K1u Posted December 3, 2007 Share Posted December 3, 2007 I am going to start offering Web Site Security Auditing as one of my services in my business. Any good books on Pen Testing you guys suggest? This seems good? http://www.amazon.com/Professional-Pen-Tes...TF8&s=books Quote Link to comment Share on other sites More sharing options...
moonlit Posted December 3, 2007 Share Posted December 3, 2007 Reading a book doesn't make you a security guy. Sure, you need to start somewhere, but you need to research like hell (constantly) and constantly evolve. Practice is essential. Quote Link to comment Share on other sites More sharing options...
metatron Posted December 3, 2007 Share Posted December 3, 2007 Yeah reading a book means fuck all other then the fact you read a book and you maybe retained 60% of the information. Even if you did a course on it I would say it means very little. You need experience all the good pen testers have learned from years of breaking the law. The only thing I can recommend is building a lab, seeing what you can do and reading everything you can about technology and working out how the way a person may have implemented something would affect the security of any given product and how you compromise it. If you just want to be like 95% of the pen testers which are little more the script kiddies for hire, get Nessus, Nikto, nmap and core impact and your good to go. Quote Link to comment Share on other sites More sharing options...
K1u Posted December 4, 2007 Author Share Posted December 4, 2007 Reading a book doesn't make you a security guy. Sure, you need to start somewhere, but you need to research like hell (constantly) and constantly evolve. Practice is essential. So true, most of the stuff I know I have learned from experience, but some things you do need to read for, like a programming lang for instance. The only thing I can recommend is building a lab, seeing what you can do and reading everything you can about technology and working out how the way a person may have implemented something would affect the security of any given product and how you compromise it. If you just want to be like 95% of the pen testers which are little more the script kiddies for hire, get Nessus, Nikto, nmap and core impact and your good to go. Remember this is for web security so I might just run a PHP + Mysql server on DVL on a box on my network and just upload vulnerable code and try to exploit it then fix it. Now time to watch the final episode of the IT crowd, w00t, cant wait! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.