How can I start pentesting?

How do you become a penetration tester?

In a penetration test (often called a pentest), penetration testers, also called ethical hackers, test the security of an IT system. It can be, for. B. be a computer network, a website or a smartphone app. The aim is to identify weak points in the system at an early stage so that it can then be protected against attackers.

Why "Ethical"?

The term “hacking” is commonly associated with crime, and many people wonder what the difference is. The The aim of the Ethical Hacker is to help companies improve their systems. Ethical Hackers never attempt to compromise a system without the express permission of the owner. So you work within laws and ethics.

Where do you learn that?

Hacking a company without their permission is fundamentally illegal. So how do you learn without a crash with the police?

Ideally, the answer to this question would be very clear: "You can study it at the university". Unfortunately, the answer here in Germany is not that simple because of it there are hardly any courses with a focus on information security. There are of course the classic computer science courses that offer a good basis, but those who mainly want to deal with information security often have to study far away from their home.

All right. And what exactly do you learn there?

In such a degree, you gain practical experience in various areas of information security. Of course, no course offers exactly the same, so here is a brief overview of what my course contained at the time:

Computer & Cyber ​​Crime Professional (CCCP)

Bruges, the Venice of the North, with its beautiful architecture, the place par excellence to experience the Middle Ages. You may have been there before. What most people don't know is that right next to this magical city students are trained to become ethical hackers. Five minutes from Bruges Central Station you will find the “Hogeschool West-Vlaanderen” and its “Computer & Cyber ​​Crime Professional” course, unique in Flanders.

Program

Just like with the classic computer science courses, is Programming is an important part of studying. Students learn how to program efficiently in different languages ​​(in my case C, C #, Java and Python, but like everything in the IT industry, this is constantly changing). While programming, you learn to develop an analytical eye in order to find a solution afterwards with the right design patterns.

Windows and Linux servers

As a penetration tester, you come into contact with Windows and Linux environments the most. It is because of that It is important that you are familiar with these environments in order to be able to carry out targeted attacks. Here you learn everything from user management in Windows Active Directory to installation and configuration of Snort, an intrusion detection system, on Linux systems.

law

As a penetration tester you work in the gray area of ​​the law, why Good knowledge of the law is essential are. If you don't think about it, you can travel illegally very quickly.

Web application testing

For some years now, developers have been preferring web applications rather than stand-alone applications that are tied to the operating system. This switch to the web naturally also brings with it various security problems, especially if the application is made available on the Internet. During their studies, students get to know "OWASP WebGoat" a web application that is intentionally insecure. This shows what weak points there are in web applications and how they can be exploited.

Cryptography

Cryptography, which is the science of encrypting information, is one of the most important issues in security. For ages, people have tried to hide communication from unauthorized eyes. This is no different in computer science. Of course, you also don't want your banking information to end up in the hands of hackers. In this subject, students receive basic knowledge of modern encryption methods.

Pentesting

In order to practice penetration testing, the university has provided a laboratory environment. In this laboratory environment there are vulnerable systems that the students try to hack. The subject works in the form of a game: for every hacked system, students can receive points that they receive by entering so-called “flags” (specific text) on a game platform. So the students compete with each other to hack as many systems as possible. As a module completion task create a detailed penetration test report that lists and explains all vulnerabilities found.

Certified Ethical Hacker

At the end of their studies, students have the chance to receive the "Certified Ethical Hacker" certificate from the EC Council, an information security certificate, which among other things recognized by the American Department of Defense becomes.

The future

Information security is an area that is experiencing a lot of growth right now. Compared to traditional computer science courses, there are very few institutions that offer information security as a full-time course. But the topic is slowly establishing itself. For the past couple of years have been founded some new courses in the field of information security in Germany and I hope the number will increase exponentially over the next few years.

 

Your future

Pentester wanted! Get information now and apply now.