Re: Useful skills for Web Penetration tester to have

[circut () felinemenace org]

The CEH certificate really doesn't deal with discovering your own security 
holes in code. It more focuses on using the code / tools that are 
available at the time. For example, when I took the class IIS bugs were 
rampant, so the instructor basically passed out a zip file of every IIS 
exploit out at the time, and told us to try and exploit the webserver... 
Just don't go into the class thinking it will make you a programmer.

Also, the class was limited to the windows scope of things. Sure we 
discussed a little bit of linux stuff, but about 80% of the class was 
windows related... Just something to keep in mind if you already have a 
strong windows background.

As for things they discuss:

Wifi, wardialing (yes, they do), network scanning with nmap / superscan, 
sniffing with ethereal & tcpdump, using whois / dig / nslookup 
to find contact info, bruteforcing cisco's, google diving (ex: finding a 
cisco password from a config submitted to a forum or so), some SQL 
injection, and changing varible values in GET / POST applications via 
proxy or just editing a local copy of the form, about 30 minutes of 
buffer overflows... But other then that it's really more focused on 
teaching you to use the tools for attacks and vulnerabilities that are 
already out there.

-circut

On Tue, 14 Jun 2005 lloyd () treleven freeserve co uk wrote:

> I have been a sofware tester for the past five years mainly testing 
> windows applications.  And I am interested in gaining the CEH certicate 
> what other skills should I look at gaining? E.g. ASP, PHP etc?