Honestly, I could ramble on this topic for days, but I'll try to just offer up
a slice.
I already read the post about pentesting really requiring some programming and
experience and such. This is true, and I would first recommend reading some
books about the subject and getting the mind wrapped around the difference
between a vulnerability assessment and a real pen-test (too often actual pen
test shops still use the terms wrong!). For instance, a pen-test may do some
programming whereas a vuln assessment may run scanners against things and
that's about it.
Tate Hansen posted an excellent diagram a while back
(http://blog.clearnetsec.com/articles/2006/09/19/competing-for-network-based-security-assessments).
Consider the Basic and Intermediate columns to be a vuln assessment and the
Advanced steps to be a pen-test.
Anyway, get used to scanning and seeing all kinds of stuff and just practice,
practice, practice!
Get to a point where you can do a pen-test/vuln assessment and know whether you
are going to impact system uptimes. This is amazingly valuable and, in my
books, the mark of a superior tester/assessor. "Oh, I didn't know a full Nessus
scan with DoS testing would potentially freeze your Windows box...sorry!" is
not a good pill to swallow. Do the breaking in your network or your friends'
networks! :)
<- snip ->
Hello everyone,
I'm looking forward to a career in the security field. Specifically, I'm
interested in Pentesting. I concider myself "early" in my education, and have
alot to learn, but my biggest concern is, where do I need to start?
I mean, what do I need to learn about to become a pentester, and where can i
gather and explore my knowlage?
...
So, what information do i need to study to start getting a grasp of what I
would be doing in my job? (other than just start hacking random computers,
which I'd rather not do)
I appreciate your help,
Michael
