Security Basics mailing list archives
Re: Penetration tester skill set,
From: "Michal Merta" <michal.merta () gmail com>
Date: Tue, 25 Jul 2006 21:12:22 +0200
Agree with you, Scott. good knowledge of protocols and operating systems behaviour is almost mandatory and pen tester should start with this. I red interesting idea couple days ago. Good penetration tester should be trained for dealing with other people, because of Social engineering. The results from social engineering are very often incredible! Regards, Michal On 7/25/06, scott <redhowlingwolves () bellsouth net> wrote:
IRM wrote: > All, > > I am new to the list and also to the security. I hope this is the right > forum to ask a question since it is called "security-basic" forum. I > came across to the archive on this forum and found an interesting post > called "Death of the security community" > (http://www.securityfocus.com/archive/105/428207/30/1590/threaded) > > Straight to the point, I would like to know; what is the 'typical' skill > set that a penetration tester should have. The reason why I asked this > question is because part of penetration testing is a vulnerability > assessment. On most of the penetration testing report it's required you > to insert the "proof of concept" section on how to get in to the > specific condition maybe in this case an administrator/root privilege. > > Running tools like Rainbow Crack or Nessus does not required a lot of > skill. In fact it is something that everyone can do! This is definitely > does not bring any values to the customer. At the same time, I need to > be a realistic too that finding a bug and writing the exploit as a proof > of concept are required a lot of effort. For some reason I can see a > dilemma in here. > > So back to my question; what is the typical skill set that a penetration > tester should have? > > Can anyone in here give me some light about this? > > J > > > > > > > --------------------------------------------------------------------------- > This list is sponsored by: Norwich University > > EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE > The NSA has designated Norwich University a center of Academic Excellence > in Information Security. Our program offers unparalleled Infosec management > education and the case study affords you unmatched consulting experience. > Using interactive e-Learning technology, you can earn this esteemed degree, > without disrupting your career or home life. > > http://www.msia.norwich.edu/secfocus > --------------------------------------------------------------------------- > > > One thing that i forgot:know the protocols for different layers in the whole ip stack.Or at least have a grasp for the way the different layers interact. Enough from me.I'm sure there are people better able to explain this than me. Just IMHO,my 2 or 3 cents worth. --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
-- Michal Merta Network Security Engineer http://www.misuta.cz The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments. --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINEThe NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.
http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- Penetration tester skill set, IRM (Jul 24)
- Re: Penetration tester skill set, scott (Jul 25)
- Re: Penetration tester skill set, Ayaz Ahmed Khan (Jul 27)
- Re: Penetration tester skill set, scott (Jul 25)
- Re: Penetration tester skill set, Michal Merta (Jul 26)
- Re: Penetration tester skill set, Alice Bryson <abryson () bytefocus com> (Jul 27)
- <Possible follow-ups>
- Re: Re: Penetration tester skill set, mw (Jul 27)
- Re: Penetration tester skill set, scott (Jul 25)