Penetration Testing mailing list archives
Re: Programming skills for Pen Testers
From: intel96 <intel96 () bellsouth net>
Date: Sun, 12 Feb 2006 13:08:26 -0500
I think having some basic programming skills are a must when doing pen-testing and other security work (e.g. looking at virus code, finding systems changes, etc.). Over the years I have learned how to debug code, decompile code, and even writing my own tools, because some of the open source did not meet my requirements. I subscribe to developer magazine and forums to learn. I even pay to have private one-on-one classes with some of my commercial security tools developer friends to learn more. In this fast pace security environment in pays to keep ahead of the Jones................................ (and yes I have a life outside of work ;) FocusHacks wrote: I honestly don't think that programming in C is any sort of a
prerequisite for a penetration tester. It's perhaps a pre-requisite for a security researcher. There was a discussion not long ago where we talked about how many pen-testers actually sit down, wade through other peoples' code look for exploitable code, and write PoC code. Not many pen-testers do this. First off, if a person has those sort of skills, they can probably make more money in development QA than they can as a pen-tester, and next off, that sort of task takes a LOT of time, and they wouldn't have enough time in a week to get any pen-tests in, if they were sitting in front of a computer all day long grokking code. C++ is object oriented C. If you learn C++, you'll learn C, and if you learn C, learning C++ isn't hard, but learning how to think object-oriented causes some people problems. Most normal UNIX stuff is just written in plain old vanilla C, though. On 2/9/06, johnny Mnemonic <security4thefainthearted () hotmail com> wrote:ok we all know that in addition to good network, host and application security skills, programming in C is a pre-requisite for a decent pen tester or at least one who wants to write their own security tools or simply audit the open source code they use. My question is, despite their similarities should a pen tester be concentrating on C or C++ ? That's it! Thanks. _________________________________________________________________ Get MSN Hotmail alerts on your mobile. http://mobile.msn.com/ac.aspx?cid=uuhp_hotmail ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 --------------------------------------------------------------------------------- http://www.FocusHacks.com - The Ford Focus Modification Site! ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- Programming skills for Pen Testers johnny Mnemonic (Feb 10)
- RE: Programming skills for Pen Testers Terry Vernon (Feb 10)
- RE: Programming skills for Pen Testers Muhammad Omar Khan (Feb 11)
- Re: Programming skills for Pen Testers Justin Ferguson (Feb 10)
- Re: Programming skills for Pen Testers FocusHacks (Feb 11)
- Re: Programming skills for Pen Testers intel96 (Feb 12)
- RES: Programming skills for Pen Testers 7978488 (Feb 12)
- Re: Programming skills for Pen Testers intel96 (Feb 12)
- Re: Programming skills for Pen Testers thomas springer (Feb 11)
- Re: Programming skills for Pen Testers pagvac (Feb 11)
- RE: Programming skills for Pen Testers Sahir Hidayatullah (Feb 11)
- <Possible follow-ups>
- RE: Programming skills for Pen Testers Shenk, Jerry A (Feb 11)
- RE: Programming skills for Pen Testers jeremiah (Feb 11)
- RE: Programming skills for Pen Testers Craig Wright (Feb 12)
- RE: Programming skills for Pen Testers johnny Mnemonic (Feb 12)
- Re: Programming skills for Pen Testers Jeremy Saintot (Feb 28)
- Re: Programming skills for Pen Testers Justin Ferguson (Feb 28)
(Thread continues...)
- RE: Programming skills for Pen Testers Terry Vernon (Feb 10)