Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Programming skills for Pen Testers

from [Muhammad Omar Khan] Network Security [Permanent Link]
Subject: RE: Programming skills for Pen Testers
Date: Sat, 11 Feb 2006 09:24:51 +0500 

In my opinion Penetration Testing is a process of implementing and
implanting 'concepts' appropriately. At high level Pen tester should have a
clear vision and a clear understanding of steps involved in Pen Testing.
Most of the security professionals today use popular and well known pre
build tools available in market today, out of which some are really worth
using.

In few scenarios one can emphasize on creating his own toolkit or exploits
for which c/c++ along with the working knowledge of Assembly would be an
obvious choice. Skills in these languages will enable anyone to go deeper
down the system and these languages are always an affective base for all the
other languages.

[Best]

 -Omar

-----Original Message-----
From: Terry Vernon [mailto:tvernon24@comcast.net] 
Sent: Saturday, February 11, 2006 1:27 AM
To: 'johnny Mnemonic'; pen-test@securityfocus.com
Subject: RE: Programming skills for Pen Testers

Since programming skills aren't a "have it or die" requirement to do the job
it would seem it's all up to preference. I would say however, from
preference, that learning C opened up several pathways for me when I was
getting into pen-testing, which was a graduated path that came after my
script kiddy period. Also knowing C gives the ability to read almost every
other major coding language used in app development today with minimal trips
to Google. 

I'd say if you know one, you can wing it in the other. So go with the one
you feel most comfortable with. I'd pick C for its historic value and the
fact that C++ is simply C with improvements.

-Terry

-----Original Message-----
From: johnny Mnemonic [mailto:security4thefainthearted@hotmail.com] 
Sent: Thursday, February 09, 2006 11:42 PM
To: pen-test@securityfocus.com
Subject: Programming skills for Pen Testers 

ok we all know that in addition to good network, host and application 
security skills, programming in C is a pre-requisite for a decent pen tester

or at least one who wants to write their own security tools or simply audit 
the open source code they use. My question is, despite their similarities 
should a pen tester be concentrating on C or C++ ? That's it!

Thanks.

_________________________________________________________________
Get MSN Hotmail alerts on your mobile. 
http://mobile.msn.com/ac.aspx?cid=uuhp_hotmail


----------------------------------------------------------------------------
--
Audit your website security with Acunetix Web Vulnerability Scanner: 

Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are

futile against web application hacking. Check your website for
vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers
do! 
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
----------------------------------------------------------------------------
---


----------------------------------------------------------------------------
--
Audit your website security with Acunetix Web Vulnerability Scanner: 

Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are

futile against web application hacking. Check your website for
vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers
do! 
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
----------------------------------------------------------------------------
---




------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 

Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Converged Network Assessment, Joseph Seanor
Next by Date:  Re: Penetration test of 1 IP address, pagvac
Previous by Thread:  RE: Programming skills for Pen Testers, Terry Vernon
Next by Thread:  Re: Programming skills for Pen Testers, Justin Ferguson
Indexes:  [Date] [Thread] [Top] [All Lists]