J
J
JewrySoft2020-04-28 19:59:20
IT education
JewrySoft, 2020-04-28 19:59:20

What does a pentester need to know?

Here, I thought, IB is legal norms. And for me it is easier to be a pentester with opportunities than an Ibshnik with limitations. Advise materials, books, sources, sites where you can really get "suitable" information, well, up-to-date. And then Information Security from Biryukov is only for system administrators.

Hate is allowed :)

Answer the question

In order to leave comments, you need to log in

4 answer(s)
M
misterbelarus1, 2020-04-29
@JewrySoft

If you have experience with the technical side of IT, then to start you can consider the following:
- an ethical hacker certificate from the EC Council ( https://www.eccouncil.org/programs/certified-ethic...
- Kali Linux (preferably create your own network sandbox at home and try to play with components ( WireShark, Burp Suite ....)
- Bug Bounty Program ( https://www.bugcrowd.com/bug-bounty-list - a service that allows companies to identify vulnerabilities before they are criminals will find out.Any pentester can try to find vulnerabilities and report them for a reward)
Skills that can be highly welcome:
1) Basic knowledge of networking, TCP IP / OSI model stack
2) be good friends with the command line
3) Ability to write a competent report on vulnerabilities
4) Focus on constant creative thinking
5) Understanding the business goals of testing
6) Knowledge of one or more programming languages ​​(but it all depends on what your specialization is. There are testers who only need a set of Kali Linux and excellent knowledge of OS administration)
PS: I don't do pentesting, but I often have to work with the reports they provide. Good luck with your direction!

S
Sergey Gornostaev, 2020-04-28
@sergey-gornostaev

These things are not taught anywhere. First you become a professional programmer with a broad outlook and deep knowledge, and then you learn on your own in a research mode. To hack a site like Habr, you must first be able to write a site like Habr.

D
dmshar, 2020-04-28
@dmshar

Recommend materials, books, sources, sites where you can really get "suitable" information, well, up-to-date -
The first thing a pentester needs is the ability to INDEPENDENTLY find answers, at least to the simplest, basic questions. And "suitable" information can be obtained everywhere - from the university to Google. The main thing - not "Where" to study, the main thing - "To be able" to study.

A
Alexander, 2020-04-28
@NeiroNx

Any pentester knows many programming languages, knows their features, knows the patterns of writing code, knows where vulnerabilities can occur. Knows how networks work - all levels of the OSI model.
He must also abide by the "moral code": to be on the light side of the force even when cookies are offered on the dark side.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question