Re: Programming SKills for PT...?

On Mon, 2009-05-04 at 21:02 +0530, Swaminathan, Balaji wrote:
1. What are the programming/scripting languages needed to accompolish
the above?

This is a bit of a moving target, depending largely on what you are
trying to attack. This is why people work in teams. A simple case of
trying to attack a Web based application: You have browser scripting
(javascript), server scripting (PHP, .net, etc.), A database is probably
involved (SQL). That is before you even get to attacking the underlying
services (Apache, MySQL, etc.) or the OS. I would start by specializing.
Learn one technology/language really well and then move on. Don't try to
do everything at once.

2. I see most of the real hackers are well proficient in almost all of
the the technologies like Networking, Application/WebApplcn testing, OS
etc. Is it so...?

Not necessarily. They are really good problem solvers -- they do what it
takes to solve the problem and aren't afraid to fail 1000 times before
they get it right once. Again, learn one thing well first. Find people
who need your skills, work with them, learn from them. But you have to
make yourself valuable to them. Crawl before you walk, walk before you
run. The worst thing, whether you wear a white or a black hat, is
arrogance. Mentally, breaking and securing systems is really hard work
and frustrating.

--
JoePete


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

Relevant Pages

  • Re: Programming SKills for PT...?
    ... trying to attack a Web based application: You have browser scripting ... Learn one technology/language really well and then move on. ... They are really good problem solvers -- they do what it ...
    (Security-Basics)
  • Re: Assessing the security awareness of web users at a national level
    ... IRC, facebook, myspace, etc) or the different attack vectors (e.g. virus ... Information Assurance Certification Review Board ... Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. ...
    (Pen-Test)
  • RE: Programming SKills for PT...?
    ... trying to attack a Web based application: ... Instructor-Led and Online formats is the most concentrated exam prep ... Comprehensive course materials and an expert instructor means ... Information Assurance Certification Review Board ...
    (Pen-Test)
  • Re: Leased Lines
    ... Depending on the physical plant in your immediate vicinity, the attack ... the DSL circuit was installed in a unlocked ... I'm looking for any information related to the security of leased ... Information Assurance Certification Review Board ...
    (Pen-Test)
  • Re: Assessing the security awareness of web users at a national level
    ... awareness level of my fellow citizens concerning social engineering attacks ... will record whether the users clicked on the download button/malicious link ... IRC, facebook, myspace, etc) or the different attack vectors (e.g. virus ... Information Assurance Certification Review Board ...
    (Pen-Test)
Quantcast