Security Basics mailing list archives
Re: Penetration tester skill set,
From: scott <redhowlingwolves () bellsouth net>
Date: Mon, 24 Jul 2006 20:50:40 -0400
IRM wrote:
All, I am new to the list and also to the security. I hope this is the right forum to ask a question since it is called "security-basic" forum. I came across to the archive on this forum and found an interesting post called "Death of the security community" (http://www.securityfocus.com/archive/105/428207/30/1590/threaded) Straight to the point, I would like to know; what is the 'typical' skill set that a penetration tester should have. The reason why I asked this question is because part of penetration testing is a vulnerability assessment. On most of the penetration testing report it's required you to insert the "proof of concept" section on how to get in to the specific condition maybe in this case an administrator/root privilege. Running tools like Rainbow Crack or Nessus does not required a lot of skill. In fact it is something that everyone can do! This is definitely does not bring any values to the customer. At the same time, I need to be a realistic too that finding a bug and writing the exploit as a proof of concept are required a lot of effort. For some reason I can see a dilemma in here. So back to my question; what is the typical skill set that a penetration tester should have? Can anyone in here give me some light about this? J --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINEThe NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
That is a question that's pretty hard to answer.First off,I believe any pentester should know alot of os'es,i.e.Different flavors of windows,linux and all the different bases of *nix,and understand how they work. Next,I would say some kind of background in network security,firewall configuration for everything from small to large LAN's,how IT works in general,plus have a lot of people skills. Programming skills aren't mandatory,but if you don't have the experience to be able to decipher the code you may have to examine for holes,you will probably have a real hard time interpreting what the tools are telling you. IMHO,some degrees are a waste of time for pentesting,but others are essential.Learning how systems interact,all the different protocols,ways information are fed thru a system.
These skills take time and patience to learn well.A good mentor,i.e. school professor,mathematicians,anyone with strong analytical skills can sometimes help in your hard to come by insights.
Ther is so much more,I don't have enough time,or space to get into.Maybe some other members of this forum can set you on a better course than me. Good luck,if this is something you would like to get into.I hope your path is made easier by good guidance by quality people.
--------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINEThe NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.
http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- Penetration tester skill set, IRM (Jul 24)
- Re: Penetration tester skill set, scott (Jul 25)
- Re: Penetration tester skill set, Ayaz Ahmed Khan (Jul 27)
- Re: Penetration tester skill set, scott (Jul 25)
- Re: Penetration tester skill set, Michal Merta (Jul 26)
- Re: Penetration tester skill set, Alice Bryson <abryson () bytefocus com> (Jul 27)
- <Possible follow-ups>
- Re: Re: Penetration tester skill set, mw (Jul 27)
- Re: Penetration tester skill set, scott (Jul 25)