For those interested in learning about IT security or sharpening their skills, there are free websites that provide great resources and a safe training ground for new professional security professionals/ethical hackers. Even for veterans in the field, these sites can either help you confirm what you already know or broaden your knowledge. Before you start – Having a background in IT is recommended. While you don’t need to be an expert, having some knowledge will go a long way in being able to understand and complete some of the exercises.
- OWASP (Open Web Application Security Project). This is a security community with a mission to keep users informed and kept up-to-date about critical application security flaws currently being exploited. This includes an annual list of Top 10 Most Critical Web Application Security Risks, describing what they are, example attacks and how to avoid them. Additionally, OWASP provides free resources (videos/guidelines) for developers to test and review their own code for vulnerabilities.
- asecuritysite.com. Not only does this site provide a great selection of theoretical reading, challenges and sample tests for certification exams (e.g. A+, CCNA, ethical hacker to name just a few) but it also teaches you the basics of Cryptography in simple/digestible language. There are also practical calculators to help you understand how Crypto mathematics works e.g. Simple RSA and DSA Calculators.
- hackthissite.org. This is a free training ground for white hackers of all levels. This takes a no-nonsense, learn-by-doing approach to teaching. Once you have signed up, you literally need to hack your way through all the basic levels until you “graduate” to the intermediate and hard levels. Each level provides a new lesson about insecure coding. Although it takes some patience and persistence to complete some of the exercises, the personal rewards are well worth it! Hacking websites is not legal and can lead to criminal charges so for those who have those intentions, this isn’t for you. However, for ethical hackers or site developers/administrators who are interested in developing safer sites and up for the challenge, then go for it!
Of-course, if you are still needing more information about anything, there is great community at http://security.stackexchange.com/!