Penetration Testing mailing list archives
Re: career advice
From: psiinon <psiinon () gmail com>
Date: Thu, 24 Nov 2011 09:37:33 +0000
As an aside, if any pentesters want to get their hands dirty with a bit of coding, then a really good option is to enhance open source security software. I'm the project lead for the OWASP Zed Attack Proxy (http://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project) and we welcome all contributions ;) If you want to learn or improve your java skills then we've got plenty of things you could help with, and will do our best to support you if you want to contribute. So if you fancy doing something like implementing a new vulnerability check, or enhancing an existing one then please get in touch with me. Many thanks, Psiinon On Wed, Nov 23, 2011 at 6:13 PM, Dr. Lizzz <dr.lizzz () gmail com> wrote:
On Wed, Nov 23, 2011 at 6:17 AM, Enis Sahin <enis.c.sahin () gmail com> wrote:There are great replies posted but I just wanted to share my thoughts about programming skills and hacking/pentesting in short. Being able to read code and understand it is essential just like everybody said. Being able to write code is a little different in my opinion. I was getting things done without writing my own code and tools/scripts developed by others was satisfying my needs for some time. It's only after I had some years of experience I had a better attacker mind set and wanted/needed to utilize more elaborate strategies, then the free tools started falling short of satisfying my needs. I find it analogous to playing a musical instrument. When your understanding and ideas of music exceeds a certain threshold you stop playing cover songs and start innovating :) EnisPeople who can read code can write code. Maybe not fast, maybe not optimally, but reading and understanding code implies that you know all the syntax and semantics you will encounter. If you don't know what you don't know, you don't know what you do know. It strikes me that if people really understood what they were writing half the time, the net would be a much safer place. I'd suggest the original poster stick with network security, or see what interviewing turns up. No sense in learning something that you won't need unless you feel driven in that direction. lizzz ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- career advice Nathalie Vaiser (Nov 22)
- RE: career advice Iman Louis (Nov 22)
- Re: career advice Robin Wood (Nov 22)
- Re: career advice Ali-Reza Anghaie (Nov 22)
- Re: career advice David Glosser (Nov 22)
- Message not available
- Re: career advice Nathalie Vaiser (Nov 22)
- Re: career advice Enis Sahin (Nov 23)
- Message not available
- Re: career advice Enis Sahin (Nov 23)
- Re: career advice Dr. Lizzz (Nov 23)
- Re: career advice psiinon (Nov 24)
- Re: career advice David Glosser (Nov 22)
- Re: career advice tom (Nov 23)