Where to start studying IB?

Hello, dear friends! This morning I became interested in information security (mostly web, reversing not interested) and want to get as much knowledge as possible in a short period of time, therefore, constitute the plan that will work. I would like your advice, where better to start, what to pay more attention. Ask not for hype, I want to hear as many advices of the collective mind, so that nothing is missed and put in my head. Welcome links to resources, useful tools, personal opinion, but in General all that relates to the topic. How would you approach the study of information security?

At the moment I know: programming languages C++ and Python (+ a General understanding of programming, so learning new languages is not a problem), just basic knowledge of XSS and SQLinj mechanisms, OllyDbg+IDAPro (used for debugging), Linux know at the level of the experienced user.

Here's a list of what you need to know and understand, add please:
- PHP (Laravel/Yii2/Symfony);
- SQL Injection, XSS;
Device network network protocols;
June 5th 19 at 22:01
4 answers
June 5th 19 at 22:03
Well, since 60% of the web is php, I think you should start with him.
Then all sorts of SQL and SQL injection
What level of php you need to have? Because I studied him, remember the principle to 4 out of 10 - nikita.Stracke commented on June 5th 19 at 22:06
The deeper the better. :) Filter/data validation, type conversion, chips non-strict dynamic typing, have an idea about the big three frameworks (Laravel/Yii2/Symfony). - Giles_Luettgen18 commented on June 5th 19 at 22:09
that is all the same frameworks will have to learn) Okay, thanks! - nikita.Stracke commented on June 5th 19 at 22:12
Many projects are written on them. So knowing the strengths and weaknesses of each of them you can understand how protected the application. - Giles_Luettgen18 commented on June 5th 19 at 22:15
June 5th 19 at 22:05
With the paranoia. First you have to learn to look for places where they can hide problems. SQL injection is one of them with its own name. As a consequence, learn to close them, or change your code to SQL injection not climbed, or analysis of interface and data processing, so as not climbed any parameter in the wrong place, and so on.
Well, how can we learn to find problems? Probably just practice? It seems there are special websites specifically designed to search for vulnerabilities - nikita.Stracke commented on June 5th 19 at 22:08
June 5th 19 at 22:07
Information security in the web is not only injection. This morning on the Toaster was the theme that resonates with your 99%.
Take a look:
What literature about the sniffers, network analyzers, can be read?
Thanks, a useful book, take note! - nikita.Stracke commented on June 5th 19 at 22:10
June 5th 19 at 22:09
OWASP and look for a mentor or a place for future work

Find more questions by tags Information security