Penetration Testing
Re: career advice Nov 23 2011 04:11AM
Nathalie Vaiser (nvaiser gmail com) (2 replies)
Re: career advice Nov 23 2011 02:49PM
tom (tom g13net com)
Re: career advice Nov 23 2011 02:17PM
Enis Sahin (enis c sahin gmail com) (1 replies)
Re: career advice Nov 23 2011 06:13PM
Dr. Lizzz (dr lizzz gmail com) (1 replies)
Re: career advice Nov 24 2011 09:37AM
psiinon (psiinon gmail com)
As an aside, if any pentesters want to get their hands dirty with a
bit of coding, then a really good option is to enhance open source
security software.

I'm the project lead for the OWASP Zed Attack Proxy
(http://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project) and we
welcome all contributions ;)

If you want to learn or improve your java skills then we've got plenty
of things you could help with, and will do our best to support you if
you want to contribute.
So if you fancy doing something like implementing a new vulnerability
check, or enhancing an existing one then please get in touch with me.

Many thanks,

Psiinon

On Wed, Nov 23, 2011 at 6:13 PM, Dr. Lizzz <dr.lizzz (at) gmail (dot) com [email concealed]> wrote:
>
> On Wed, Nov 23, 2011 at 6:17 AM, Enis Sahin <enis.c.sahin (at) gmail (dot) com [email concealed]> wrote:
> > There are great replies posted but I just wanted to share my thoughts
> > about programming skills and hacking/pentesting in short.
> >
> > Being able to read code and understand it is essential just like
> > everybody said. Being able to write code is a little different in my
> > opinion. I was getting things done without writing my own code and
> > tools/scripts developed by others was satisfying my needs for some
> > time. It's only after I had some years of experience I had a better
> > attacker mind set and wanted/needed to utilize more elaborate
> > strategies, then the free tools started falling short of satisfying my
> > needs.
> >
> > I find it analogous to playing a musical instrument. When your
> > understanding and ideas of music exceeds a certain threshold you stop
> > playing cover songs and start innovating :)
> >
> > Enis
>
> People who can read code can write code.  Maybe not fast, maybe
> not optimally, but reading and understanding code implies that you
> know all the syntax and semantics you will encounter.  If you don't
> know what you don't know, you don't know what you do know. It
> strikes me that if people really understood what they were writing
> half the time, the net would be a much safer place.
>
> I'd suggest the original poster stick with network security, or
> see what interviewing turns up. No sense in learning something
> that you won't need unless you feel driven in that direction.
>
> lizzz
>
> ------------------------------------------------------------------------

> This list is sponsored by: Information Assurance Certification Review Board
>
> Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
>
> http://www.iacertification.org
> ------------------------------------------------------------------------

>

------------------------------------------------------------------------

This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus