To excel at penetration testing, you need to have your lab for practise/research. I would suggest one to use virtual machines which are free in the market. I would go with VMware Workstation rather than Virtual box, it’s just my personal option. You can choose any one.
1. VMware Workstation
Click here to download VMware Workstation
2. Kali Linux iso
Click here to download Kali Linux Iso
Click here to download bee-box
I just wanted to give you an overview how one can be a Penetration Tester. I’m not gonna talk about career opportunities here since I do believe that a security enthusiast will always be passionate about information security, having a sense of how networks works and systems works. So, this article will shed some light for Quality Assurance, Test Automation engineers, enthusiasts who have a dream to start their journey to becoming a Penetration Tester.
Penetration Testing is a practice of testing a system, network, or Web application to find out the vulnerabilities where an attacker could exploit or sift through a loop hole in the system. Most of the organizations hire penetration testers to be a part their internal security teams, where they can test products or systems for exploitable security flaws and assure security.
Often people ask me how to start with. I know, this is the hardest of all as it is quite tricky to find the source to kick off from the basics. Although there exists tons of books and other sources which will teach you how to perform penetration testing, web application testing. I will start with few cornerstones and essential skills required. I know it would be bit uncertain when you start reading but to set realistic expectations of what one would expect from a security analyst to my solitary view. Don’t be discouraged if you don’t have all the essential skills which I’ve listed here but rather pop the hood by learning them. Continue reading
These days, all we hear about hacktivists took down so and so websites and retrieved thousands of user’s data. One of the techniques to get unauthorized access to database is by performing SQL injection. This article is quite lengthy which gives basic information about SQL injections, but still I hope it’s informative which might helps you. SQL injection is a basic technique where hacker might use to take over unauthorized access of the database or maybe to enumerate the data from the database. People might think, it’s an issue with the database configuration. Yea you’re partly right.
Security Testing should be done in a standardized process. I would say, this should be done with meticulous care because you will not do this for every sprint/build release. It cannot be tacked on to an application at the last minute. A proper security framework should include continuous security training for all developers, threat models for the entire system, regular code reviews and planned penetration testing. There are few methodologies which you can adopt to perform pen-testing.