to make Exploits.

I suggest you pick up the Web Hackers Handbook. It's a great start to learning how to hack websites.

Also learn the OWASP Top 10.

Take in some knowledge on Metasploit Since it goes over basics of using the tool. Also learn how to use Burp Suite since it's going to be your tool of choice for testing websites, and Nmap as well, since it will be your scanner for checking other domains of the website, etc, etc.

Start practicing at home. Build a small lab with Kali installed on a VM.

You can practice hacking the Damn Vulnerable Web App

Check out VulnHub for more resources on vulnerable VMs to practice hacking.

And also follow Pentest Lab Bootcamp to learn the basics of web app hacking as well. I highly suggest you follow this outline as it will teach you the basics of Web App Hacking and will also provide you with VM's to practice SQL Injection, XSS, CSRF, etc.

As for certificates, since you are doing Web App Pen Testing don't go with the CCNA or CCNA Security, since those are mainly associated with Network Security. You need to understand how networks work, yes, but you don't need to have a deep end knowledge of it.

I suggest you go for Security+ since it will teach you security basics and securing firewalls, routers, switches, etc. After that pursue the OSCP and OWSE from Offensive Security as they are highly regarded in the Pen Testing field.

You might need to also take the CISSP since some companies will require you, but by then you should be able to work for a firm and get the CISSP over time.

Hope this helps, cheers!

A lot of what has been suggested is great for learning linux. Realize that "out there" very little is served out of a single box (and if it is you're doin it wrong). Production infrastructure likely looks and acts very very differently from your home linux workstation. Just because you know how to type sudo apt-get install apache2 does not mean you are ready for a full ops position... BUT - if you put in the wrench time and pay your dues, you will get there.

Here are some areas that would be good to build your knoweldgebase up in...

• First and foremost - you must build the ability to learn how to figure things out and build an intuition of what to inspect should something not be working. This comes from having a working knowledge of many different systems in a large heterogeneous environment. This will come with experience.
  
• Learn some of the rapid deployment frameworks - cobbler, puppet, cfengine, etc... No one sits around configuring each and every production machine from scratch.
  
• Now that you are familiar with (presumably) the installation and configuration of apache, start thinking about setting up caching/proxy infrastructure. Get a sense for what to use for load balancing v.s. caching v.s. increasing availability (and some combination of the three). Become familiar with things such as nginx, mod_proxy, haproxy, squid, varnish, mongrel, etc...
  
• You MUST know how dns works. Crickets bind and dns should be considered required reading. Any lack of understanding of how dns works is simply unacceptable for a proper sysadmin.
  
• this book is required reading, period.
  
• You must become familiar with centralized authentication mechanisms. Most systems utilize something called PAM. Learn how to configure PAM to reference slapd, AD, etc... Kerberos is our current preferred central authentication mechanism, you need to know how to bounce kerberos tickets around. Get slapd (OpenLDAP) up on its legs.
  
• When running a linux kernel, learn how to configure netfilter. Under linux, Netfilter is the thing responsible for routing, nat, and packet filtering. Understand that other kernels do not use netfilter (or commonly use something else). Become familiar with the common kernels firewall, routing, and forwarding system(s). Don't make the mistake of saying "the iptables firewall..." in the interview room! Iptables is not a firewall.
  
• Know your basic networking. Internet core protocols should be added to your list of required reading. Understand the differences between a hub, bridge, switch, and router. Learn how to "subnet", which means knowing your binary math! I cannot tell you how many times I have seen a messed up network because someone didn't know how to figure out /27 and keyed in the wrong values from a "subnet calculator". Along with networking do a bunch of reading/research on vlans, trunking and stp. Most people cannot tell you what a L2/3 managed switch is or how it differs from a "dumb" switch or router. Don't be one of those people! Learn how to configure routing protocols such as BGP, RIP and OSPF (also, learn basic computational graph theory). You may not end up doing a whole lot of networking, but it's really good stuff to know.
  
• Virtualization is important. You need to know the different forms of virtualization (desktop v.s. os-level v.s. para v.s. hyper virtualization). If you are keen to linux, you need to know how xen and kvm work (this is typically what commercial vps's typically use). Also look at vmware and virtualbox for desktop virt. For os-level virtualization, you need to know how to use LxC and jails.
  
• Learn how LVM works! Spend some time familiarizing yourself with LVM2 (linux), vinum (BSD), and ZFS's container framework (Solaris/BSD). Know how and when to use raid. Make sure you understand the implications of the different raid configurations.
  
• Learn common backup methodology. Raid is not backup, don't make this mistake.
  
• Get used to doing everything on the command line, and always think "what if I had to do this on 20,000 servers?".
  
  So off the top of my head there's a bunch of things you could study. I think that's quite a bit to get your head around, and a deep understanding of some of these topics will only come from working experience. There may be a LOT of work to do in some of those areas. Getting a fully functional xen (or kvm) based system up and on it's legs is not an easy task for the uninitiated. It is my opinion (and everyone else is free to disagree with me) that all good sysadmins/ops/engineers need to "grow up" in some area of lower level technical position. That can be a jr. admin position, the helldesk, or whatever else... This will give you the "systems" working experience that will let you branch into a full fledged admin/op position. Getting some certs under your belt can help you get in the door, but by all means isn't required. Cert's cost money and (the ones worth getting) take time. Personally, I tend to stray away from places that make a big deal out of certs... but that's just me.
  
  tl;dr: Learn how to learn. Pick something you don't know how to do and leverage a linux system to accomplish that goal - rinse and repeat.
  

Specific questions will be more helpful, but some general good places to start for javascript:



A Javascript Primer for Meteor - https://www.discovermeteor.com/blog/javascript-for-meteor/

This is my favorite introductory document on Javascript as a language, even though it's geared toward building apps with the Meteor framework it applies mostly to the language itself and is a good read even if you don't plan to use Meteor.

Javascript: The Good Parts by Douglas Crockford - https://www.amazon.com/JavaScript-Good-Parts-Douglas-Crockford/dp/0596517742

Very good and to-the-point book by one of the best JS experts out there.

Then PHP-5-Objects-Patterns-Practice is for you. PHP is know as a "kids" and "insecure" language, because so many people do php the wrong way. I'm not saying there is a right way, but there sure is a wrong one.

After reading first two chapters, learn a little about http protocol. Since you are programming in C i assume you have some knowledge with network programming and sockets, if yes it will be really easy to understand basics. If you didn't program with sockets, do that (it's really fun, you can create you own server, listen on that port and create a web application with C ).
After you get familiar with http ( pay special attention to POST and GET ) you can start working on home projects, learning HTML in the process ( it's really easy so i won't post anything about it here ) and using knowledge you used in first book to design a good app. Also manual is amazing, if unsure about something go there.

This is a proper way to do PHP, so you actually know what you are doing. If you want to just build web apps and don't care about anything ( and continue to contribute to myth that php is "xy" language ) do just that.


Protip: Go the hard way.

Your new home will be the Chrome Developer Tools. If you prefer Firefox, the built-in tools are also pretty good, but consider installing Firebug too. With these tools, you can debug JavaScript and even interactively run JavaScript commands, but you can also inspect HTML and CSS to find problems. If you ever find yourself randomly changing lines of code and reloading the page to see what happens, you're doing it wrong.

If you don't already know JavaScript, I'd recommend JavaScript: The Good Parts to learn JavaScript as a pure language. It's actually a pretty decent language if you stick to the good parts. A lot of complaints about web development are rooted in earlier versions of JavaScript and earlier versions of browsers that had incompatible DOM APIs - the world is much better now.

HTML itself is pretty easy. It should take you hardly any time to learn HTML by itself.

For CSS, consider CSS3: The Missing Manual. Even if you're not a graphic designer and don't want to do fancy layout, you should at least dive into CSS enough to see how it can be used for things like animation and transitions (so you know what's possible with CSS and don't try to reinvent it with HTML and JavaScript).

The last step is putting it all together - using JavaScript to modify the HTML DOM in real-time using JavaScript, and using software running on your web server in Python, PHP, Ruby, or whatever language you prefer to generate the HTML dynamically. Once you're comfortable with the other pieces, you can dive into this last step - but here's where there's more than one way to do it. Some people prefer jQuery on the front end plus PHP on the back end, others prefer Node.js so they can use JavaScript throughout, then there's Angular plus Google App Engine, and so on.

I don't know if you're specifically interested in learning about the security and security flaws of web apps specifically, but I would definitely recommend The Web Application Hacker's Handbook as it's an amazingly thorough guide on vulnerabilities.

Typically you start testing sites by using a security toolkit underneath your browser, such as Burp Suite. I don't do much of this stuff myself so hopefully this'll get you started.

Also /r/howtohack might be helpful, along with this thread to find some good hacking practice (DONT hack sites you don't have permission for)

Good luck!

If I may - I humbly recommend to read a proper book on bitcoin, not some fluff piece.. Just assuming from the way that you chose your post title that you might be interested in a more substantial bitcoin reading :) Please ignore if that's not the case, don't wanna ruin your reading pleasure or anything.

Economic perspective: The Bitcoin Standard - The Decentralized Alternative to Central Banking

Not technical at all, very beginner friendly, but also not a lot of practical information: The Internet Of Money

Gently technical, beginner friendly: Inventing Bitcoin: The Technology Behind the First Truly Scarce and Decentralized Money Explained

Technical deep dives:

• Mastering Bitcoin (also available for free online, as it's an open source book)
  
  
• Programming Bitcoin
  
  
• Grokking Bitcoin

I'd recommend learning to use Linux well first, since that is what you will need to use a lot of the tools for Pen Testing, after that you can choose an area to start with, most go with web app sec or net sec, since those are most in use right now - after that you can move into areas like cloud security, forensics or some other specialty.

As far as resources go there are a lot out there, i'll link some good ones that I use:

https://github.com/wtsxDev/Penetration-Testing

https://github.com/jivoi/offsec_pdfs

Those two should keep you going for a while at least.

As for coding, i'd recommend learning to use Bash first, then python. Bash is the Born Again SHell, a scripting language used in linux and is something that you will use a lot, and python is a language that is used a lot in offsec.

Here is a place where you can learn some Bash:
https://www.tldp.org/LDP/Bash-Beginners-Guide/html/Bash-Beginners-Guide.html

There are two books i'd recommend for python, ill link them here:
https://www.amazon.com/Violent-Python-Cookbook-Penetration-Engineers/dp/1597499579

https://www.amazon.com/Black-Hat-Python-Programming-Pentesters/dp/1593275900

the book in the second link is a bit easier to approach in my opinion, but both require some basic knowledge of python - so youtube or google some tutorials and im sure you'll do fine.

If you want to get into pen testing web apps, then you will want to learn some PHP and JavaScript, a lot of websites are written in PHP, and a lot of exploits are executed with JS: Cross site scripting in particular. You should also learn some SQL since that is another common one for manipulating databases, and can be attacked in a method known as SQL injection.

If you want a place to practice things you are learning then go here: http://overthewire.org/wargames/
They offer some pretty basic war games for things like linux commands and what not so you can really test your knowledge and learn a lot of the things you will have to do to progress through the games.

That's all I can think of atm, but i'm sure of the other people in here will be happy to give you some more suggestions

good luck!

Aside from SANS FOR508 (the course on which the cert is based) the following helped me:

Windows Registry Forensics

Windows Forensic Analysis Toolkit 2nd ed

Windows Forensic Analysis Toolkit 4th ed

The 2nd edition covers XP, the 4th covers 7/8

Digital Forensics with Open Source Tools

File System Forensic Analysis

This is a new book, but I imagine it'll help as well:

The Art of Memory Forensics

I read many of these in preparation for taking mine, but your best resource are the SANS class/books which is what the cert tests after. Having a good index is key.

There may be other classes out there that might help, but I have no firsthand experience with them, so I can't say what I recommend. All the above books, however, are amazing. Very much worth your time and money.

I've been using node for about a year now (was a PHP/mySQL dev for 6 years before that) and have come to realise that it's all about methodology. The language is just JS (I mean, you should get good at JS too) but it's how you use it that defines whether your node code will be good or not.

Some things I've found useful:

• JavaScript: The Good Parts If you're a JS developer, you just need to read this.
  
  
• Node Beginner Book Hands-on node is a little more rough around the edges but still worth a go. I bought the bundle for kindle and didn't regret it.
  
  My experience:
  
  
• Write everything in modules. Your index.js should be tiny. Ours just links URLs to modules.
  
  
• Try to make your modules reusable. We're (I'm) guilty of having my modules assume a http request, which means I'm ferrying the request and response objects around all over the place. It's not heinous, but it is bad.
  
  
• Put your modules in git
  
  
• Caching: Our stack is slightly unusual in that we've built a REST API in node which PHP then consumes to produce the HTML for the site, so end users never connect directly to node. (We have reasons for doing it this way). So we cache the API results based on URL in memcache. For a traditional web server model you'd probably use caching proxies in front of your node layer. I also cache database results based on the SQL string (I think we tested it to be faster than querycache. If not, why the hell aren't we just using querycache? Hmm...), so even if the API-level cache misses, some of the data will still be cached hopefully. Your caching strategy will depend heavily on the frequency of data changes in your application. A lot of our data never changes. We certainly don't have sub-minute changes, and typically our data changes exactly once in its lifetime.
  
  
• A good proportion of the stuff I write is utility modules (like pluribus) rather than business-logic specific to our website. I've written a HTTP router, a caching object (which abstracts the cache mechanism away so if we wanted to move away from memcache none of our code would have to change, we'd just plug in a new storage module to cachejs), a twitter module, and a connection-pooling module. Some of these problems were already solved in existing modules (and we use a lot of 3rd party modules too) but often you'll find that it's not quite right for your use-case, doesn't scale well, or the github isn't up to date with the latest node etc etc.
  
  
• Node is getting better all the time. We've thrown away a few things we'd written because the functionality is in core now. That's good.
  
  
• github is your friend. We end up forking a lot of modules and issuing pull requests to them. If they don't accept it's a shame because we then will have to keep our version up to date with their fixes. We prefer to fork, fix, pull req and then switch back to their version when accepted.
  
  
• architecture is the most important problem to solve. We use rackspace cloud hosting and they provide cloud load balancers which helps a lot. Beyond that, we make use of a consistent hashing module to spread memcache data and load evenly. But for any large application you'll quickly find that you can't just keep it all on one fat box, and you'll need to think the architecture out avoiding single points of failure.

I think you're going to suffer too much with broad strokes. All of the things you've mentioned have their own usecases really. You should focus on one of them and learn it before deciding whether you want to try another.

Although, you can also just do 'X vs Y' for all of those things you've mentioned and see articles on the differences between them as well as what they actually do.

Before you start any of the learning on any of those things though, you should definitely take one or two JS courses. Code School, Code Academy, Udemy all have great courses on Javascript. A couple of books I'd definitely recommend are Clean Code and Javascript, the Good Parts, I'd say these are ubiquitious and essential reading for any developer looking to get better.

Less and Sass are for doing stylesheets better. They basically introduce programming concepts like functions and variables into CSS.

Gulp and Grunt are task runners. Tests, minifying, linting and live previews can all be done with them.

Angular and React are basically front end frameworks built with flavours of JS. They introduce OO concepts into javascript and the MVVM/MVC way of working for the front end. The are markedly different from how they do things.

With the other things, there's basically a wealth of information for them.

Needless to say, you have a lot of reading and practicing to do. Luckily these days there's lots of examples and documentation for every one of the things you've mentioned.

Learning to hack, with little knowledge of it, will be a journey. You have some background in CS which will definitely help.

Learning to hack, from scratch, is where things become difficult. Where do you start? How do you learn? Luckily there's a vast amount of resources to learn from online.

To start learning is a matter of what you prefer.

Like watching videos/lectures?
https://www.udemy.com/penetration-testing/
https://www.udemy.com/learn-ethical-hacking-from-scratch/

Prefer reading books on the subject?
https://www.amazon.com/Penetration-Testing-Hands-Introduction-Hacking/dp/1593275641
https://www.amazon.com/Basics-Hacking-Penetration-Testing-Second/dp/0124116442

Most universities have Ethical Hacking / Cyber Security courses, can always check there.

I'd recommend learning Python, SSH, and the Linux Terminal in general to get started. But learning how those apply to hacking is a matter of learning and practice.

Hope this helped, and good luck!

Books that helped me to get the hang of JS

John Resig's Secrets of the JavaScript Ninja and Douglas Crockford's JavaScript: The Good Parts are pretty much the only ones worth reading in my opinion.

Projects

The best thing would be to build something you want to use yourself. Maybe you try cordova and build a small app with the browser platform so that you can create a simple App that you can bring to your Smartphone.

More advise

Read a lot of code: TODO MVC is a good place to start, people try to write good code for this one because they want you to use their framework :-). The problem with the source code of many projects is that the JS ecosystem is in a constant flux and ES6 modules are skyrocketing right now. You may want to check out the jQuery source code - you can pretty much watch the evolution by looking at older versions of the source code and how it evolved.

If you feel really adventurous the NodeJS source code is a fun read - although it's a very big project that also got some C/C++ code sprinkled in - but that shouldn't be a problem for you :-).

I would advise you not to bother reading the Angular1 code for the time being, Angular2 maybe interesting but its written in Microsoft's TypeScript - which is a nice language on top of JS that is worth learning about.

Your most important starting step is to make sure that you have the foundational knowledge, at least at a conceptual level. I'm a big fan of books, so I would recommend a few to you.

Pick ONE of these. Exam is not necessary, but recommended:
Mike Meyers CompTIA Network+ All-in-One Exam Guide
Todd Lammle's CCENT Study Guide - ICND1

Pick ONE of these. Pay attention to business terminology as well. Again, exam is not necessary, but recommended:
Mike Meyers CompTIA Security+ Certification - SY0-501
CompTIA Security+ All-in-One Exam Guide
Darril Gibson SSCP All-in-One Exam Guide

100% read this. It's the Bible of Python scripting. Second edition is brand spanking new too:
Automate the Boring Stuff with Python

This is a good all-around Penetration Testing book that teaches Linux too. You don't *have* to use Kali, Ubuntu is probably less intimidating to those new to Linux, but you will have to install your own software/packages. This is the only book on this list I haven't read, but I often see it recommended:
Penetration Testing: A Hands-on Introduction to Hacking

While you read these books, you should install some kind of Linux distro on a home computer and use it for practice. I would also recommend doing HackTheBox(first challenge is to hack the login page) and starting with the easy boxes. Do as much as you can on your own first, but if you get stuck, watch IppSec's YouTube walk-through for the box you are on. Might be a bit overwhelming until you get through most of the books on that list though.

You should also start looking towards either the eJPT/eCPPT, the OSCP, or GPEN at this point, as those are the best value certifications in this field and will hold a lot of weight at an interview. There's some stigma with certifications in IT/CS, but the ones I listed are all baseline knowledge and/or high value for those in this field. At the very least the knowledge will go far. But definitely avoid anything from EC-Council like the plague.

Mastering Bitcoin by Andreas M. Antonopoulos.

It isn't meant for the average Bitcoin enthusiast, but is more aimed at the technically minded/coders/cryptographically minded user. Many security researchers may well (IMO) have to deal with blockchain related security in the future, so having a decent knowledge of how Bitcoin (the tech) and bitcoin (the currency) works can only be advantageous as this field develops. Even if you don't think that your current role in security won't have to deal with this field, I would still advise you read the book as it is a fascinating read. There is also another version called The Internet of Money that is aimed at those who may not be so technically minded, but still have a genuine interest.

And if you look at the comments attached to that same thread youd see :

> "Good coding practice" should never be sufficient reason in itself. It amounts to "some guys on the internet said this is how my code should look".

And if you bothered to actually read Crockfords notes on this matter :

> All variables should be declared before used. JavaScript does not require this, but doing so makes the program easier to read and makes it easier to detect undeclared variables that may become implied globals. Implied global variables should never be used. Use of global variables should be minimized.

> The var statement should be the first statement in the function body.

> It is preferred that each variable be given its own line and comment. They should be listed in alphabetical order if possible.

Source : http://javascript.crockford.com/code.html#variable%20declarations

Youll see that he never says 'always using var is good coding practice'. He says to declare them before use (and I suggest giving them a value too), but nothing about requiring var or var being part of good practices. And why is this? Because traversing up the scope chain (or not) is a feature of the language, and not a bad one if you bother to watch his video or read his book.

Crockfords video (should be required watching for all javascript devs) His video : https://www.youtube.com/watch?v=hQVTIJBZook

And his book, Javascript the good parts

If you're just getting into CS and programming at all, and you're interested in Javascript, I'd recommend learning Javascript itself first, before you decide to start using libraries and frameworks that may do a lot of special stuff and magic that will abstract away parts of the language from you. There are plenty of resources like Mozilla's tutorial and the relatively short Javascript: The Good Parts that you can learn from. Do CS-related exercises with what you learn. You can go to sites like Coursera/edX and do intro CS material and do the assignments/problems in the curricula, or do things like Project Euler or things from /r/dailyprogrammer.

After that I'd start looking at more of the stuff out there, like Node.js or React or Ember or whatever. I'm rather partial to React.js and RActive myself for front-end rendering, but I'd encourage you to read and experiment with many of the things out there, since each thing brings something different to the table.


---

Now for your question specifically...

I'm not much of a front-end person or Javascript developer, so I'm probably not the best person to ask. I last used jquery about 5 years ago, and at one point I also worked in the same company with some of the people who wrote You Might Not Need jquery. These days, I'd say to skip jquery for various reasons:

• Modern browsers are just much better and if you don't have to support old browsers (I'm talking IE8 or older), jquery is probably unnecessary.
  
• There are replacements for certain parts of jquery functionality, depending on what that functionality is
  
• ES5/ES6 (through babeljs) can replace some of the functionality that jquery handled
  
• React.js and more full-fledged frameworks exist - React.js and frameworks like Ember.js or AngularJS, which have components that manipulate the DOM, have become very popular and are basically jquery replacements.
  
  

Depends on what you want to learn.

Web Application Security?

Exploit Development?

"Pentesting" techniques?

Also check here for tons other of resources.

As for certs, if you are a beginner beginner, then probably stuff like Security+ and Network+. Unlike the guy behind me, I will never get, nor do I really recommend CISSP, unless you are going for strictly blue team (defense) work. I personally enjoy red team (pentesting, etc), so something like OSCP would be more useful.

Like I said in a post above, feel free to PM me with questions. I'm always happy to help others on their quest to learn more about the wide world of infosec :)

Note: I haven't actually read either of these, but they do have good reviews on Amazon. :-)

• JavaScript: The Good Parts - You can probably find a copy online :-)
  
• JavaScript: The Definitive Guide
  
  Here's a fun video from the author of JavaScript: The Good Parts: https://www.youtube.com/watch?v=hQVTIJBZook&t=2m24s

As others have mentioned, writing code is the best way to get exposure. But if you're a book guy like me then there are a lot of option out there that'll accelerate the process. You'd be insane to read all the following--these are just starting points that can accommodate different interests/tastes.

Having said that, I'll start with the one book that I think every C# developer should own:

Framework Design Guidelines: Conventions, Idioms, and Patterns for Reusable .NET Libraries

... it's a good read, and it includes a lot of direct input from the designers of the C# and the .NET Framework. Microsoft has been really good about sticking to those guidelines, so you'll immediately get a leg up on the Framework libraries if you work through this book. (Also, you'll win a lot of arguments with your coworkers about how APIs should be designed.)

General knowledge books (tons to pick from, but here are some winners):

• Cookbook-style factoids: C# 6.0 Cookbook, 4th Edition
  
• But since you're coming from a lower level language, you might appreciate more details: C# in Depth by Jon Skeet (the Chuck Norris of C#)
  
• Scott Meyers-style content with good discussions of idiomatic C#: Effective C#: 50 Specific Ways to Improve Your C#
  
• CLR via C# goes deep into the guts of the language.
  
  Deep dives into specific features that'll serve you well:
  
  
• Concurrency in C# Cookbook is a good starting point to get productive with the TPL quickly, but I actually learned a lot more from the more prosaic Pro Asynchronous Programming with .NET.
  
• C# generics aren't as powerful as C++ templates, but Metaprogramming in .NET may provide some decent (though clumsy) workarounds.
  
  Note: I've never found a good LINQ book that supported how I actually use the feature. Coming from C++, you can probably just start off by thinking of the extension methods on Enumerable as a C# version of std <algorithm>... a good way to avoid writing raw loops. But if you're a performance-obsessed game dev then you'll probably want to use LINQ sparingly--it does have some overhead.
  

For me the best why to learn is by doing.I started with a little app idea I wanted to build and jumped into sites like codecademy.com to learn JavaScript and html sintax.

I mixed the courses with step to step progress for my idea.

Once you have your first app and learn the sintax you can switch to topics like ObjectOrientedProgramming. Buy a pair of books and start another more complicated project. Try this book https://www.amazon.es/gp/aw/d/144934013X/ref=mp_s_a_1_1?__mk_es_ES=ÅMÅZÕÑ&qid=1527450273&sr=8-1&pi=AC_SX236_SY340_FMwebp_QL65&keywords=head+first+javascript&dpPl=1&dpID=51qQTSKL2nL&ref=plSrch

Once you complete two projects you will be prepare to learn cross skills like version control(git), building process (webpack), console commands and IDE (webstorm).

That was my path before my first fulltime job. Working with other developers, work following two-eyes techniques and read tons of code from others will be a huge step un the process.

In only two years I became a senior software developer in one of the cooler companies I met.

Hope you have the same luck as I did.
Any help you need just tell me!

To be honest you should learn JavaScript first before going on to jQuery.

O'Reilly books are very good programming books and highly reccomended. However if you know how to code a little in any language and you just need to know the basics then I reccomend "JavaScript: The Good Parts". I have this book and it's extremely useful.

If you want a nice introduction to jQuery I'd suggest the screencast on screencasts.org

Good luck on learning javascript :)

Just do your degree and start exploring ethical hacking, get involved with community.

Personally, I think great ethical hacker needs great understanding of networking, assembly, and OS, all of which you can learn in UofT.
These 3 topics are critical, you actually need to understand how to find vulnerabilities to be great in cybersec.

Also, start attending https://www.defcon.org

This book has been recommended to me as a high level introduction: https://www.amazon.ca/Web-Application-Hackers-Handbook-Exploiting/dp/1118026470/ref=pd_lpo_sbs_14_img_1?_encoding=UTF8&psc=1&refRID=195742DY502NMJ1N4JBT

Also, install cali linux and get some introductory level book on it.

Source: worked for a cyber sec in one of the Big4, worked with ethical hackers, and helped them with security scanning.

First of all, don't worry too much about a single interview. A lot of interviewers don't really know what they're doing / why they are actually asking the questions they are asking. Usually, they're programmers--not experts at hiring people.

Having said that, you definitely want to be familiar with common "gotchas" and major issues in the languages/frameworks you will be using.

For JS, I recommend two books in particular: JavaScript: The Good Parts and JavaScript Patterns. I found these helpful because they cover all the major issues with the language and they are quite concise. These don't cover any frameworks like jQuery or Angular though--that's another matter altogether.

Also take a look here: https://github.com/h5bp/Front-end-Developer-Interview-Questions
There's a good chance the interviewers will straight up copy questions from this list and you researching the answers will be a great learning experience.

Hey Jaedekdee,

Yup, still checking these out. I'd recommend you read only the 2nd book (as it's more up-to-date) and if you are a web developer, an old but great book is "The Web Application Hacker's Handbook" http://www.amazon.com/The-Web-Application-Hackers-Handbook/dp/1118026470.

There are a ton of great resources out there, but it's all about which security niche area you want to go into. For example, malware reversing, forensics, pentesting, metasploit, mobile, low level (like shellcoders handbook), and etc. If you are looking for more general books on hacking, the Hacking Exposed series also has a good grasp on the basics. Let me know if that helps!

When I was starting to learn JS which was not that long ago at all and I am still learning I started with this video series:
https://www.youtube.com/playlist?list=PLz5rnvLVJX5VdVNddvRTj68X6miAWQ5pz

.then this one
https://www.youtube.com/playlist?list=PLz1XPAFf8IxbIU78QL158l_KlN9CvH5fg&disable_polymer=true

.then this one
https://www.youtube.com/playlist?list=PL4cUxeGkcC9jAhrjtZ9U93UMIhnCc44MH

.then I read:
https://www.amazon.com/gp/product/0596517742/ref=oh_aui_detailpage_o07_s00?ie=UTF8&psc=1

.then I read: https://www.amazon.com/gp/product/1430264489/ref=oh_aui_detailpage_o06_s00?ie=UTF8&psc=1
and
https://www.amazon.com/gp/product/1118871650/ref=oh_aui_detailpage_o06_s00?ie=UTF8&psc=1

.then I read:
https://www.amazon.com/gp/product/1491904240/ref=oh_aui_detailpage_o04_s00?ie=UTF8&psc=1
and
https://www.amazon.com/gp/product/1491904240/ref=oh_aui_detailpage_o04_s00?ie=UTF8&psc=1

.then
When I felt like I had a good enough grasp on vanillajs I started a giant project in Angularjs. Where I advanced my skills with git big time. Other resources I used are:
Atom: https://www.youtube.com/playlist?list=PLYzJdSdNWNqwNWlxz7bvu-lOYR0CFWQ4I

Rest api with MEN (lol): https://www.youtube.com/playlist?list=PL4cUxeGkcC9jBcybHMTIia56aV21o2cZ8

Docs are great for js: https://developer.mozilla.org/en-US/docs/Web/JavaScript

These were good for angularjs just incase you were interested:
https://www.youtube.com/watch?v=FlUCU13dJyo&list=PL4cUxeGkcC9gsJS5QgFT2IvWIX78dV3_v

Honestly I cant link one of this guys videos because they all help sooooo much:
https://www.youtube.com/user/shiffman

stormehh has some good points.

I agree, and would argue that you are better off learning the fundamentals at this stage in your life. I understand your urge to get out there and explore different tools and techniques as fast as possible (trust me, I've been there myself), but take my word for it when I say that you will get more out of it when you understand the underlying concepts/technologies/protocols.

This might sound old fashioned, but read these books. It's a lot of material, but well worth the effort. You can get all three of them used for about $75:

"Computer Security: Art and Science" - Matt Bishop

"The TCP/IP Guide: A Comprehensive, Illustrated Internet Protocols Reference" - Charles M. Kozierok

"Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses (2nd Edition)" - Edward Skoudis & Tom Liston

Good luck to you, and follow the light side of the force.

Things have changed a lot! A good summary would be:

Front-End Frameworks: Robust libraries that make developing good-looking UIs easier and make your code more scalable. (ex: Vue, React)

No More Frames: Only the <iframe> tag remains. The use of frames is discouraged, and CSS flexbox (a responsive style that makes your site work for desktop and mobile if used correctly) is used.

Fancy New Paradigms: It is no longer encouraged to program javascript in traditional OOP styles with classes + inheritance. Instead, a paradigm called Functional Programming is encouraged. Functional Programming drifts away from classes and inheritance, and towards functions, and specifically, higher order functions. In addition, creating mutable variables in excess has fallen out of favor.

So, while a lot has changed, if you know Java 8, are familiar with Lambda Expressions + Closure, and ready to devote some time to JavaScript and the frontend, you'll be making near-professional to professional looking websites in around 6 months (at least, that is my experience). And even if you aren't, JavaScript isn't hard to learn. I would recommend the following books + websites:

MDN - Good JavaScript Resource + Tons of documentation. https://developer.mozilla.org/en-US/

Javascript: The Good Parts - https://www.amazon.com/JavaScript-Good-Parts-Douglas-Crockford/dp/0596517742 (Bit outdated)

How Javascript Works - https://howjavascriptworks.com/ (Recent)

Javascript: The Definitive Guide - https://www.amazon.com/JavaScript-Definitive-Guide-Activate-Guides/dp/0596805527 (Bit outdated)

Are you more interested in making a game, or the tech behind games?

Game Programming Patterns is a great reference when you have problems to solve or a system to design. It's a relatively light and easy read and definitely very helpful.

Game Engine Architecture gives a broad view of technologies behind a game but it doesn't actually go into the nuts and bolts on how to develop one. I recommend it as a way to see how things work, and a gateway to learning about the different technical specializations in a game engine. The reference list is very useful for further study.

Neither of them are of much help when it comes to using Unreal or Unity though. I've actually found that "learn to make game with engine X" books serve as a guided walkthrough of engine features and workflows and give you a solid base on which to continue exploring the engine. I've also found that working through a book has a much lower mental barrier than searching for tutorials on the Internet, since all the info is available on hand and (hopefully) presented in an easy-to-follow manner.

Start with the extensive tutorials Unreal and Unity offer on their official websites. If you find those hard to follow, or when you're done and think you need more guidance, just hit Amazon and look for books like this which are relatively well-reviewed.

Although Lua does allow you to implement an OOP system yourself, that just leads to The Lisp Curse. Humans being humans, everyone will build their OOP system differently, so an expert in one augmented Lua dialect moving to another project with its own dialect loses their expertise.

A language with a mediocre OO system which is fixed in stone by the language definition is better than one flexible enough to let you define any OO system you like, from a training and community expertise standpoint.

You see echoes of this in Perl and JavaScript, too.

Like Lua, Perl also had an OO sidecar bolted onto it after it became popular. Because there is no one single way to do things, you get classic Perl OO users vs. the Moose people vs. those that go totally their own way, doing weird shit like blessing arrays.

In JavaScript, it's both better and worse than Lua or Perl. JavaScript can at least claim, with a straight face, that it is OO to the core. The problem is, that core has two different ways of manifesting: pure prototypal extensions of Object and such vs. the C++ inspired paintjob on top, all that business with new and constructors. The Scheme/Lisp-inspired flexibility of JavaScript lets you bring The Lisp Curse down on yourself again, because there's nothing telling you how you must implement your constructors or factory methods. In Douglas Crockford's lovely book on how to program in JavaScript with style and panache, there are three or four different ways to build up objects. Add to that the one your JS framework of choice probably gives you. Then of course you know best, so you ignore that and define a sixth style for your project. It becomes a tarpit.

I'm no hater of any of these languages. I happily use them all. It's important to realize, however, that there's something to be said for languages that nail things like OO down in the language definition.

best advice i can give is to start reading anything and everything you can get your hands on related to programming, operating systems, networking, security, etc......



a few books i'm reading/have read/on my list to read and all are excellent starting points:

BackTrack 4: Assuring Security by Penetration Testing (this book was just released and still relevant when using BackTrack5)

Metasploit: The Penetration Tester's Guide

Ninja Hacking: Unconventional Penetration Testing Tactics and Techniques

Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning

Gray Hat Hacking The Ethical Hackers Handbook, 3rd Edition



plenty of links to keep you busy for awhile:
Open Penetration Testing Bookmarks Collection

I found that this book was great for improving my knowledge of JavaScript to really jump to the next level in my JS expertise:
https://www.amazon.co.uk/JavaScript-Good-Parts-Douglas-Crockford/dp/0596517742

I found that after a few years my JS knowledge was still quite limited and it took me reading this book to really understand how little I knew.

It's very easy to fall into the jQuery trap as you have highlighted as well. I use jQuery in my workplace as I have no choice, but I find using things like OOP as well can really help when you start building larger scale applications.

My main advice would be to improve your knowledge on core JS and CSS and avoid being sucked into libraries / frameworks / toolsets, they will come and go whereas JS / CSS will always be around. Many developers burn through time just learning things like bower, webpack, sass, jasmine, react, react-flux etc etc. I tend to stay away from trends and learn only what's popular on the job market. I always find that if you understand JS / CSS, you often can pickup any other framework built on top of it. I also burned a lot of time learning Angular 1.x which I never ended up using (except for side projects), with Angular 2.0 coming out it made me realise I need to be very careful when investing time into something which might not exist a year from now, or at least not have a demand on the job market for.

Javascript: the good parts -- Amazon

Eloquent Javascript -- free ebook

Javascript Allonge -- free ebook

Eloquent Javascript is a great introduction to JS. The Good Parts teaches about what parts of JS to use and good coding practices (though some JS devs disagree with Crockford, every place I've worked that started implementing all his recommendations immediately saw reductions in code issues). Javascript Allonge is the greatest intro to functional JS that I've seen. These three will take you from beginner JS dev to intermediate JS dev. Practice will take you to advanced JS dev and reading lots of nuts and bolts blog posts will take you to JS expert.

1. Depending on the app you're building, certain libraries and frameworks will help you keep your code cleaner and your business logic more apparent.
   
   
2. Useful and good are not the same. PHP is not good, but useful. jQuery is good and useful, and is a dependency of many libraries and frameworks. A foundational knowledge of jQuery is a must for web developers, IMO.
   
   
3. You're talking a lot about what you're reading, but what are you writing? I'd say keep the books you have, learn git, start making projects that interest you, and put them on github. That said, this: http://www.amazon.com/JavaScript-Good-Parts-Douglas-Crockford/dp/0596517742 is a good book once you have an understanding of JS basics.
   
   
4. Talk to developers. There's a lot of BS out there on blogs and social media from self-promoters and content aggregators. Go to meetups in your area and learn from the people doing what you want to do.

If you're looking for best practices, check out "The Right Way" series of sites:

http://htmlcsstherightway.org/

http://jstherightway.com/

http://www.phptherightway.com/

For a JS best practices book, check out Javascript: The Good Parts

For interactive online tutorials, Code Acadamy is pretty cool and there are others like it.

And here's an advanced guide to HTML & CSS to learn more in-depth best practices.

Tip: stay away from W3Schools! There's a lot of bad info on the site.

edit(s): I didn't grammar correctly.

Learn to write simple C programs. Then debug your own C programs, preferably in OS X or Linux using gcc/gdb. Then disassemble your own C code (learn how to disable optimization in the compiler; try it with no optimizaiton and then with increasing levels). Then look at C++ and (gasp) Visual BASIC and such. Turns out a ton of malware is written in these languages, and the snarl of garbage that you'll uncover that is just part of the auto-generated message handling stuff for VB will astound you, so don't start there...but it's important to understand those structures when you see them.

Then follow tutorials about reversing other programs. There are great books on this.

It helps a lot to know assembly language, but you'll tend to pick it up as you go.

You'll want better tools than just command-line disassemblers. I prefer IDA Pro.

There's a great book that uses IDA Pro with many examples to address precisely your questions.

Here's another great book on malware analysis that covers all kinds of tricks you might bump into when working on real targets.

I see all this as a long-term iterative exercise. It's fascinating.

I highly suggest this book: https://www.amazon.com/System-Forensic-Analysis-Brian-Carrier/dp/0321268172

While it's been out a bit, as far as I know, it still stands as the definitive source for NTFS file systems.

I went to X-Ways training last year in New York. Take good notes. I mean really good notes. X-Ways is very different than Encase or FTK. You need to understand how file systems work. It is NOT a push button tool. However, you will get way more information for your cases by using X-Ways; it's a great tool.

Are you doing regular forensic case work? If not, consider purchasing Brett Shaver's course: http://courses.dfironlinetraining.com/x-ways-forensics-practitioners-guide-online-and-on-demand-course and book: https://www.amazon.com/X-Ways-Forensics-Practitioners-Guide-Shavers/dp/0124116051/ref=sr_1_1?s=books&ie=UTF8&qid=1492443886&sr=1-1&keywords=xways+forensics+practitioner. They will be invaluable resources while you learn.

Good luck and have fun!

While Munger and Buffet are fantastic wealth generators based on value investing, they're definitely not software engineers. If you want to make a somewhat informed decision on Bitcoin and what cryptocurrecies represent, you should strive to educate yourself and not listen to what these two say about something they don't understand.

Andreas Antonopolos is a great educator: https://www.youtube.com/user/aantonop

The book published about his talks is also a fantastic resource:
https://www.amazon.com/Internet-Money-Andreas-M-Antonopoulos/dp/1537000454

I am self taught and I have to say that the best way to learn is to have a very clear idea of a simple project that you can realistically complete. I learned javascript with "JavaScript: the good parts", and I built a page with a deck of cards that shuffled when you press a button. I still have it on github https://github.com/SpencerCooley/poker_project.

Both books you mentioned are probably good, but the real learning happens when you are trying to accomplish a specific goal and get stuck on something.

"Javascript the Good Parts" is definitely good, very light and to the point.
http://www.amazon.com/JavaScript-Good-Parts-Douglas-Crockford/dp/0596517742

While Metasploit is a good tool, I would advise you to stray away from it until you learn. (I’m ignoring the fact that you rarely use Metasploit for web penetration testing in the real world anyways...)


You can carry out most of web penetration testing with just few tools like BurpSuite (this is the main one), a directory bruteforcer (gobuster, dirbuster, dirb, wfuzz..) and Nmap. These 3 tools should give you initial idea about the web application and its structure. Then it boils down to your enumeration and ability to spot weird or possibly vulnerable behavior. What is considered as “weird” or “vulnerable” behavior? According to OWASP, countless things. They made a whole web penetration testing guide for that reason - you can find it here: https://www.owasp.org/index.php/OWASP_Testing_Guide_v4_Table_of_Contents.


Alternatively, this book (https://www.amazon.com/Web-Application-Hackers-Handbook-Exploiting/dp/1118026470) covers web based exploitation in great depths and I highly recommend you obtain it. It was one of my first books ever and is definitely among my favorites.


Another useful resources:
https://portswigger.net/web-security

https://www.hackerone.com/hacker101


EDIT:
Yes, there are other very specific tools which come in handy such as wpscan or sqlmap. While I don’t mind wpscan that much, I strongly believe one should be able to do a manual sql injection before using sqlmap (therefore avoid sqlmap when learning). This way you understand what is happening behind the green terminal ;).

PS: Sorry for formatting, typed this up on a phone. I’m also pretty tired so please excuse my janky grammar!

Absolutely love being a pentester and the cyber security industry. If you are willing to put in the time and study it can be very rewarding. CEH is a good step in the right direction and should open doors for you.
For entry level positions, pentesting is usually split into two areas, web application and internal/external infrastructure. It's good to have knowledge of both but it's worth choosing which area interests you the most. Personally, I specialise in web applications & API and there is a lot of online resources to help you. (As you have mentioned owasp top 10, I'll assume web apps is your interest)


The best way to learn a vulnerability and get a good understanding is to create vulnerable web pages (this also gives you something to take into an interview). I would suggest doing some basic LAMP stack (Linux, Apache, Mysql, PHP) - Don't let this put you off as it's actually pretty simple. If you can make a few vulnerable pages to display vulnerabilities, you will fly through entry level interviews.


it's really simple to do.. Here is a form that is vulnerable to cross-site scripting. (a few lines of php with some html)
---

<form method="POST" action="">

<p> <input type="text" name="xss"/></p>

<input type="submit">

<?php
$value = $_POST['xss'];
echo $value;
?>

Reading Material:

https://www.amazon.co.uk/Web-Application-Hackers-Handbook-Exploiting/dp/1118026470

https://www.amazon.co.uk/Network-Security-Assessment-Know-Your/dp/149191095X


Practical learning
DVWA (Damn Vulnerable Web App) - Purposely vulnerable web pages to practice exploiting.
http://www.dvwa.co.uk/


Once you have a bit of experience have a look at hackthebox

https://www.hackthebox.eu/

I'm the manager of application security and research at a mid-level software vendor with over 400 developers and testers and I want to recommend you ignore all of the more generic advice currently in this thread. As someone with coding experience and interest, you have a unique path to infosec that so many companies want, but find it extremely difficult to hire for.

Any company that ships software has to consider the security of their application - full stop. Most rely on scanners or annual third-party vulnerability assessments for this, but obviously that falls short. They need people who can build security in from an architectural standpoint. Someone who can actually implement the fixes suggested by the above methods, and ideally, someone who can help implement security as an integral part of the SDLC instead of as a bolt-on premise.

My recommendation is to make your way through 24 Deadly Sins of Software Security and The Web Application Hacker's Handbook. If you can understand the bulk of concepts in these two books, you'll be leagues ahead of almost any developer you find yourself up against in a hiring scenario. For the coup de gras, learn about threat modeling. It's a great way to teach other developers and testers security and to build security into any system during design instead of post-release. Check out this book which is actually probably a little too comprehensive, use this card game from Microsoft (it seems silly, but I promise you it works), and watch this talk one of the guys on my team gave at BSides Cincinnati.

If you have any questions, PM me.

1. CS would be the obvious choice, but you have to look at the courses required/electives offered for each major. You're going to want to have courses in assembly programming, networking, security, and web development at a minimum.
   
   2-5) What Lamat said.
   
   A good book to study from is The Web Application Hackers Handbook.
   
   Also, prepare for and take the US Cyber Challenge. You don't have to ace it, but if you do decently well (60-70%) you will likely receive an offer to attend a Cyber Camp this summer... this is a week-long series of seminars about all sorts of security topics, with a job fair at the end. It is probably the very best chance you have of getting into an entry-level technical (ie: malware analysis, memory forensics) type security job/internship.
   
   
   Typically, the challenge will require you to use WireShark to analyze a file of captured network packets. You will analyze the packets to determine whether an attack occurred (from & to IPs, time, what attack method was used.... this is where the handbook I mentioned above will prepare you).
   
   After you've done your analysis (and taken LOTS of notes), you take the test.... it's 24 multiple choice questions such as: What is the IP of the hacker who stole John Smith's bank password? What attack was used from 192.168.21.5 on Mar 10? etc.
   
   When I did the analysis a couple years ago, I had a pad of paper and just went through the whole file writing down the packet number, timestamp, relevant IPs, relevant data (usernames), and what I thought was occurring. So when I took the test, when it asked those questions, I could check my notes to find the corresponding event.
   
   
   
   I think I got around a 70% in 20 minutes. Which didn't even put me on the top 100 scoreboard (those spots will be taken by people with 100% in 20 seconds scores). But I still was offered a spot at the cyber camp.

In addition to the others mentioned, these are also well worth your time:

Eloquent JavaScript

JavaScrip: The Good Parts (This one is essential)

As far as functional programming goes, google "functional programming in javascript." There are several articles on the subject and you'll learn some very useful and interesting techniques. Using a functional style in JavaScript can be extremely rewarding and not to mention a lot of fun!

My understanding is that placing the caps on the other side of the board isn't optimal, but will work, so long as you remember to keep the connections low inductance.

As for the value, it's partly determined by the frequencies you'll see in the circuit.

When considering the frequencies of the board it's best to look at periodic high frequencies, like clocks. But remember, because the clocks are "square waves" not sine waves there are a lot of higher order frequencies contained in them. Take the Fourier transform of a trapezoidal wave to see what I mean. These higher order frequencies are the ones you need to worry about.

0.1uF is good for circuits that are lower frequency, above 100MHz or so a lot of engineers will use 10nF or smaller caps for decoupling.

Check out a book on EMC for more information. [This] (http://www.amazon.com/Electromagnetic-Compatibility-Engineering-Henry-Ott/dp/0470189304/ref=sr_1_1?ie=UTF8&qid=1333128646&sr=8-1) one contains a lot of good information of board design.

Edit: One thing I think forgot to mention is that you should generally route power and ground first. If you're using planes on inner layers this is really easy, if not try to make a grid of power traces on one side and ground on the other. This is because each parallel connection you have that is far enough apart to minimize the mutual inductance will reduce the overall inductance. At it's limit this becomes a plane.

Once you have your power and ground routed then do the clocks, then the digital signals.

This does not address the issues with analog signals on the board, as they should be segregated from all digital circuitry and power supplies.

I don't know how in depth you want to learn, how in depth determines our recommendations.

1. Do you want to just find out if a site is vulnerable?
   
2. Do you want to learn how attacks work and how the defenses to those attacks work?
   
3. Do you want to get certified in security and make that a huge part of your resume?
   
   You sound like you want the second option.
   
   The key phrase for you is going to be "web application security". That is what security experts (and anyone in this industry) call it.
   
   For web application security there is kind of one master book that covers almost everything, The Web Application Hackers Handbook. I have the book siting right in front of me its about 900 pages and covers just about everything you could ever ask for. Also you'r going to want to get Burp Suite. You can install Kali linux in a VM and it has Burp Suite (recommended) or you can download the free edition for Windows from there website.
   
   Along with the book set up DVWA (there are hundreds of tutorials online on how to do that, hint use XAMPP.) or you can use the paid labs they mention in The Web Application Hackers Handbook. Also visit HackThisSite and other sites that offer web application security practice.
   
   So lets recap:
   
   
4. Buy The Web Application Hackers Handbook.
   
   
5. Setup DVWA.
   
   3.Visit sites that offer web application security challenges.
   
   
   
   By the end of that you should be pretty good at attacking web applications.

Man, look at this guy over here who thinks he knows something about metasploit! ;-)

Yeah, Metasploit Unleashed is a great place to start, and if you want more this book is basically Metasploit Unleashed 2: The Unleashening - Now With More Narrative.

If you still want more, you're probably better off with something like Pentesting With Kali that puts metasploit in its context and forces more hands on use or you should be prepared to follow the blogs for new features and read the source.. It's not that bad in there, really. ;-)

I feel like this is a classic book for javascript programming. Even though it is very opinionated (parseInt), but none the less it is a great reference for quirky behavior of JS. Seconde watch this: http://www.youtube.com/watch?v=kXEgk1Hdze0 <-- Just a great list of really silly behavior of JS!

http://www.amazon.com/JavaScript-Good-Parts-Douglas-Crockford/dp/0596517742/ref=sr_1_1?s=books&ie=UTF8&qid=1370623429&sr=1-1&keywords=the+good+parts

------
One last thing, make sure you review how CommonJS works: http://dailyjs.com/2010/10/18/modules/

Not very specific to those technologies but:

>Web Application Hackers Handbook (2nd edition: http://www.amazon.com/The-Web-Application-Hackers-Handbook/dp/1118026470) is pretty thorough with the vectors of attack, examples, and includes a methodology for pentesters.

>The Tangled Web - a "light" but delightful read from Zalewski on the history and modern security of web apps. He also wrote the http://code.google.com/p/browsersec/

Both are pretty recent and cover some good ground.

There's good advice here. Did you master JavaScript on the way to CoffeeScript? If not, pick up Crockford's Javascript: The Good Parts - actually, either way, read that book if you haven't already.

If you know JS well, you should do a couple of side-projects in Meteor. It's an interesting framework that embraces "Reactive Programming".

Here's a few other things:

• Node.JS
  
• MongoDB
  
• Redis
  
• Memcache
  
• Ruby (if you like CoffeeScript, this shouldn't be a massive leap)
  
• jQuery/Backbone or Angular/SASS/Susy/Yeoman (if you want to do front-end stuff)
  
  Good luck!

Some great resources are The Web Application Hackers Handbook. It's a long read but very in-depth. Link

If you want to practice as you read look into Damn Vulnerable Web App (DVWA) [Link] (http://www.dvwa.co.uk/), Pentester Lab challenges [Link] (https://www.pentesterlab.com/), bWapp. Learn how to use tools like Burp, ZAP, sqlmap, and BEEF (among others).

I've also heard that Security Tube has a lot of great videos but I haven't checked it out personally yet.

As for fundamental knowledge, you'll need to understand how the web and web applications work. Things like HTTP/HTTPS, HTTP methods, forms, Javscript, sessions, cookies, databases. Also about application input, application frameworks, application firewalls. If you don't have any programming experience, you should start learning some fundamentals to understand application logic and structure. This can help you think of assumptions that developers made and how you might be able to bypass or work around those assumptions to do things that weren't intended or anticipated.

The dark side has lot of facets, it depends on what you want to achieve.

If you are already working on web applications and web in general, then you may want to start with the Web Application Hackers Handbook by Dafydd Stuttard and Marcus Pinto.

This is a very valid book and with your existent knowledge it will be a very interesting read: i may also advise you to read The Tangled Web by Michal Zalewski, this instead will give you a very in-depth look of browsers' quirks and their inner working, quirks you'll learn to exploit.. for science!

Then there is the world of binary reverse engineering and exploitation, my preferred literature on this is Hacking: the art of exploitation: keep in mind that the techniques there may be outdated, but the reasoning and much of the concepts are still valid. It's a very specific book with very detailed information and you are required to know a bit of assembler, C and very low-level stuff.

Happy hunting and good luck!

If you're picking up JavaScript as a first language, it might be a bit difficult. It's used so often for the web that you'll most likely be required to learn at least some HTML and CSS as well. But, if you're not discouraged by this there's a lot of resources out there.

The one stop shop that'll give you everything is MDN (https://developer.mozilla.org/en-US/docs/Web). Which has pretty much everything you'll need about JavaScript (https://developer.mozilla.org/en-US/docs/Web/JavaScript).

If you don't know anything about HTML or CSS you might want to at least go through the introductions before jumping over to JavaScript:
https://developer.mozilla.org/en-US/docs/Learn/HTML/Introduction_to_HTML
https://developer.mozilla.org/en-US/docs/Learn/CSS/Introduction_to_CSS

As for programs to use, to start, all you really need is a text editor (I recommend https://code.visualstudio.com/) and a browser. If you're using Chrome press F12 and that should bring up the developer console and type:

console.log("It is " + Date());

Congrats you just wrote JavaScript.

Once you feel more comfortable you'll definitely want to pick up JavaScript: The Good Parts (https://www.amazon.com/dp/0596517742).

1. this book covers pretty much everything you're after https://www.amazon.co.uk/Hobbyists-Guide-RTL-SDR-Software-Defined-ebook/dp/B00KCDF1QI
   free PDFs are also available online https://www.surviveuk.com/wp-content/uploads/2016/07/The-Hobbyists-Guide-To-RTL-SDR-Carl-Laufer.pdf
   
   
2. Long wire antenna like that will be ideal for signals in the HF range, below the normal 24MHz limit (either by using the direct sampling mode or, for better signal quality, purchasing an upconverter). The planar disk antenna covers about 150MHz-1.5GHz, although its exact limits are dependent on the diameter of the metal discs you find. You can read more about long wire antennas here http://www.northcountryradio.com/Articles/Long%20Wire%20Antenna.htm
   
   
3. check out /r/amateurradio they'll help you out

mmm...I like Rob Allen's dev notes (he also has a pretty good book called Zend Framework in action, which of course is very ZF oriented, but that's not a bad thing if you're looking to learn some good practices). Also, PHP 5 Objects, Patterns and Practices is a pretty cool read.

If you are debugging you can manipulate the execution path. For example, the IsDebuggerPresent function call returns a nonzero value when the program is running in the context of a debugger. In intel x86 asm, return values are generally stored in EAX. Next there will be a comparison between EAX and zero. If they don't match, the malware will typically terminate.

When using a debugger you can set EAX to 0 before the comparison takes place. This way even though you are debugging, the malware will not know it is running in the context of a debugger.

There are also ways where you can patch the executable to change sections of code. This way you won't have to manually change the register values each time. Instead everytime IsDebuggerPresent is called, it will take the execution path you want everytime.

Sorry if this is confusing, I'm not sure the best way to explain this. This is more advanced analysis techniques / reverse engineering, so if you don't know assembly then it might be over your head.

There are some good resources out there to learn though. Practical Malware Analysis is the go-to book. I've heard good things about the Leena tutorials on tuts4you. There was also a blogger called The Legend of Random (might be down) who made some cracking tutorials. I personally think a good way to learn is to write a simple windows program (using a higher level language) and reverse the binary. This way you know what the source code is and see what it looks like in ASM. (Make sure to do these in VMs or another isolated environment).

No offense, but if you're that unfamiliar with basics like DNS records, please don't try to run your own mailserver.

I'm not picking on you, honest. It's not a task for the green or the faint of heart, and the best case scenario is you end up in blocklists from now until doomsday before too much damage gets done.

I really can't recommend the ORA animal books strongly enough (I just ordered 2 more while getting these links.) The Cricket has all you need to know about DNS, even if you're not using BIND and Safe, though a few years old, is still an excellent resource, just not, perhaps, an exhaustive one.

Edit: I'm here from the main page as well. Googling around I found this book "The Hobbyist's Guide to the RTL-SDR: Really Cheap Software Defined Radio" on Amazon:
https://www.amazon.com/gp/product/B00KCDF1QI/

You can read it for free with a 30-day free trial of Amazon books.

It goes through everything from setup to advanced usage so I'm gonna give it a shot. Hopes it helps other people get started!

I've recently been working on my JS skills and heres a few resources I've found super useful:

Books:

Javascript Patterns

Javascript: The Good Parts

Javascript: The Definitive Guide (While an exhausive resource on the topic, this one is a bit verbose)

Web:

Mozilla's Javascript Guide (One of the best free online javascript guides/references.

How to Node (Tutorials on server-side Node.js)

Daily JS (Interesting JS related news)

Echo JS (Similar to above but updates less frequently)

Hacker News (This is more general tech news but there is a ton of useful web stuff, especially as node.js is currently a hot topic. Reddit actually spawned from HN)

Online Videos (free)

Douglas Crockford's Javascript Lectures (I would recommend these to anyone getting into javascript)

I'm also a novice, but I would recommend Unity in Action. Simple, straightforward, and slowly builds towards bigger and better things. I've been using it for a couple of weeks and I can't believe the things I can do in Unity already. Edit: It does presume some knowledge of C# though. This book is a pretty good reference for the basics.

There are some good suggestions here, especially DonnyTheWalrus's reply.

However, regarding books I'd personally suggest the book "Head-First Javascript Programming"(make sure you get the latest the one that says "programming" in the title, as that is the more modern one.) or "A Smarter Way". In my opinion, these books are really good at taking a newbie into the intermediate level of Javascript by taking advantage of some of the best things we've learned about learning in general.

First of all, for any software development questions you may have, I suggest you post your questions on Stackoverflow because the people there will surely provide you with answers.

Now, for a list of books I recommend:

JavaScript

JavaScript: The Definitive Guide; if you're new to JS, start with this one.

JavaScript: The Good Parts; not a beginner's book, but a must-read if you are going to use JS

If you are going to be using JS, you will most probably be developing using a framework, and for that I seriously recommend mastering jQuery because as they say, you will write less and do more!

CSS

CSS Mastery: Advanced Web Standards Solutions

Web Usability

Don't Make Me Think: A Common Sense Approach to Web Usability; the book that shows the users' perspective when viewing a website

Performance

High Performance Web Sites: Essential Knowledge for Front-End Engineers and Even Faster Web Sites: Performance Best Practices for Web Developers;if you want to get serious about performance for your websites

> Failing that, are there any good cheatsheets/references for JS "gotchas" and unusual features that devs from other languages might not be familiar with?


There are entire books dedicated to this! (Also some entertaining talks.)


Here are some good JS books not aimed at total beginners:

• JavaScript: The Good Parts
  
• Professional JavaScript for Web Developers
  
• Effective JavaScript
  
  
  Bonus (to give you a sense of the kinds of "gotchas" you'll find in JS):
  
  
  // Even though you pass in numbers, JS sorts them lexicographically
  > [5, 1, 10].sort();
  [ 1, 10, 5 ]
  
  // You "fix" this by passing in a custom comparator
  > [5, 1, 10].sort(function(a, b) { return a - b; });
  [ 1, 5, 10 ]
  
  // This probably makes sense to someone, somewhere
  > Math.min();
  Infinity
  
  > Math.max();
  -Infinity
  
  // Some things are best left unknown
  > {} + {};
  NaN
  
  > var wat = {} + {}; wat;
  '[object Object][object Object]'
  
  Here are a bunch more in quiz form.

Definitely agree, it's hard to get these concepts to stick unless you've used them. I've struggled with JavaScript in the past but I'm currently reading Head First JavaScript from O'Reilly and I find it's suuuper helpful because it explains everything clearly with good examples and also has you code along with it to help you really grasp the concepts.

> But co-writing with a book takes up a lot more time than co-writing with video.

If by co-writing you mean writing the examples from the book/video and making them work, well I never do that. I always read technical programming books as fiction and never try the examples. Sometimes I just return to particular parts in the books for reference, but that's it. For the practical part I do my own things. I don't have time to retype the examples from the books, my life is too short. I got plenty of needs that imply writing software to solve my own personal practical problems. If I think about it long enough, I always come up with some really small project that's (at least theoretically) possible to be made by an almost complete language newbie.

I don't know how useful my personal experience would prove to you, but here you go. My JavaScript journey started when I was living in a cave with no internet access and a very old computer with such a small amount of RAM that it could only run Opera. I found three books about JS on some old CD and picked the basics from them. Having a bit of prior programming experience helped, but I wouldn't overestimate that influence.

Here are the books:

https://www.amazon.com/JavaScript-Good-Parts-Douglas-Crockford/dp/0596517742/

https://www.amazon.com/JavaScript-Enlightenment-Cody-Lindley-2013-01-10/dp/B01FEKKCSA/

https://www.amazon.com/JavaScript-Bible-Danny-Goodman/dp/0764531883/

I found the first one most interesting and useful, the last one was good to use as reference and replacement for the lacking access to online searches.

As you can see, all of them are quite old (and maybe outdated already, since the JS ecosystem moves ahead so fast).

I'm pretty sure there are tons of newer books nowadays.

Very recently I was suggested to have a look at http://javascript.info/ but I didn't manage to get some time to have a closer look at it, so I can't comment on the content there.

HTH

Do you have the image file itself?
If yes, open it in a tool like Active @ disk-editor.(http://www.disk-editor.org/) This tool highlights disk information in colours and gives verbose information for you to easily understand what parts on the disk/image you're looking at. Great way to start off and learn things about filesystems. Also I highly recommend the File System Forensics book by Brian Carrier. (https://www.amazon.com/System-Forensic-Analysis-Brian-Carrier/dp/0321268172)

Learn pure JavaScript. It will not only help when learning new frameworks but will also help you to realise that frameworks are not always necessary and by understanding them better, will not rely on them as a crutch.

From my perspective, these two books helped me "level up" from jQuery to full-blown JS developer:
https://www.amazon.co.uk/JavaScript-Good-Parts-Douglas-Crockford/dp/0596517742
https://www.amazon.co.uk/Learning-JavaScript-Design-Patterns-Osmani/dp/1449331815

I am also a member of Udemy, which has a great selection of courses to work through.

Once you understand JavaScript without frameworks, just pick up a framework and start playing with it. Do the tutorials or pick your own goal/application to build with it. I find I learn more than doing something rather than simply reading about it.

Closures are actually a somewhat important concept in Javascript. If you don't understand them then one day you'll probably get some weird this bug working with callbacks and you'll waste more time than you need to trying to figure out what's going on.

This is just my personal experience, but I felt that when I had a Javascript interview coming up I would always take some time to review this book:
https://www.amazon.com/JavaScript-Good-Parts-Douglas-Crockford/dp/0596517742/ref=sr_1_1?ie=UTF8&qid=1501136583&sr=8-1&keywords=javascript+the+good+parts

It's worth it to read in my opinion, it covers pretty much everything you would probably be asked in a Javascript interview, and it's very short.

It helps me a lot with Javascript stuff. The other stuff, like the Java stuff, you could probably just google it. There's a standard set of OOP questions that interviews just like to ask all the time.
http://java-questions.com/oops-interview-questions.html

Regardless of if the code is contrived, it's still a possibility. I wasn't saying that I couldn't figure out if it was an if statement or an assignment. I was saying that I can more quickly parse one over the other if you end all of your statements with a semicolon.

I said I don't agree with much of his stuff but Crockford has written entire books on JavaScript so disagreeing with much of it still leaves a whole lot to be taken in to account. As I'm sure you've heard from others, I would highly suggest reading The Good Parts to see what he's all about. Perhaps saying "much" was a bit strong. Really I only disagree with his idea of placing all of your variables at the top of a given scope.

How can you say that code statements don't flow one after the other like sentences? The very notion of programming is that steps are executed "programatically" i.e. one after the other (we could argue about asynchronous code but the reality is that async code just adds a level of variability in the line of execution).

I find semicolon-free code less readable because, again, the moment I see a semicolon my brain automatically says "that's the end of the statement." For example: I might write some jQuery like this

$('#really-cool-thing').css('color', '#FFF')
.css('background-color', '#000')
.attr('value', 'Awesome');

Because I always end with a semicolon I automatically know that this is a chain and I don't even have to look at the beginning of the line to check if we're acting on a new object. Without semicolons, I have to scan back to the beginning of the line, check to make sure there's only a period, then continue to read. It adds more time and forces me to load just the tiniest bit more complexity into my head. Why should I "allocate" some of my mental memory to checking for where semicolons are going to be inserted when I can just insert them myself and never even think about it?

Most C based languages (i.e. most programming languages are semicolon terminated or, in the very least, semicolon separated. So if you program in any of these regularly then typing them in becomes second nature. I literally don't even notice when I type a semicolon anymore.

If you have a background in languages like Python then I can see the anti-semicolon sentiment because while Python allows semicolons, it isn't considered "pythonic." Likewise, I would make the argument that although semicolons can be left out in JavaScript, it isn't considered "JavaScriptic" to do so.

Do whatever suits you best but I don't understand the idea of having to keep track of more things, no matter how small, in your head rather than covering your ass. In the case of the bootstrap code that I linked you to, it can also cause issues in minification if you don't use a minifier that puts in your semicolons for you. Finally, it does make your application a little bit slower because the parser has to read in the line break, attempt to read in the next statement, determine if it can be considered part of the previous statement, and if not rewind back and shove a semicolon in. But if you place it in explicitly then the interpreter reads it, automatically understands the statement has ended, and goes about its business.

I can't personally recommend any of these, but just looking at Amazon yielded a few interesting prospects. You're probably beyond the basics in most of these books - but they all target slightly different things, so you'll end up gaining useful knowledge from any of them.

https://smile.amazon.com/Unity-Proficiency-Foundations-step-step/dp/1518699898/

https://smile.amazon.com/Unity-Learning-Developing-Greg-Lukosek-ebook/dp/B01LD8K5DE/

https://smile.amazon.com/Unity-Action-Multiplatform-Game-Development/dp/161729232X/


(search link: https://smile.amazon.com/s/ref=nb_sb_noss?url=search-alias%3Dstripbooks&field-keywords=unity&rh=n%3A283155%2Ck%3Aunity)

Brian Carriers book on File System Forensics is a must, http://www.amazon.com/System-Forensic-Analysis-Brian-Carrier/dp/0321268172

Next, any of Harlan Carvey's Books. These cover the basic (as well as advanced) Windows Artifacts such as the Registry, Event Logs and Timeline creations. He also has lots of open source tools that he demonstrates in the books:

http://www.amazon.com/Windows-Forensic-Analysis-Toolkit-Second/dp/1597494224/ref=sr_1_5?s=books&ie=UTF8&qid=1414266778&sr=1-5&keywords=harlan+Carvey

Check out the free SANS Webcasts in their archives. Lots of good videos on forensic and security related topics. They also have a free forensic tool called "SIFT" which is a VM loaded with free/open source forensic tools (LINUX based)

https://www.sans.org/webcasts/archive

Oh yes they are. The last one I had (the one that passed in April) was by far the best cat I've had.

I looked at all the engines available, and I decided I would use Unity. I used to do Java, but never did any C#, but when I started I'd read some C# scripts and they were basically the same as in Java, so I figured I could learn it.

I read one for Unity, and one for C#.

Here are the links to the books I've read (they're from amazon.ca because I'm a frog/canuck):

https://www.amazon.ca/dp/161729232X
https://www.amazon.ca/dp/0985580127

I've also changed jobs in October, a job in which I'll do programming. So I've read other books in the past few months pertaining to development in general, not just games. (Long story short: I've studied actuarial sciences, always have had a keen interest in IT, and I got hired at a consulting firm where they hire actuaries to do some of their IT development).

I tried to learn Gimp and Blender, but I can't seem to transform into an artist overnight lol :P

For PHP I would definately recommend PHP 5 Objects, Patterns and Practice. Pro PHP Refactoring is also pretty good. And the latest book on PHP Security is good too.

For javascript I would start with the Good Parts, go to Javascript Enlightenment and read what is available in EAP for Secrets of the Javascript Ninjas because although the book may never actually be finished what is there is worth 30 average javascript books.

Glances is a very nice example of a good python code base and project structure. An excellent demonstration of the a "proper" way to package a standalone python application. https://github.com/nicolargo/glances

It does, as the name suggest, only provide a "glance" into how the system is doing. For a deeper dive in monitoring check out Brendan Gregg's posts and guides,
http://www.brendangregg.com/index.html .

He also has a book which I consider one of the most up to date and best on the topic of monitoring: https://www.amazon.com/Systems-Performance-Enterprise-Brendan-Gregg/dp/0133390098

JavaScript books I'd recommend:

JS Good Parts. Short read but interesting and important concepts covered.
http://www.amazon.com/JavaScript-Good-Parts-Douglas-Crockford/dp/0596517742

Professional JavaScript for Web Developers. Covers every detail of JavaScript in web development. Huge book with about 900 pages of information. This covers all the technical details from syntax to core concepts.
http://www.amazon.com/Professional-JavaScript-Developers-Nicholas-Zakas/dp/1118026691

I haven't read the one you linked, but have seen it around. It's probably good.

Luckily, JavaScript is a pretty easy language to pick up. Personally, I'm partial to O'Reilly's "JavaScript: The Good Parts." It's a very good summary of the language :).

https://www.rtl-sdr.com/ is a great place to start. They also have a book that will cover much of the basics from the different radio's you can get, antennas, filters and a walk through of large amount of projects. If you want to go a bit deeper you should check out the book Field Expedient SDR: Introduction to Software Defined Radio. There are three books to that series.

As for your first SDR Nooelec NESDR Smartee bundle is a great start. Once you have an idea of what other projects you want to work on you can upgrade to something like LimeSDR (or mini) or a hackrf. I would recommend the LimeSDR Mini.

What do you want to do? "Security" is a nonsense term that doesn't mean anything to employers.

I'd pass on certs, as most of them are worthless and don't teach you anything relevant in the security field. OSCP is good and the SANS FOR 610 is good, but LOL at paying $6,000 for a certification.

Build a lab. For Malware Analysis learn REMnux, IDA Pro, Ollydbg, and look at C++ and C.

For Penetration Testing learn TCP/IP, play with Backbox and Kali when you have a soild understanding of TCP/IP and networking in general. Learn Python, Bash, and PowerShell.

Practical Malware Analysis

Practical Forensic Imaging

Those books are solid for learning IR and Malware Analysis.

Check out /r/netsecstudents

For fucks sake, stay off this sub-reddit for anything Security related. Just lmao at the responses in here. Too many people have read that shit book Phoenix Project and think Security is just policy and process.

Excellent work. Thanks for contributing to the open-source community.

As for your question about four layers vs. two: oof. That is a surprisingly complex question. Generally, I follow the rules of Henry Ott in his very useful textbook, Electromagnetic Compatibility Engineering. I can't personally say if going from four layers to two layers is going to work. My gut feeling is that it will. I just wanted to be sure when I was doing my design.

You should be careful about ragging on JS - while it's sometimes fun, the loudest JS-haters are universally just ignorant or unskilled devs. Which, of course, are very common in webdev...

I'd recommend Crockford's Javascript: The Good Parts if you'd be interested in a more positive perspective.

https://www.amazon.com/Framework-Design-Guidelines-Conventions-Libraries/dp/0321545613/ref=sr_1_1?ie=UTF8&qid=1479150755&sr=8-1&keywords=net+framework+design+guidelines

It is by far the best book on API design for any language. I highly recommend it no matter what you program in.

Plus it explains what the .NET developers were thinking when they created it, so you'll get a better understanding of how the APIs were laid out. This not only helps you find what you need faster, but also makes it easier to create new libraries that feel like the built-in ones.

Best way to do it is to learn by doing. Bury yourself in a personal project and use Google as your best friend. I'm unsure of what type of code you are looking to write but if you are leaning towards Front End development and would rather read a book first, Javascript: The Good Parts was a good read.

Advanced

Medium

Old, but probably still relevant

Yet to be released, but you can get the in progress pdf from the publisher

Docs

The one that everybody recommends

HTML5 spec

HTML5Rocks

Latest Webkit News

Other than that build build build. Make demos and play. Ask questions here or on stackoverflow and read other people's code. Also, lots of great old JSConf videos out there.

It's the standard reference for web application testing. I'm a security consultant who spends a significant portion of my time reviewing web applications and we hand WAHH to every junior who comes on board, while intermediate/senior testers brush up on it periodically alongside the OWASP Testing Guide.

Once you're comfortable with the material in WAHH, also check out The Tangled Web: A Guide to Securing Modern Web Applications which starts to look into browser mechanics and their impact on web application security.

I think very poorly of the cyber security courses offered (except NUS) in Singapore, as the things they teach are not aligned with the industry practices - either outdated or just not practical enough.

Having said that, if you have the time, I would suggest taking the SIT degree instead of the diplomas (waste of time IMO) and hopefully it provides you the fundamentals (programming, network and system administration) and be exposed to some other topics in cybersecurity.

If you are doing a career switch, I suppose you want to get up to speed fast by focusing on the need to have knowledge as a baseline. I would suggest taking the time to go through these stuff in details, setup your labs and practice the stuff

1. https://www.cybrary.it/course/comptia-network-plus/
   
2. https://www.amazon.com/Kali-Linux-Revealed-Penetration-Distribution/dp/0997615605
   
3. https://www.amazon.com/Network-Security-Assessment-Know-Your/dp/149191095X
   
4. https://www.amazon.com/Web-Application-Hackers-Handbook-Exploiting/dp/1118026470
   
   Other wise, there are hands on courses and industry certifications that you can take online at your own pace and employers look out for such as:
   
   
5. https://www.elearnsecurity.com/training_paths/ (eLearnSecurity is good because they have a progression path from student onwards )
   
6. https://www.offensive-security.com/information-security-certifications/oscp-offensive-security-certified-professional/ (I don't encourage going for this as a starter unless you already have some fundamental knowledge and skillets for system administrations but this is highly recognised in the industry)
   
7. You can also go for SANS or what not, I think it's just too expensive for my liking.
   
   There is no one path to becoming a good pentester. However from my observations, folks who tend to be more in demands (with or without certifications/formal educations) are those who can display the ability to learn stuff on their own. This is an industry of skills and continuous learning. For employers that pay top dollar and provide time for training, learning and research, they are looking for folks who can display those stuff through actions.
   
   ​
   
   Source: Pentester