Security Basics mailing list archives
RE: Programming SKills for PT...?
From: "K K Mookhey" <kkmookhey () niiconsulting com>
Date: Fri, 8 May 2009 11:08:25 +0530
2009/5/4 Swaminathan, Balaji <Balaji.Swaminathan () kla-tencor com>:
Hi all, 1. What are the programming/scripting languages needed to accompolish the above?
More than the programming language, what's most important is to learn regular expressions. With that you can literally hack your way through quite a bit. Even if you understand basic regexes and can figure out where to apply these, a lot of avenues open up for you. My scripting language of choice happens to be Perl, and it's amazing how much a dozen lines of Perl code can accomplish. Ruby (being Metasploit's platform of choice) also is quite powerful. Besides this, if you learn about web application languages, that goes a long way when doing web-app related work. It's comparatively easier to find an SQL injection, than it is to give the right recommendation for the platform used by the client, unless you know ASP.NET or PHP or Java reasonably well. Similarly doing source code reviews requires a reasonably good understanding of the programming language being covered, even when using automated code scanners.
2. I see most of the real hackers are well proficient in almost all of the the technologies like Networking, Application/WebApplcn testing, OS etc. Is it so...?
Yes, of course this is quite true. And it's also probably one of the most interesting aspects about this line of work - there's never a dull moment. The minute you figure you've become 'good', a client comes along with a mainframe/SAP/SCADA/OpenVMS system that needs some assessments done!
3. Are there any other skills/requirements that you can suggest to be a successful Hacker?
IMHO, the key to being a successful hacker is 'creative discipline'. Hacking requires the ability to not give up easily, to try the new and the untested, and yet have the discipline to document, make sure all the feasible test cases have been run, all results have been analyzed, and within the time allotted for the assignment, you've gone about doing it in as systematic a manner as possible - the disciplined application of creativity...:) Cheerio, K. K. Mookhey http://www.niiconsulting.com http://www.iisecure.in ------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both Instructor-Led and Online formats is the most concentrated exam prep available. Comprehensive course materials and an expert instructor means you pass the exam. Gain a laser like insight into what is covered on the exam, with zero fluff! http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html ------------------------------------------------------------------------
Current thread:
- Re: Skills needed to become a Security Expert and Penetration Tester? Joseph McCray (May 04)
- Message not available
- Re: Programming SKills for PT...? George Huber (May 08)
- Message not available
- Message not available
- Re: Programming SKills for PT...? Robin Wood (May 08)
- RE: Programming SKills for PT...? K K Mookhey (May 08)
- Re: Programming SKills for PT...? Robin Wood (May 08)
- Message not available
- Re: Programming SKills for PT...? JoePete (May 11)
- RE: Programming SKills for PT...? Swaminathan, Balaji (May 18)
- Re: Programming SKills for PT...? JoePete (May 11)