this post was submitted on 26 Nov 2023
15 points (100.0% liked)
cybersecurity
3249 readers
1 users here now
An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!
Community Rules
- Be kind
- Limit promotional activities
- Non-cybersecurity posts should be redirected to other communities within infosec.pub.
Enjoy!
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
IMO penetration testing is a skill that is built upon knowledge of the fundamentals in a pretty long list of topics. System admin using the command line only for Linux and Windows, network administration like switches, routers and firewalls, web applications, databases, and programming. Again, the fundamentals. No need to be an expert. Knowing command line is key because usually you won’t have GUI access to targets.
So what I tell folks is to look at where they have gaps and do some introduction courses on those topics.
For example if databases are a weak area learn the basics on some SQL and no-SQL databases. That will help lay a foundation for later learning database attacks like SQL Injection.
Same applies to many penetration testing concepts. One needs to understand the underlying fundamentals that support the attack to really get it.
Then it’s a matter of building skill in identifying weaknesses and matching those up with a technique that can exploit the weakness. That is a continuous learning process because tech never sits still. It’s perfect for the perpetual student type.