'Re: Penetration tester skill set,'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       security-basics
Subject:    Re: Penetration tester skill set,
From:       "Alice Bryson <abryson () bytefocus ! com>" <abryson () bytefocus ! com>
Date:       2006-07-27 14:43:45
Message-ID: 21ae1b060607270743i7fa11a6ar78820f1e3cfbaab2 () mail ! gmail ! com
[Download RAW message or body]

pen test need some innovation.
Both pen test and invent are creative.
Invent is focus on construct creatively, while pen test is focus on
destroy creatively.

2006/7/22, IRM <irm@iinet.net.au>:
> All,
>
> I am new to the list and also to the security. I hope this is the right
> forum to ask a question since it is called "security-basic" forum. I
> came across to the archive on this forum and found an interesting post
> called "Death of the security community"
> (http://www.securityfocus.com/archive/105/428207/30/1590/threaded)
>
> Straight to the point, I would like to know; what is the 'typical' skill
> set that a penetration tester should have. The reason why I asked this
> question is because part of penetration testing is a vulnerability
> assessment. On most of the penetration testing report it's required you
> to insert the "proof of concept" section on how to get in to the
> specific condition maybe in this case an administrator/root privilege.
>
> Running tools like Rainbow Crack or Nessus does not required a lot of
> skill. In fact it is something that everyone can do! This is definitely
> does not bring any values to the customer. At the same time, I need to
> be a realistic too that finding a bug and writing the exploit as a proof
> of concept are required a lot of effort. For some reason I can see a
> dilemma in here.
>
> So back to my question; what is the typical skill set that a penetration
> tester should have?
>
> Can anyone in here give me some light about this?
>
> J
>
>
>
>
>
>
> ---------------------------------------------------------------------------
> This list is sponsored by: Norwich University
>
> EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
> The NSA has designated Norwich University a center of Academic Excellence
> in Information Security. Our program offers unparalleled Infosec management
> education and the case study affords you unmatched consulting experience.
> Using interactive e-Learning technology, you can earn this esteemed degree,
> without disrupting your career or home life.
>
> http://www.msia.norwich.edu/secfocus
> ---------------------------------------------------------------------------
>
>


-- 
Have a Good Day

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic