Security tester .. how awesome is that?
Well im not a security tester yet.
So i want to share my experience and how i study as i go along with this road.
So let's get started!
After little googling i find out common suggestions for becoming a hacker
- Read security related books
- Learn how to code
- Learn how systems works
- Follow the path (try to master 1 field per time)
- Get certificated
- Find a mentor
- Practice, practice, practice
Well that's sounds easy ... or does it?
1. Read security related books
Thanks amazone for awesome selection of books
2. Learn how to code
Question is not "learn how to code". Question should be: how to learn (the right way).
If you ask why "how to learn (the right way)"... well imagine situation that you use nessus/OpenVAS..etc scanner and you find buffer overflow vulnerability. Do you know what does it mean? Can you explain it? or do you know how to fix it? It is not about pointing out mistakes, you should be able to help the client (he is paying for that service).
I'm not sure how your brain works but for me reading the manual is not enough. I need to get hands dirty. I need to code they way i fully understand what i am doing, because if i don't understand it fully then i am not in charge.
I did choose PHP/MySQL and javascript for the first language.
And i try to come up with with small tutorials/challenges in here once a week. Hopefully it helps me to push myself further.
3. Learn how systems works
I have planned to set up servers and guests for that purpose.
Planning to use
Oracle VM VirtualBox and
GNS3.
Idea is to simulate real world networks + attacker
4. Follow the path (try to master 1 field per time)
It is a nice advice.
Since i work as software tester already i start with website hacking.
5. Get certificated
I have read the program of many security testing courses. And i just don't believe that you can become a pen-tester after 2-5day course and of course the price is overkill. I strongly believe that first i should understand what i'm doing and then get certificated not other way around.
6. Find a mentor
I wish i could find a mentor...well i almost did, in New Zealand they have awesome community that people can actually find a mentor for free (
http://www.in2security.org.nz/), but you need to live in there... so envy them. Well who knows maybe i get lucky and find a mentor.
7. Practice, practice, practice
This is hard one since it is illegal to hack systems without permission.
For brain teaser there are many websites out there what offer challenge.
To name few:
So for practice i start writing small application, so i could learn how to code, how to find the (XSS, SQL, ...etc) and how to fix them.
Note for the reader:
Dear stranger,
Everything in here is my opinion. I'm sorry if it hurt you somehow and i'm sorry for my bad grammar (English is not my first language). If you happened to notice mistakes on my posts then please let me know also .