0

I want to apply for a job as a penetration tester in a good company. I have a fairly good knowledge of programming and have experience as a back-end developer.

I started to work with Burpsuite, ZAP, Metasploitable2, Juiceshop, and I've started to do some stuff locally. I want to gain more experience and do some challenging stuff but don't know what to do.

It was suggested that I should learn Rust & Go and develop security applications.

I don't know how to start off and get my hands dirty on developing security applications to gain enough experience to apply for that job. (I'm planning to complete it within a month.)

Any Advice?

Xander
  • 35,525
  • 27
  • 113
  • 141
chameleon123
  • 1
  • This basically opinion based and will get closed.You journey is your own but it will involve reading and playing CTF thats all i can see – yeah_well Aug 31 '19 at 11:04
  • 1
    You know penetration testing is a mile wide? https://www.google.com/?query=inurl:%20%22hands%20on%20penetration%20testing%20training%22 – tungsten Aug 31 '19 at 11:07
  • There is not only just one solution, there are many each with a different view on it. you have to pick some out, and follow the standard primary school techniques you've learned – tungsten Aug 31 '19 at 11:17
  • That's why I'm asking here. I'm looking for the fastest way as I like to join that company ASAP. – chameleon123 Aug 31 '19 at 11:47
  • tactics and techniques are the most important aspects of pt besides having knowledge about using the tools. "Who,. w ww", "From what point to start? ..I have already information about my target..", If you are going to be a functional penetration tester, you always are going to prepare and define every task, no matter if it is a technical or administrative(by which i mean employees that may be vulnerable to social engineering or the business is building further on a nonsense policy). It can have issues, outdated softwares and more. You'll have to find it using specific tools for specific tasks. – tungsten Aug 31 '19 at 13:20
  • There is no possible way for you to rush this process in any way. – tungsten Aug 31 '19 at 13:34

1 Answers1

1

You don't need to be a pentester to develop a security tool. Having a nice security tool under your resume is a big bonus from a job searching perspective, but your skills and knowledge also matter a lot. You can train up reading security write-ups and playing CTFs. To get a glimpse into the pentesting methodology you could look at Ippsec videos from HTB.

Programming languages:

For exploit development it's mostly: Python, Javascript, Perl

For security tools creation it's mostly anything that you feel comfortable with. Do keep in mind that there are a bunch of benefits to use GO lang, because it's very easy to deploy on any platform, but it's definetly not a must, there are loads of security tools written in Python, Java, Perl.

Raimonds Liepiņš
  • 994
  • 5
  • 9
  • Thanks for the answer. For security tools creation, can you give me some hints what to start from? I have a bit experience in developing with go. – chameleon123 Aug 31 '19 at 19:01
  • It goes the same for every programming project. You need to find something that you want to get automated for pentesting. Some of the perspectives are, but are not exluded to enumeration, gathering OSINT, C2 framework. – Raimonds Liepiņš Aug 31 '19 at 19:54