Hey guys, I am an aspiring penetration tester and I have been lurking around forums soaking up as much as I can and learning however I think it is time for the next step, but I need to know where its best to start. I am currently learning python because of its simplicity, yet from the standpoint of a penetration tester, would php be the way to go? I know it is widely used but it is losing ground to python. I am also torn between learning C/C++ or Java next. I know they are both very versatile (Java maybe a little more) and great software development languages but again--what is best from the standpoint of a penetration tester? And last but not least, a .net language I feel is necessary, would you recommend asp, C# or visual basic? I have really no working knowledge of either of the aforementioned, and would appreciate help in deciding. Also--if you have a set of languages that work for you, but I didn't supply them here in my question post it here, I am eager to know. I appreciate any help in the matter, and as always have a nice day!
9  16920 
Neither, I'd go with Ruby. That's the language Metasploit is built in, so you can understand the exploits packaged in there.
For an aspiring pen-tester, I'd recommend Metasploit and Linux - specifically your favorite distribution of Linux running a virtual machine of something like DVL.
That's what I run, anyway, and what most of my colleagues run. Some of the paid-for apps are nice (Core Impact, EnCase, etc...) however you can't beat the free nmap/nessus/metasploit against DVL and creating reports from that.
I'm not sure you need to know a .net language - IMHO the only reason for knowing languages is to either write your own exploits, or do software whitebox/blackbox testing that searches for possible code issues that lead to a security issue.
If you're looking to do application security testing, it's an entirely different ballgame than pen-testing, and I'd recommend the OWASP suite.
What is application security testing, would that be testing for buffer over flows and such? And what specifically does a penetration tester do then, since I had always assumed they kind of monopolized the whole playing field.
There's lots of fun to be had in the security field.
Device management usually goes towards firewalls, though IDS experience (like SourceFire - also free) comes in handy as well.
Policy management sets what the individual desktops/servers/network devices/firewalls log for and to where, as well as what is and is not allowed on a computer. (Such as NIST guidelines)
Application testing is to ensure code stability and security - things like buffer overflows, SQL injections, and other ways to escalate/abuse privilege.
Pen-testing is breaking into devices. This is usually a server, but network devices are high-value due to management networks and routes. This requires knowledge of all of the above.
Oh that is awesome. As a penetration tester, are you generally given free reign over your methods or are you restricted to certain methods such as SQLi for example in select cases. Thank you for your replies, I am learning alot.
That depends mostly on your role, but also on your management.
Breaking into computers is interesting, however each time you do, or do not, you have to report on it - create a map of what you tried and why. The point of a vulnerability assessment is to determine the gaps in order to fix them. Due to this, I recommend a standard approach, and most shops teach their own approach.
If you work as an in-house tester you will probably have a bit more leniency (again, depending on your boss), however if you are a consultant, you will want to have EVERYTHING documented (so you don't get sued), and you'll probably have to follow a standard process.
Sicaire when you say shops--is that a form of school or is it a workplace? And thanks Ephexeve I am getting into Python at the moment--hoping to get better at programming so I can jump into a more advanced language. Last time I dove head first into C and crashed.
You should study at least the following programming languages: C/C++, x86 assembly, python, ruby, HTML, JavaScript, PHP.
When I say 'shops' I mean both - a 'shop' or a place where you practice and better your skills, will teach you how to approach a given situation.
I would agree with trietptm, pick a language and learn as much as you can about programming and security - algorithm design, buffer overflows, SQL injection, etc...
Personally, I'd suggest Ruby to start with as it's the basis for Metasploit, but any of those would do.
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Alexander DEJANOVSKI |
last post by:
Just released Retic SOAP tester 0.2.
New features : SOAP messages exchanged are now pretty-printed and
syntax-colored for better legibility.
Downloads : http://sourceforge.net/projects/retic/...
|
by: Chris |
last post by:
I was first exposed to Python in '94-95 by a fellow comp sci student.
After a brief "play time" I discarded it was too radical. I *hated*
the indentation == block of code theme. Besides, Forth...
|
by: Thorsten Reichelt |
last post by:
Hi,
I'm involved in a research project on spatial prepositions. In that
project we use very simple, static 3D maps that are represented in a
tiny subset of x3d enriched with some few linguistic...
|
by: dotnetforfood |
last post by:
Joel Spolsky's new article "How Microsoft Lost the API War" at
http://www.joelonsoftware.com/articles/APIWar.html
describes how .NET has failed, how classic VB6 and ASP continue to be
preferred by...
|
by: Chris Mantoulidis |
last post by:
There is a LARGE number of syntax styles in most (if not all)
programming languages.
For example, one syntax style (my current one):
....
int main()
{
for (int i = 0; i < 50; i++)
{
|
by: DrUg13 |
last post by:
In java, this seems so easy. You need a new object
Object test = new Object() gives me exactly what I want.
could someone please help me understand the different ways to do the
same thing in...
|
by: hagai26 |
last post by:
I am looking for the best and efficient way to replace the first word
in a str, like this:
"aa to become" -> "/aa/ to become"
I know I can use spilt and than join them
but I can also use regular...
|
by: jello_world |
last post by:
I am a VB6 programmer and I know how to build console apps.. I just
dont understand how to get my mind around WinForms; they just seem a
lot more complex than VB6.
Thanks
-Charlie
|
by: ajba74 |
last post by:
Hi fellows,
I am reading some books to learn the C programming language, and
sometimes I have the feeling that when somebody becomes a C expert, he
must learn a more modern and object-oriented...
|
by: Brendan Miller |
last post by:
What would heavy python unit testers say is the best framework?
I've seen a few mentions that maybe the built in unittest framework
isn't that great. I've heard a couple of good things about...
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and...
| |
