Certification – We learn Security!

Career Path Penetration Testing Basics

Penetration Testing – “A method for gaining assurance in the security of an IT system by attempting to breach some or all of that system’s security, using the same tools and techniques as an adversary might.” (From wikipedia)

The scope of the article is to help to get your first job as a penetration tester. If you have more great links or recommendations please add them in the comments section. Becoming a good penetration tester requires much more skills than described here. It also means that you never stop learning.

If you don’t know the IT- and IT security basics yet, please have a look here. When you want to start a career in Penetration Testing you should know that most of the penetration tests performed today are Web Application tests. Therefore this article is focusing on this topic. Later I will add new posts with Specializiation Paths for more advanced topics like exploitation, red teaming and so on.

As already mentioned in the article Career Path Security Basics, I strongly suggest that you make a plan what goal you want to reach. For example playing CTF all the time might be fun for some people, but if you need the OSCP it might not be helpful to waste too much time.

Web App Penetration Testing

Port Swigger: Web Security Academy
Content: Teaches the basics of Web Application Security, so far SQL Injection, XSS, OS command injection and File Path traversal. Comes with small labs.
Career: Penetration Test but I recommend it also for everyone interested in security
Level: Beginner
Price: Free

Recommended Link about Web App Hacking:

General

Metasploit Unleashed: https://www.offensive-security.com/metasploit-unleashed/
https://www.tutorialspoint.com/ethical_hacking/ethical_hacking_overview.htm
https://www.cybrary.it/course/advanced-penetration-testing/ by Georgia Weidman

OSCP
If you want to start a career in Penetration Testing you might consider to make the OSCP certification. But you should have in mind that the OSCP is extremely time consuming and it is not a must have, but definitely a door opener. Therefore I recommend to do the OSCP certification. Here is an article about pros & cons of certifications.

Hands On

Here are some hands on for labs and learning. Some of them are online, others have to be installed and run by yourself.

Books

The Web Application Hackers Handbook
Authors: Daffy Stuttard, Marcus Pinto
Content: The standard book about hacking Web Applications, goes into depth about the most important topics. Authors also created the BurpSuit.
Career: Penetration Tester
Level: Good for beginners, but also useful for experienced penetration testers

Penetration Testing: A Hands-On Introduction to Hacking
Author: Georgia Weidman
Content: A great introduction into penetration testing.
Career: Penetration Tester
Level: Beginner

Metasploit: A Penetration Tester’s Guide
Authors: David Kennedy, Jim O’Gorman, Devon Kearns, Mati Aharoni
Content: Introduction to Metasploit and penetration testing
Career: Penetration Tester
Level: Beginner, Intermediate

The Hacker Playbook 2
Author: Peter Kim
Content: Book for penetration testing, hands on hacking, pivoting, evasion and so on.
Career: Penetration Tester
Level: All

Network Security Assessment
Author: Chris McNab
Content: Assessment of various network services.
Career: Penetration Tester
Level: All

German Book: Hacking mit Metasploit
Author: Michael Messner
Content: Great introduction to penetration testing and metasploit.
Career: Penetration Tester
Level: Beginner/Intermediate

Links

Thanks @SparkyS04 for proofreading.

Certifications Pro & Con

A lot has been written about certifications and whether you should have them or not. For me it is pretty simple, certifications helped me finding jobs and improving my career.

As a penetration tester I made OSCP and OSCE, for getting a bit more into DFIR I made the CHFI certification. At the beginning of my career I did CompTIA Network+ and Security+ for learning and prooving my skills. At some companies it is simply a door opener. I know enough people who never certified and are great at their jobs and also don’t have problems making a good career.

But of course there are other ways to show your motivation:

have projects or a blog that are showing your skills
have you found vulnerabilites? write them down in your CV
found something great? consider to give a talk at a conference
maybe you are a great CTF player?
don’t forget your personal network

Besides that, what certification you want to do strongly depends on your career path and the budget. SANS courses & certs cost a ton if you have to pay for yourself and are mainly useful if you want to go into DFIR.

On the other end there are certifications from EDX or coursera that are cheap but of course not that recognized. Certifications from securitytube are also worth a look.

After all it is the mix of certifiations, courses, experience, personality, connections and so on that enables your career.