Re: Programming SKills for PT...?

[JoePete <joepete () joepete com>]

On Mon, 2009-05-04 at 21:02 +0530, Swaminathan, Balaji wrote:
> 1. What are the programming/scripting languages needed to accompolish
> the above?

This is a bit of a moving target, depending largely on what you are
trying to attack. This is why people work in teams. A simple case of
trying to attack a Web based application: You have browser scripting
(javascript), server scripting (PHP, .net, etc.), A database is probably
involved (SQL). That is before you even get to attacking the underlying
services (Apache, MySQL, etc.) or the OS. I would start by specializing.
Learn one technology/language really well and then move on. Don't try to
do everything at once.

> 2. I see most of the real hackers are well proficient in almost all of
> the the technologies like Networking, Application/WebApplcn testing, OS
> etc. Is it so...?

Not necessarily. They are really good problem solvers -- they do what it
takes to solve the problem and aren't afraid to fail 1000 times before
they get it right once. Again, learn one thing well first. Find people
who need your skills, work with them, learn from them. But you have to
make yourself valuable to them. Crawl before you walk, walk before you
run. The worst thing, whether you wear a white or a black hat, is
arrogance. Mentally, breaking and securing systems is really hard work
and frustrating.

--
JoePete


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------