What skills do you need to test website/application security?

B

Bauyrzhan (Baur) Sovetkali2018-05-31 11:49:01

Software testing

Bauyrzhan (Baur) Sovetkali, 2018-05-31 11:49:01

Hello.
Please tell me what skills are required in order to fully test the security of websites / applications?
1. For example, maybe you need to take a course in cryptography? If yes, what would you advise to study: books, courses, etc.
2. Do I need mathematics, any specific courses: linear algebra, etc. :)
3. What tools are needed? Now I have mastered Fiddler, OWASP ZAP.
4. What programming languages can be useful? I know a little PHP, JS.

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

K

Konstantin Malyarov, 2018-05-31
@Konstantin18ko

Well, for starters, water can be considered a joke, but at the same time, take it seriously - knowledge of the Criminal Code of the country in which the object's safety will be tested.
Secondly, you need to warn the object in advance that its security will be tested, if the object tells you not to test its security, then you just have to refuse it.
What you need to know about security - first read the latest software news. New software version - new bugs, new vulnerabilities - we are looking for a vulnerability, we are looking for a company that uses this software and we offer a patch in exchange for money or a bug for money.
If you started learning PHP and JS - continue to study further expanding your knowledge in this area.
Learn new tools.
The most important thing is to determine the purpose of the hack! Hacking a site is not the goal. To get a privilege on the site by registering your user in the database, stealing a domain, registering a miner - this is the goal.