Interested in starting a career in Penetration Testing? Here are some tips!

We posted a piece titled: “A day in the life of a penetration tester (ethical hacker). What’s it like?” a while back which covered the ‘fun’ and ‘boring’ bits of the job.

Our summary and conclusion was that, all in all, being a Penetration Tester/ Ethical Hacker, is an excellent, well-paid and importantly is an in-demand career and profession! If you are interested in a career in information security then go for it – especially if you are just starting your professional life. If you already work in IT then rotating into the InfoSec space is likely very achievable. In fact, the majority of our students are ‘mature’ in the sense that they have been working for at least 10/ 15 years in IT.

This post lists a bunch of resources that you might find helpful if you are thinking of becoming a penetration tester. We are not going to waste time defining what a pentester is, let’s take that for a given and keep it moving! Rather than bombard you with tons of resources, we have stripped down our list so that it’s concise and to the point!

First on our list is a superb book: “The Web Application Hacker’s Handbook: Finding and Exploiting Security Flaws.” This is an excellent resource because, as anyone working within IT will know, especially those in information security: Web Applications are one of the easiest ways for a hacker to gain access to a corporations/ organizations data and network. Understanding how to secure Web Applications is vital. Period. You need to learn that.

The book, which is highly recommended, outlines step-by-step techniques and methods for attacking and thereby teaching you how to defend a wide array of Web Applications. One particularly good point about the book is that it describes, in an easy to understand fashion, how new hacking methods are used, with particular reference to the client side (rather than server-side).

We’d recommend this book because it also discusses HTML5 Hacking (something which we have covered at length in previous Hacker Hotshot web shows) and other attacks like XSS/ CSRF, framebusting, HTTP header and parameter pollution, hybrid file attacks, and much more. The latest edition of the book comes with access to a web site that works in conjunction with the book – almost like a ‘now-try-it-for-real’ approach.

Second on our list is Metasploit. We recently published a piece, aimed at beginners, titled: “Metasploit for beginners” so if you are completely new to the framework then hit the above link. In summary, if you are keen to get started with a career in information security then you really have to understand Metasploit. Metasploit is a penetration testers friend. Learn it!

Third is Nmap! We’d be doing ourselves injustice if we didn’t toot our own horn as say that we specialize in Nmap with offering a popular online course that “Learn How Penetration Testers Use Nmap To Exploit Their Victims Computer”. Nmap and port scanning are a vital part of an ethical hackers job. Understanding Nmap and using it to scan both large and small networks will make your life easier. Furthermore, Nmap will also help you by determining attack surfaces/ and network vulnerabilities that are all critical in being able to audit an organization’s security posture: i.e. what being a pentester is all about.

Nmap also works well with Metasploit (see number 2 on our list) in that you can assimilate the tools by placing Nmap within the Metasploit Exploitation Framework. Analyzing packets (using Nmap) on a network and being able to correspond scans to hacking vulnerable databases are clearly going to help you when you enter the pentesting trenches.

Fourth is….get hacking! Hacking web sites, servers and applications that have been purposely left, for research, in an unpatched and vulnerable state is an excellent way to learn. There are several versions online but we are not familiar with them (if anyone reading this can suggest one please add it in the comments below – thanks) – instead we are going to focus on the downloadable Linux Distros and VM versions that are designed to be hacked for educational purposes. Take a look at Metasploitable, Kioptrix and pWnOS (which is a Virtual Hacking Lab). There was another classic called Damn Vulnerable Linux but we think that has gone to the Linux Pentesting Distro Heaven.

Fifth is chose a Linux Distro. Last on our recommended tips or resources to start a career within the Information Security business is to learn how to use a Pentesting Linux Distro. This tip is really an extension of the above point number 4, but the point is that a ‘Hacking Distro’ or ‘Penetration Testing Distribution’ contains all the tools and programs you will ever need. Once you feel comfortable with a distro then you are good to go! We have a concise list here and a poll here. Our latest statistics showed that Kali Linux is the most popular distro (hardly surprising owing to the popularity of BackTrack) with an Ubuntu derivative called BackBox (our favourite) in close second place.

By no means a complete or a concise list, these five ideas are really a simple summary of some key skills, tools and knowledge you’d be silly not to master if you want to become a Penetration Tester, which, by the way, is a massively in-demand profession. The demand for talented and experienced Penetration Testers is high whilst the availability is actually low. If you are motivated enough, curious enough and determined that you can earn a great salary and have a promising career.

Worth mentioning that learning a language like Python is also very important but we have a hunch that if you’re reading this you probably know some scripting – right?

Also – finally, this post would not be complete without giving some love to Eli The Computer Guy who makes excellent videos on YouTube, and also, our final resource and tip: SecurityTube!

Let us know in the comments below if you have any additional resource or advice that you’d like to share!