Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

FW: Programming SKills for PT...?

From: "K K Mookhey" <kkmookhey () niiconsulting com>
Date: Thu, 14 May 2009 13:26:29 +0530
2009/5/4 Swaminathan, Balaji <Balaji.Swaminathan () kla-tencor com>:


Hi all,

1. What are the programming/scripting languages needed to accompolish
the above?

More than the programming language, what's most important is to learn
regular expressions. With that you can literally hack your way through quite
a bit. Even if you understand basic regexes and can figure out where to
apply these, a lot of avenues open up for you. My scripting language of
choice happens to be Perl, and it's amazing how much a dozen lines of Perl
code can accomplish. Ruby (being Metasploit's platform of choice) also is
quite powerful. Besides this, if you learn about web application languages,
that goes a long way when doing web-app related work. It's comparatively
easier to find an SQL injection, than it is to give the right recommendation
for the platform used by the client, unless you know ASP.NET or PHP or Java
reasonably well. Similarly doing source code reviews requires a reasonably
good understanding of the programming language being covered, even when
using automated code scanners.


2. I see most of the real hackers are well proficient in almost all of
the the technologies like Networking, Application/WebApplcn testing, OS
etc. Is it so...?

Yes, of course this is quite true. And it's also probably one of the most
interesting aspects about this line of work - there's never a dull moment.
The minute you figure you've become 'good', a client comes along with a
mainframe/SAP/SCADA/OpenVMS system that needs some assessments done!


3. Are there any other skills/requirements that you can suggest to be a
successful Hacker?

IMHO, the key to being a successful hacker is 'creative discipline'. Hacking
requires the ability to not give up easily, to try the new and the untested,
and yet have the discipline to document, make sure all the feasible test
cases have been run, all results have been analyzed, and within the time
allotted for the assignment, you've gone about doing it in as systematic a
manner as possible - the disciplined application of creativity...:)

Cheerio,

K. K. Mookhey
http://www.niiconsulting.com
http://www.iisecurity.in 




------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: