Penetration Testing mailing list archives
FW: Programming SKills for PT...?
From: "K K Mookhey" <kkmookhey () niiconsulting com>
Date: Thu, 14 May 2009 13:26:29 +0530
2009/5/4 Swaminathan, Balaji <Balaji.Swaminathan () kla-tencor com>:
Hi all, 1. What are the programming/scripting languages needed to accompolish the above?
More than the programming language, what's most important is to learn regular expressions. With that you can literally hack your way through quite a bit. Even if you understand basic regexes and can figure out where to apply these, a lot of avenues open up for you. My scripting language of choice happens to be Perl, and it's amazing how much a dozen lines of Perl code can accomplish. Ruby (being Metasploit's platform of choice) also is quite powerful. Besides this, if you learn about web application languages, that goes a long way when doing web-app related work. It's comparatively easier to find an SQL injection, than it is to give the right recommendation for the platform used by the client, unless you know ASP.NET or PHP or Java reasonably well. Similarly doing source code reviews requires a reasonably good understanding of the programming language being covered, even when using automated code scanners.
2. I see most of the real hackers are well proficient in almost all of the the technologies like Networking, Application/WebApplcn testing, OS etc. Is it so...?
Yes, of course this is quite true. And it's also probably one of the most interesting aspects about this line of work - there's never a dull moment. The minute you figure you've become 'good', a client comes along with a mainframe/SAP/SCADA/OpenVMS system that needs some assessments done!
3. Are there any other skills/requirements that you can suggest to be a successful Hacker?
IMHO, the key to being a successful hacker is 'creative discipline'. Hacking requires the ability to not give up easily, to try the new and the untested, and yet have the discipline to document, make sure all the feasible test cases have been run, all results have been analyzed, and within the time allotted for the assignment, you've gone about doing it in as systematic a manner as possible - the disciplined application of creativity...:) Cheerio, K. K. Mookhey http://www.niiconsulting.com http://www.iisecurity.in ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- FW: Programming SKills for PT...? K K Mookhey (May 14)