Need some guidance / suggestions. Have some questions here

Hey everyone

I have some questions and I am seeking some guidance / suggestions.

A little background information about me (the important stuff):

I have a degree in computer networking.
I have multiple certs, but the one that is most relevant to this post is my security+ one.

I currently work as a software tester. Lately I have been getting into testing the security of the software (gaining access to portions of the software I shouldn't have access to, password expiry, etc.).

I have taken a huge interest in becoming a pen tester, mainly black box. It's something that has always fascinated me but I was always afraid to pick up a book on it.

Questions

Is there anything I should know, any programming language, networking knowledge, security knowledge, that I need before I dive into an ethical hacking book? I guess my question is, are there any prerequisites to opening up an ethical hacking book and learning what it's all about?

What can I learn before I pick one up to make myself well rounded in the field of hacking?

That's all I have for now.

My posts are lengthy I know

TL;DR

Are there any prerequisites before picking up ethical hacking material(s) and learning how to be a pen tester?

Find more posts tagged with

Comments

JDMurray

There is nothing to prevent you from reading ethical hacking material regardless of your background. I would suggest looking at ethical hacking books and Web sites and discovering what you already know and what you don't. There are many different and diverse areas of ethical hacking (e.g., network pen testing, social engineering, Malware analysis); discover the areas that interest you the most and start filling in your knowledge from there.

lsud00d

Just jump in, we all float down here

Jasiono

I usually dive right into whatever it is I want to do.

Going off the post JDMurray wrote:

Is it like with networking, where you start with the fundamentals books and have them sort of open up knowledge as to what kind of pen testing / ethical hacking is out there, allowing me to migrate on to what I think is most interesting to me?

I went from networking thinking that it was strictly managing networks to having my mind opened to the other tracks I could go down (security, management and VOIP).

My choice was security

JDMurray

Jasiono wrote:

I currently work as a software tester. Lately I have been getting into testing the security of the software (gaining access to portions of the software I shouldn't have access to, password expiry, etc.).

I have taken a huge interest in becoming a pen tester, mainly black box. It's something that has always fascinated me but I was always afraid to pick up a book on it.

I think that you will find that much of network pen testing is unorthodox software quality assurance methods and procedures with much "out of the box" thinking.

Realize that pen testing is about exploiting flaws and misconfiguration in the design and implementation of software. It's good to know networking and how data flows across networks. However, at some point you will be staring at the open network port on a host and asking yourself, "Can I get in there? How do I get in there? What do I do once I am in there?" At that point you have entered the world of software testing, debugging, and development. Know how to code and debug software? That would help you understand what the software is doing and how to manipulate it into doing other things you want.

Jasiono

I don't know how to write code very well, but I can read it and see what is going on, for the most part, for simple programs.

The security type of testing I do to the in house program we have been developing for a while now is not coded by me at all, just tested. I know the database layout and what information gets pulled where, and with that knowledge it allows me to manipulate the URL in certain areas and enter areas of the program I am not supposed to be in. I have found some critical bugs in that sense and everyone is extremely pleased with it.

I was thinking about picking up a programming book, but I'm not even sure which language I should get.

From my understanding, told by my teacher in college, if you learn 1 language, you pretty much know how they all work, it's just all within the syntax of the commands. Not sure how true that is.

It was a Java course that I took and I had problems writing my own classes.

I was thinking about picking up C/C++

lsud00d

There are many different types of programming languages, just as there are spoken languages:

http://cs.lmu.edu/~ray/notes/pltypes/

Just as spoken languages have different words, structures, and rules, so do programming languages. However, once you learn one it does get easier to learn additional languages.

Java is object-oriented, as is powershell. Languages you should focus on for pentesting are python and ruby, initially.