Re: Programming skills for Pen Testers

[pagvac <unknown.pentester () gmail com>]

agreed. if you need to provide a PoC in your report, you better do it
in shell scripting, python or perl. otherwise you won't have enough
time and your business won't make profit from your orders.

these scripting languages are ideal for web hacking. if you consider
that most external attacks are web-based, that makes low level
programming languages unnecessary for a pentester.

On 2/10/06, thomas springer <tuevsec () gmx net> wrote:
> johnny Mnemonic wrote:
>
> > ok we all know that in addition to good network, host and application
> > security skills, programming in C is a pre-requisite for a decent pen
> > tester or at least one who wants to write their own security tools or
> > simply audit the open source code they use. My question is, despite
> > their similarities should a pen tester be concentrating on C or C++ ?
> > That's it!
>
> Time is money - your customers money. Most of my pentest-programming is
> quick and dirty and has to be highly adoptable - therefore it is usually
> done in high-level-languages like perl, python, vbscript, even nessus'
> nasl-language using external tools (hping etc) where applicable.
> i won't even think of doing object-oriented c++-programming for a pentest.
>
> things get different if you think of creating a "big" product like
> nessus or iss-scanner - but if you code stuff like this you are probably
> more a coder than a pentester... :)
>
> tom
>
>
> ------------------------------------------------------------------------------
> Audit your website security with Acunetix Web Vulnerability Scanner:
>
> Hackers are concentrating their efforts on attacking applications on your
> website. Up to 75% of cyber attacks are launched on shopping carts, forms,
> login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
> futile against web application hacking. Check your website for vulnerabilities
> to SQL injection, Cross site scripting and other web attacks before hackers do!
> Download Trial at:
>
> http://www.securityfocus.com/sponsor/pen-test_050831
> -------------------------------------------------------------------------------


--
pagvac (Adrian Pastor)
www.ikwt.com - In Knowledge We Trust

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------