In this post, we cover some brutal tips to become a successful pentester!
First, Get your basics right!
Are you already a great system administrator who understands the nuances of many operating systems, or a professional developer who has a deep background in one or more languages? – If yes, this is a huge advantage.
If your answer is no to the above question, then – Learn to program. C / C++ is wonderful to begin with. Else, php, python ruby whatever! Just learn to code. Know the data structures and algorithms a developer uses to break them. You must have a strong understanding of how applications work and how they interact with one another (e.g., the OS, services, other applications).
Get to know the basics of networks by setting up and running your own home network. That way, you’ll gain an understating of how network administrators view the world.
Get to know operating system nuances by building your own home servers so that you better understand how system administrators view things.
Read on Security engineering – concepts in the CISSP domains. This is why security is harder and more dynamic than other IT areas. You not only have to be able to learn and understand multiple domains (i.e., programming, networking, administration, architecture) and be able to adopt their perspectives, but you also have to figure out how to break them using knowledge often drawn from multiple domains.
Now there are so many options you could spend all of your time just reading the security books. But don’t make that mistake. Start with the fundamentals. Once you have the base knowledge, security topics become dramatically easier to comprehend.
Source: Dark Reading