Becoming Pen Tester...

smiahsmiah Member Posts: 25 ■□□□□□□□□□
hi all,

I have been working as Information Security Officer for number of years and now thinking of doing a pen test certification.
Can anyone please reccommend me any good Pen Test Certification which has good value in the market and good for job search?

I will be quite new to the pen test environment.



  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,900 Admin
    What type of pen testing? Purely network pen testing, or are you looking into physical or (Web) application pen testing as well? We have quite a few discussion threads that detail them all.
  • smiahsmiah Member Posts: 25 ■□□□□□□□□□
    I'm looking for Networking and Physical.
  • slinuxuzerslinuxuzer Member Posts: 665 ■■■■□□□□□□
    CEH might be a good start for you, CBT nuggets should be releasing their new CEH videos soon, also I'd recommend a lab with backtrack, metaspolitable and some other live bootable CD's that are made to be vulnerable. There is plenty of info on this site about setting up a lab using vmware workstation. The good news is you likely already have a good grip on the compliance side of things, since you are already in a security related role, I'd push your employer to send you to a CEH course, it should be a reasonable sell. If you can get this look at global knowledge, I've used them in the past and their good.

    Also, take a look at the hacking exposed books, they are a good source for clear cut examples of attacks, Also remember when your testing out an attack, spend extra time to make sure your target is vulnerable to said attack, and if it doesn't work the first time, try try try TRY again, alot of attacks need to be tweaked and don't always work as advertised. When trying to learn this stuff you will do your self a big favor by taking a methodical approach to learning. Start with something like info gathering and devote massive amounts of time to it, make notes on all resources you use, what information is gleaned from each, anything that is relevant, keep them very well organized from the start, once you get a really good grip on this move on to, say system scanning, and repeat. At the end what you'll end up with is a set of real skills, and a collection of notes on what works and doesn't work.

    I've spent tons of time trying to learn different parts of Info sec and pentesting in a haphazard kind of way, and in the end I look back and wish I had done what I am recomending to you.
Sign In or Register to comment.