Learning Resources For Students & Novices

How Do I Get Started In Information Security?

This is a question I get asked every time I talk to college students. A lot of people want to learn about InfoSec, but they have no idea how. The answer for most people is: You have to teach yourself. Even for experienced professionals, InfoSec is about constant self-teaching. This is the nature of the industry. When it comes to information security, defense is all about being one step ahead of the offense; This is why companies hack themselves, and why whitehats are always researching new exploits.

Below is a list of resources that you can use to teach yourself about InfoSec. If there’s not a link, just Google it. While this might not sound helpful, I’ve learned about a lot of things just by hearing a term for the first time and then reading the Wikipedia article for it. If you notice anything wrong with this page, feel free to contact me or open an issue on GitHub.

Web Application Vulnerabilities


This section is WIP, but decent explanations for all of these can be found by Googling.

  • Journey Into Cryptography - Khan Academy course, highly recommended that you start here.
  • AES cipher explained in comic form
  • Known- / Chosen- / Adaptive Chosen Plaintext Attacks
  • Known- / Chosen- / Adaptive Chosen Ciphertext Attacks
  • Brute Force Attack
  • Side-Channel Attack
  • Frequency Analysis (Applies to classical ciphers)
  • Collision Attack
  • Birthday Attack
  • Padding Oracle Attack
  • Replay Attack

Hashing and Password Storage

Penetration Testing


The best way to truly learn something is to practice it once you have an idea of the basic concepts. Making mistakes and learning how and why something works or doesn’t work is key to gaining a deeper understanding of technical concepts. Below are some challenges that you may use to test your knowledge and (hopefully) learn new things.

XSS Games

There are so many of these that they deserve their own section. Most of these challenges are great for beginners and a good way to learn about injection and filter evasion.