Answer the question
In order to leave comments, you need to log in
What does a pentester need to know?
Here, I thought, IB is legal norms. And for me it is easier to be a pentester with opportunities than an Ibshnik with limitations. Advise materials, books, sources, sites where you can really get "suitable" information, well, up-to-date. And then Information Security from Biryukov is only for system administrators.
Hate is allowed :)
Answer the question
In order to leave comments, you need to log in
If you have experience with the technical side of IT, then to start you can consider the following:
- an ethical hacker certificate from the EC Council ( https://www.eccouncil.org/programs/certified-ethic...
- Kali Linux (preferably create your own network sandbox at home and try to play with components ( WireShark, Burp Suite ....)
- Bug Bounty Program ( https://www.bugcrowd.com/bug-bounty-list - a service that allows companies to identify vulnerabilities before they are criminals will find out.Any pentester can try to find vulnerabilities and report them for a reward)
Skills that can be highly welcome:
1) Basic knowledge of networking, TCP IP / OSI model stack
2) be good friends with the command line
3) Ability to write a competent report on vulnerabilities
4) Focus on constant creative thinking
5) Understanding the business goals of testing
6) Knowledge of one or more programming languages (but it all depends on what your specialization is. There are testers who only need a set of Kali Linux and excellent knowledge of OS administration)
PS: I don't do pentesting, but I often have to work with the reports they provide. Good luck with your direction!
These things are not taught anywhere. First you become a professional programmer with a broad outlook and deep knowledge, and then you learn on your own in a research mode. To hack a site like Habr, you must first be able to write a site like Habr.
Recommend materials, books, sources, sites where you can really get "suitable" information, well, up-to-date -
The first thing a pentester needs is the ability to INDEPENDENTLY find answers, at least to the simplest, basic questions. And "suitable" information can be obtained everywhere - from the university to Google. The main thing - not "Where" to study, the main thing - "To be able" to study.
Any pentester knows many programming languages, knows their features, knows the patterns of writing code, knows where vulnerabilities can occur. Knows how networks work - all levels of the OSI model.
He must also abide by the "moral code": to be on the light side of the force even when cookies are offered on the dark side.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question