Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: career advice
From: psiinon <psiinon () gmail com>
Date: Thu, 24 Nov 2011 09:37:33 +0000

As an aside, if any pentesters want to get their hands dirty with a
bit of coding, then a really good option is to enhance open source
security software.

I'm the project lead for the OWASP Zed Attack Proxy
(http://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project) and we
welcome all contributions ;)

If you want to learn or improve your java skills then we've got plenty
of things you could help with, and will do our best to support you if
you want to contribute.
So if you fancy doing something like implementing a new vulnerability
check, or enhancing an existing one then please get in touch with me.

Many thanks,

Psiinon

On Wed, Nov 23, 2011 at 6:13 PM, Dr. Lizzz <dr.lizzz () gmail com> wrote:

On Wed, Nov 23, 2011 at 6:17 AM, Enis Sahin <enis.c.sahin () gmail com> wrote:
There are great replies posted but I just wanted to share my thoughts
about programming skills and hacking/pentesting in short.

Being able to read code and understand it is essential just like
everybody said. Being able to write code is a little different in my
opinion. I was getting things done without writing my own code and
tools/scripts developed by others was satisfying my needs for some
time. It's only after I had some years of experience I had a better
attacker mind set and wanted/needed to utilize more elaborate
strategies, then the free tools started falling short of satisfying my
needs.

I find it analogous to playing a musical instrument. When your
understanding and ideas of music exceeds a certain threshold you stop
playing cover songs and start innovating :)

Enis

People who can read code can write code.  Maybe not fast, maybe
not optimally, but reading and understanding code implies that you
know all the syntax and semantics you will encounter.  If you don't
know what you don't know, you don't know what you do know. It
strikes me that if people really understood what they were writing
half the time, the net would be a much safer place.

I'd suggest the original poster stick with network security, or
see what interviewing turns up. No sense in learning something
that you won't need unless you feel driven in that direction.

lizzz

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault