Penetration tester skill set,

All,

I am new to the list and also to the security. I hope this is the right
forum to ask a question since it is called "security-basic" forum. I
came across to the archive on this forum and found an interesting post
called "Death of the security community"
(http://www.securityfocus.com/archive/105/428207/30/1590/threaded)

Straight to the point, I would like to know; what is the 'typical' skill
set that a penetration tester should have. The reason why I asked this
question is because part of penetration testing is a vulnerability
assessment. On most of the penetration testing report it's required you
to insert the "proof of concept" section on how to get in to the
specific condition maybe in this case an administrator/root privilege.

Running tools like Rainbow Crack or Nessus does not required a lot of
skill. In fact it is something that everyone can do! This is definitely
does not bring any values to the customer. At the same time, I need to
be a realistic too that finding a bug and writing the exploit as a proof
of concept are required a lot of effort. For some reason I can see a
dilemma in here.

So back to my question; what is the typical skill set that a penetration
tester should have?

Can anyone in here give me some light about this?

J






---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------

Relevant Pages

  • RE: Standards for penetration testing
    ... Computer Security Certification of Trusted Systems ... Subject: Standards for penetration testing ... All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. ... Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. ...
    (Pen-Test)
  • Re: Penetration tester skill set,
    ... I am new to the list and also to the security. ... forum to ask a question since it is called "security-basic" forum. ... The NSA has designated Norwich University a center of Academic Excellence in Information Security. ... Next,I would say some kind of background in network security,firewall configuration for everything from small to large LAN's,how IT works in general,plus have a lot of people skills. ...
    (Security-Basics)
  • RE: Penetration testing scope/outline
    ... person doesn't come right out and say they are new to Security, ... Subject: Penetration testing scope/outline ... methodology is modified to that particular type of test. ... of you who don't have the manual handy, that page says INCOMPLETE ...
    (Pen-Test)
  • Re: Pen-testing Internships?
    ... If you wish to address Rob Kraus' specific interests (internship offers etc) please email him directly to reduce list clutter. ... very good resource for learning and collaboration among IT Security ... Download FREE whitepaper on how a managed service can ... Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. ...
    (Pen-Test)
  • RE: Aspiring Pen-Tester Seeking Advice
    ... HACK I.T - Security trough penetration testing. ... is probably best for application- and OS-level attacks (where a good ... buy it or download a solution FREE today! ...
    (Pen-Test)