Jump to content

Hi! I see myself as a penetration tester. But I don't know where to start.


Recommended Posts

Posted

I am a system administrator with programming skills. 
My experience includes raising and administering vps | vds, fixing bugs in web projects, providing security from DDoS and other threats, as well as setting up VPNs and proxies for anonymity. 
I am proficient in PHP, JavaScript, Python, write telegram bots, one-pages, marketplaces, scripts, any other websites and effective scripts for Windows and Linux.
I want to change the sphere of work, can you tell me where to start and where to move?

Posted

The title of the thread is rather confusing. You see yourself as a pentester, but don't know where to start. That doesn't make sense to me. If you see yourself as a pentester, you should know where to start, otherwise you can't see yourself as a pentester... Anything else is just wishful thinking.

The most obvious area to start is where your knowledge base is. Continue building on the knowledge that you already have and start applying the "security layer" to it all. From what you describe, it seems as if it's mainly related to software development (ish...)

Posted

The translator fell short a bit. I wanted to say, 'In the future, I see myself in the field of penetration testing.' Naturally, I don't know where to start; in my environment, I'm the only one who understands the difference between Docker and a dedicated server. Yes, thank you for the advice.

Posted

I understand, language can be a barrier sometimes.

You have to decide what area you want to operate in and specialize in that area of expertise. If you want to be able to "embrace" an as large customer base as possible, then select something common (web, Windows based environments, etc.). Next step is getting very good at those kind of "targets". Most of the time, you won't become a pentester (or equivalent) straight away. You need to build knowledge about the basic (and advanced) stuff before moving on to pure pentesting. There are of course other ways of reaching the goal, but I meet people (both online and "eye-to-eye") that might be good "script kiddies" but they have less or no clue about how things actually work and that is most often not a good combo if you want to get really good at things and do a good job. Since it's rather difficult to recruit people with proper knowledge, I try to use the tactics of promoting good tech and admin employees in my organization and add the security layer to their competence spectra, and they most often turn out to be really good cybersec resources. Then you of course need to add personal abilities to the mix, such as being eager to know things and never give up, and also prepare to put a lot of time into it.

  • Like 1
  • 2 weeks later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...