agreed. if you need to provide a PoC in your report, you better do it
in shell scripting, python or perl. otherwise you won't have enough
time and your business won't make profit from your orders.
these scripting languages are ideal for web hacking. if you consider
that most external attacks are web-based, that makes low level
programming languages unnecessary for a pentester.
On 2/10/06, thomas springer <tuevsec@gmx.net> wrote:
johnny Mnemonic wrote:
ok we all know that in addition to good network, host and application
security skills, programming in C is a pre-requisite for a decent pen
tester or at least one who wants to write their own security tools or
simply audit the open source code they use. My question is, despite
their similarities should a pen tester be concentrating on C or C++ ?
That's it!
Time is money - your customers money. Most of my pentest-programming is
quick and dirty and has to be highly adoptable - therefore it is usually
done in high-level-languages like perl, python, vbscript, even nessus'
nasl-language using external tools (hping etc) where applicable.
i won't even think of doing object-oriented c++-programming for a pentest.
things get different if you think of creating a "big" product like
nessus or iss-scanner - but if you code stuff like this you are probably
more a coder than a pentester... :)
tom
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers
do!
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
--
pagvac (Adrian Pastor)
www.ikwt.com - In Knowledge We Trust
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
