|
Penetration Testing
mailing list archives
Re: Programming skills for Pen Testers
From: thomas springer <tuevsec () gmx net>
Date: Fri, 10 Feb 2006 17:30:11 +0100
johnny Mnemonic wrote:
ok we all know that in addition to good network, host and application
security skills, programming in C is a pre-requisite for a decent pen
tester or at least one who wants to write their own security tools or
simply audit the open source code they use. My question is, despite
their similarities should a pen tester be concentrating on C or C++ ?
That's it!
Time is money - your customers money. Most of my pentest-programming is
quick and dirty and has to be highly adoptable - therefore it is usually
done in high-level-languages like perl, python, vbscript, even nessus'
nasl-language using external tools (hping etc) where applicable.
i won't even think of doing object-oriented c++-programming for a pentest.
things get different if you think of creating a "big" product like
nessus or iss-scanner - but if you code stuff like this you are probably
more a coder than a pentester... :)
tom
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
 By Date 
By Thread
Current thread:
- RE: Programming skills for Pen Testers, (continued)
|
Intro
