Security Basics mailing list archives
Re: Where to start?
From: krymson () gmail com
Date: 31 May 2007 18:41:25 -0000
Honestly, I could ramble on this topic for days, but I'll try to just offer up a slice. I already read the post about pentesting really requiring some programming and experience and such. This is true, and I would first recommend reading some books about the subject and getting the mind wrapped around the difference between a vulnerability assessment and a real pen-test (too often actual pen test shops still use the terms wrong!). For instance, a pen-test may do some programming whereas a vuln assessment may run scanners against things and that's about it. Tate Hansen posted an excellent diagram a while back (http://blog.clearnetsec.com/articles/2006/09/19/competing-for-network-based-security-assessments). Consider the Basic and Intermediate columns to be a vuln assessment and the Advanced steps to be a pen-test. Anyway, get used to scanning and seeing all kinds of stuff and just practice, practice, practice! Get to a point where you can do a pen-test/vuln assessment and know whether you are going to impact system uptimes. This is amazingly valuable and, in my books, the mark of a superior tester/assessor. "Oh, I didn't know a full Nessus scan with DoS testing would potentially freeze your Windows box...sorry!" is not a good pill to swallow. Do the breaking in your network or your friends' networks! :) <- snip -> Hello everyone, I'm looking forward to a career in the security field. Specifically, I'm interested in Pentesting. I concider myself "early" in my education, and have alot to learn, but my biggest concern is, where do I need to start? I mean, what do I need to learn about to become a pentester, and where can i gather and explore my knowlage? ... So, what information do i need to study to start getting a grasp of what I would be doing in my job? (other than just start hacking random computers, which I'd rather not do) I appreciate your help, Michael
Current thread:
- Where to start? graciejj_82 (May 30)
- RE: Where to start? Johnson, Joseph (May 31)
- Re: Where to start? Chris Halverson (May 31)
- <Possible follow-ups>
- Re: Where to start? flyingmunk (May 31)
- Re: Where to start? krymson (May 31)