The entry level cert in this area is the CEH. It's kind of looked down upon, like a lot of entry level certs are, but studying/working towards that isn't a bad thing.
Books:
- Practical:
The Web Application Hacker's Handbook 2nd Edition - Gives a very good overview and is a good place to start.
The Hacker Playbook 3: Practical Guide To Penetration Testing - #3 just came out. Haven't gone through my copy yet, but I've heard good things.
RTFM - Red Team Field Manual - Nice to have, quick reference guide
BTFM - Blue Team Field Manual - Like the above, but for the good guys ;)
- Covering the bigger picture, if you're curious (geopolitical):
The Hacked World Order: How Nations Fight, Trade, Maneuver, and Manipulate in the Digital Age
The Red Web: The Struggle Between Russia's Digital Dictators and the New Online Revolutionaries
Dark Territory: The Secret History of Cyber War
Cyberspies: The Secret History of Surveillance, Hacking, and Digital Espionage
CEH is a fucking joke created by a former marketing professional and it shows. It's always been a ho-hum cert that attests to the fact that you once heard about this nmap thing, but it was cheap resume fodder for someone looking for their first industry position.
They successfully lobbied the DoD to make it an option for 8570 compliance and, after becoming a government contractor, doubled the price immediately afterward.
CEH never taught anything useful or lasting even at its former price point, and it only exists now to soak up mandatory spending of government cheddar. (The cynic in me speculates that this was their intention all along.)
Don't bother with it unless someone else is footing the bill.
But still gets looked down on. It's a running joke in pretty much everywhere I've worked that if you see someone with CEH and/or CISSP in their email signature - like a badge of honour - that you know you're going to be in for a real tough time.
Free: https://www.cybrary.it/
Cheap: https://www.pluralsight.com/
The entry level cert in this area is the CEH. It's kind of looked down upon, like a lot of entry level certs are, but studying/working towards that isn't a bad thing.
Books:
- Practical:
The Web Application Hacker's Handbook 2nd Edition - Gives a very good overview and is a good place to start.
The Hacker Playbook 3: Practical Guide To Penetration Testing - #3 just came out. Haven't gone through my copy yet, but I've heard good things.
RTFM - Red Team Field Manual - Nice to have, quick reference guide
BTFM - Blue Team Field Manual - Like the above, but for the good guys ;)
- Covering the bigger picture, if you're curious (geopolitical):
The Hacked World Order: How Nations Fight, Trade, Maneuver, and Manipulate in the Digital Age
The Red Web: The Struggle Between Russia's Digital Dictators and the New Online Revolutionaries
Dark Territory: The Secret History of Cyber War
Cyberspies: The Secret History of Surveillance, Hacking, and Digital Espionage