Penetration Testing Basics


  First, this is an introduction to the field of security assessments and penetration testing. Becoming really good at these tasks takes a lot of work. You should use this as a starting point. It is not a blueprint with a set of instructions for you to follow exactly on your way to an exciting career in information security. The most important thing you can do is to get your hands dirty and practice, practice, practice so you can keep growing your skills, knowledge, and experience.

 There are plenty of places to acquire software and systems to test against. The most important thing you should know before you get started is that a lot of the tools and techniques we are going to be talking about throughout this book can cause system outages and data loss or corruption. Once you start working with tools and programs that are designed to break things, you can cause breakage. As a result, it’s essential that you only work on systems that are yours to start with. Get yourself a lab and work there. Virtual machines and free software are your friends here.

 The moment that you start working with clients or employers performing penetration testing or security assessments — and this can’t be said enough times — make sure to get permission. Informed consent is your friend because inevitably you will cause some damage. Whether you intend to or not, you will run across a fragile system or a piece of software that misbehaves. Outages will occur, so it’s best to make sure everyone is on board with all of this. Let them know that you may cause outages and that is very, very rare instances you may cause data loss or corruption. It happens. Once you cause damage or downtime, the very last thing you want to do is to have the client or your employer come back to you and say you didn’t let them know it was possible. Get everything in writing.

 Once you have everything in writing and everyone knows what is possible, you can get started on all of the fun work, which is what you are about to do here. Keep in mind that in spite of what you see on TV and in the movies, breaking into systems isn’t nearly as simple, as a general rule, as a few taps of the keyboard. It’s tedious and can be a lot of hard work. Once you’ve popped your first box, though, it makes the time and effort worth it.

                                                                              Enjoy the ride!

Also, Subscribe to my youtube channel