Security Basics mailing list archives
RE: Building a career in vulnerability detection/assessment, penetrating testing and forensics
From: "Holger Reichert" <holger.reichert () holysword de>
Date: Tue, 3 May 2011 19:52:29 +0200
Hi Madhur, regarding jobs you might have a look at job opportunities of the big consultancy and accountant companies like Price Waterhouse Coopers, KPMG .... they also offer penetration testing services e.g. to the financial industry. You might also ask the financial institutes themselves as they need penetration testing due to regulatory requirements. Kind regards Holger Reichert Information Security Expert Managing Director iRiskProtect BV The Netherlands -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Madhur Ahuja Sent: Dienstag, 3. Mai 2011 17:58 To: psiinon Cc: security-basics () securityfocus com Subject: Re: Building a career in vulnerability detection/assessment, penetrating testing and forensics Hi Psiinon Thanks for the valuable inputs. I would appreciate if you could also point me to some broader direction. Like How about going for job in this area, any certifications I can do and What are prospective employers in US for this kind of interests :) . Thanks, MAdhur On Tue, May 3, 2011 at 9:24 PM, psiinon <psiinon () gmail com> wrote:
Hi Madhur, If you want to perform any penetration testing on web applications then you'll need to use an intercepting proxy. There are some excellent ones like WebScarab and Burp. However I'd recommend that you start with the OWASP Zed Attack Proxy: http://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project as its designed to be a bit friendlier to people new to pen testing. But I am biased as I'm the project lead ;) Then the best thing to do is get your hand dirty trying to break vulnerable web apps. Theres a good list of those here: http://securitythoughts.wordpress.com/2010/03/22/vulnerable-web-applications-for-learning/ Psiinon On Tue, May 3, 2011 at 1:41 PM, Madhur Ahuja <ahuja.madhur () gmail com> wrote:Hi All - I am interested in building a career around security especially vulnerability detection/assessment, penetrating testing and forensics. I have 5 years of work experience in development and consulting in Microsoft technology stack and plan to pursue education in Information Security Any advice on how to progress in this field will be highly appreciated. Any tips regarding certifications, tools and procedures which I can start learning along with my course ? Thanks, Madhur ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------ __________ Hinweis von ESET Smart Security, Signaturdatenbank-Version 6091 (20110503) __________ E-Mail wurde gepr�ft mit ESET Smart Security. http://www.eset.com __________ Hinweis von ESET Smart Security, Signaturdatenbank-Version 6091 (20110503) __________ E-Mail wurde geprüft mit ESET Smart Security. http://www.eset.com ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Building a career in vulnerability detection/assessment, penetrating testing and forensics Madhur Ahuja (May 03)
- Re: Building a career in vulnerability detection/assessment, penetrating testing and forensics psiinon (May 03)
- Re: Building a career in vulnerability detection/assessment, penetrating testing and forensics Madhur Ahuja (May 03)
- RE: Building a career in vulnerability detection/assessment, penetrating testing and forensics Holger Reichert (May 03)
- Re: Building a career in vulnerability detection/assessment, penetrating testing and forensics Madhur Ahuja (May 03)
- Re: Building a career in vulnerability detection/assessment, penetrating testing and forensics Jonathan Younie (May 03)
- Re: Building a career in vulnerability detection/assessment, penetrating testing and forensics psiinon (May 03)