Penetration Testing mailing list archives
RE: Programming skills for Pen Testers
From: "Boogiebruva" <boogiebruva () yahoo co uk>
Date: Sat, 18 Feb 2006 23:57:42 +0100
One of the hardest things about pen-testing, VAs, etc, IMO, is that many of us work alone, or freelance if you will. And security covers such a large field that we have to, supposedly, know everything about networks and OSes and every programming language and webapp, etc etc etc. It really seems more than one person can take, at times, just to keep up to date on the latest developments in every field that 'security' covers. Nevertheless, I've found that by learning languages such as shell scripting, perl, and javascript (I'm still working away at C, with plans to move on to C++ and JAVA once I can get my head around OOP!), I can understand more about buffer overflows, assembly, etc. At times I feel like I'm not up to the job - in other words, that I don't know as much as I feel I could. But I learn more every day, I know what I can and can't do, and, given the general state of 'info security', have never really found it hard to, at least, harden a company's network. Don't forget that the majority of 'attacks' come from people who know next to nothing about computers or computing. Keeping them at bay doesn't involve knowledge of 15 programming languages. And keeping the serious guys at bay is not a one-man job, anyway. In other words, learning at least C and perl can only benefit you. -----Original Message----- From: 7978488 [mailto:javier.augusto () gmx net] Sent: domingo, 12 de febrero de 2006 21:49 To: pen-test () securityfocus com Subject: RES: Programming skills for Pen Testers +1 !!! Totally agree with you. You got to know how to code or at least how to read code. Of course, we're talking about serious pen-testing, aren't we?
I think having some basic programming skills are a must when doing
pen-testing and other security work (e.g. looking at virus code, finding systems changes, etc.). Over the years I have learned how to debug code, decompile code, and even writing my own tools, because some of the open source did not meet my requirements. I subscribe to developer magazine and forums to learn. I even pay to have private one-on-one classes with some of my commercial security tools developer friends to learn more.
In this fast pace security environment in pays to keep ahead of the
Jones................................ (and yes I have a life outside of work ;) WORD UP YO! Regards, Jay ---------------------------------------------------------------------------- -- Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 ---------------------------------------------------------------------------- --- __________ NOD32 1.1408 (20060214) Information __________ This message was checked by NOD32 antivirus system. http://www.eset.com ___________________________________________________________ Yahoo! Photos NEW, now offering a quality print service from just 8p a photo http://uk.photos.yahoo.com ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- Re: Programming skills for Pen Testers, (continued)
- Re: Programming skills for Pen Testers pagvac (Feb 11)
- RE: Programming skills for Pen Testers Sahir Hidayatullah (Feb 11)
- RE: Programming skills for Pen Testers Shenk, Jerry A (Feb 11)
- RE: Programming skills for Pen Testers jeremiah (Feb 11)
- RE: Programming skills for Pen Testers Craig Wright (Feb 12)
- RE: Programming skills for Pen Testers johnny Mnemonic (Feb 12)
- Re: Programming skills for Pen Testers Jeremy Saintot (Feb 28)
- Re: Programming skills for Pen Testers Justin Ferguson (Feb 28)
- RE: Programming skills for Pen Testers Craig Wright (Feb 12)
- RE: Programming skills for Pen Testers Boogiebruva (Feb 18)
- RE: Programming skills for Pen Testers Boogiebruva (Feb 18)