1

I study computer science and I have been trying to get into information security, web application penetration testing in specific.

I have a not-bad knowledge programming,networking and operating systems. I have been through few of the recommended material for beginners. books, vulnerable by design applications mentioned in answers to similar questions like: web application hacker's handbook, most of the available vulnerable by design apps like DVWA, Mutillidae, webgoat, bwapp, also did many online webapp security challenges, so I have a very decent understanding of how web applications work,how major vulnerability types work and how they manifest in the wild, however, when I try to apply this knowledge to a real-life application like a bug bounty program I get overwhelmed by the complexity of modern-day applications and find it difficult to interpret the data I collect to get a real understanding of what I'm facing to conduct an effective penetration test. somehow there's a gap between all the information in books, sitting duck-like vulnerabilities in vulnerable by design apps, and real life complex applications,especially when looking for vulnerabilities that have a big effect on the organization being tested instead of looking for missing headers or uninteresting low-impact vulns.

is this confusion because I lack the background required to conduct such complex tasks effectively like an ex-developer or sysadmin with more knowledge of how things go on the other side? is this background something that I should acquire first through a couple of years of experience before making the move into infosec or should I keep at it the way I'm doing until it ticks?

hmoho
  • 11
  • 2
  • 1
    Possible duplicate of [How to learn penetration testing at home?](https://security.stackexchange.com/questions/11444/how-to-learn-penetration-testing-at-home) – Tobi Nary Aug 12 '17 at 09:59
  • did an edit to bring out the differences between the two, I'm asking this question after following through most of the advice and information provided to start learning, so I think answering this will be very beneficial for me and future learners looking to move from learning to doing @SmokeDispenser – hmoho Aug 12 '17 at 10:19
  • As stated in other questions answers, penetration testing positions are usually held by people with 5+ years in infosec, having gathered a vast experience with for example incident handling and forensics in real life scenarios. Thus, a sense for the common places to look closely can develop that helps in pentesting. – Tobi Nary Aug 12 '17 at 10:28
  • do you think that it would be best to acquire similar experience by spending some time working and gaining experience as a developer or a sysadmin? or aim directly for the infosec knowledge and training? for someone in graduation year so lot of possible directions – hmoho Aug 12 '17 at 10:34
  • That is a highly option-based follow up question. There are positions available in infosec that allow for you to gather the experience, probably better than as a developer or sysadmin. While my CV does indeed start with such jobs as probably with a lot of infosec professionals, it's highly dependent on the specific job. You might not gain any infosec skills, you might do. – Tobi Nary Aug 12 '17 at 10:39
  • could you give me an example of such positions as a pointer? – hmoho Aug 12 '17 at 10:46
  • Here's a [german trainee program for pentesting](https://www.redteam-pentesting.de/de/jobs/pentestertrainee/-trainee-zum-penetrationstester-m-w), yet such things are probably available in other locations, too. – Tobi Nary Aug 12 '17 at 10:50

1 Answers1

0

sounds like it is time to write your tools. The gap between insecure by design and real world hacking lies in automating how you perform your manual attacks. gl.

JuliaTheMad
  • 59
  • 4
  • is there any activity that i should be focusing on to help me get used to the complexity of real world applications (i.e. apps that are a mashup of multiple resources or apps with huge amounts of content with CDNs and massive APIs.),being faced with a list of 30 subdomains and some APIs or 3rd party components that are unknown to me is a completely different animal, any advice is deeply appreciated P.S: not allowed to upvote yet :D – hmoho Aug 13 '17 at 17:29
  • The best resources you can get will be Youtube hacking videos and books. There are some great ones from the entire Hacking Exposed! series, as well as No Starch Press has cook hacking stuff. It is also probably a good idea to go for one of the security certificates. CEH and CHFI is what I studied. Hope it helps :D – JuliaTheMad Aug 14 '17 at 20:48