Web or network pentesting?

I

its_y0u2017-05-01 01:32:38

Computer networks

its_y0u, 2017-05-01 01:32:38

Good time of the day!
Here is the question:
In what area is pentesting more in demand, in the field of web technologies, or the security of corporate networks?
A little about myself - I study in the specialty Cybersecurity, with regard to skills in information security - I know typical web vulnerabilities and have practical experience in exploiting them, went through a full cycle of "baghunting", from finding a vulnerability in a service to reporting to developers (for which, by the way, even They didn’t say thank you, although the vulnerability made it possible to attack sensitive service accounts, and the attack was quite successful, but it doesn’t matter while I’m still learning - I don’t care much about the material side :)) I’m
more interested in where to go to work next?
There are no information security offices in my city (especially those associated with pentesting), working remotely is only bag hunting, which in itself is unstable, because it is not known in advance - they will say thank you, pay something, or start UD. I know about bugbounty sites, but it's still too early for me, my skills are too weak. There are 2 further development paths:
1) Go to web development courses (I’m not interested in coding, just to better understand how it all works (Now I know Python with a cap, I can sketch a parser on it, an exploit if necessary, a tool for automation, but no more , before that I wrote all this in php, so I know it at a roughly similar level)), but I have no idea where to go after these courses
2) Take a course on networks and administration, and then work in the direction of pentesting networks, if nothing works out with this, work as an administrator, well, or a security guard in an office (which is about the same in the CIS)
If in the second option I have an emergency exit, then in the first one - no, sawing business card sites, pulling templates on wp - this is not for me, even though they pay very good money for this. I want to deal with information security, I really like baghunting, if not for all these nuances - this is exactly what I would like to do after I found my first bug in the wild (Before that, I read a lot, I was afraid that it would not work out) - I couldn’t normally sleep all night, but also do not want to starve in the future and wait until at least someone pays even a drop of money for the problem found.
I will not combine these two paths, I think that you need to be a highly specialized specialist in one area.
I will be grateful for any answers

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

R

Reverse, 2018-02-09
@kachora

Hello these! How are you doing? A lot of time has passed since then, something has moved for the better? I'm experiencing the same thing as you wrote, I would also like to go to IB while I'm learning python and kali and other things that are boring at first.
There are also a lot of detailed answers on the topic of searching for a specialty in cyber security, though in English.

F

f9k56, 2017-05-01
@f9k56

The security guard is more optimal, the demand for them will only grow. But no coding.

V

Valentin, 2017-05-02
@vvpoloskin

If you look at hh.ru or my notorious circle, even in the default city there are practically no vacancies for pentest, to say nothing about the periphery. It is all the work in information security in large organizations that are not specialized in information security that is based on working with documents - taking into account risks and coordinating any decisions. Well, or as a watchman - allow or prohibit. I will assume that the work that you are interested in does not shine in the public, you need to live on anti-chat, gain a reputation and you will be included in some business chain.