Reply to: Switching to security testing

Thx,

Good information here. Yes, forensic work looks interesting; I learnt about forensic engineering during my PGDip and I really enjoy the ‘what went wrong’ and ‘has something gone wrong’ type of investigations, tracing things back to root causes etc.

I shall look into these courses.

I started off many years ago doing security testing. My original contracts were 5 - 10 days at a time where larger security companies had taken on to much work. Most of it was work from home as well.

CEH is ok, but if you want to get into some hard core exploit building I would suggest doing a SANS Course. To get a good insight I would also suggest going to one of these events. Also, to get an idea of what is ahppening in the market try Infosec. Its free to attend of you register before the day. I normally attend all 3 days.

From reading your posts I feel that you could also be quite good at the forensics side of security testing.

Hope that helps.

There's plenty of material to whet your appetite on the OWASP website. Free downloads and testing guides.

The testing part's here:

http://www.owasp.org/index.php/Categ...esting_Project

As a start you could look at incorporating various security tests into existing tests (sql injection, that sort of thing) and build up a security test library from there.

Something else to consider for pen testing is a very clear statement of what you are and are not allowed to do on the network. Getting that part right needs diligence by both parties.
There are cases of people being arrested for overstepping.

So getting the qualification above would be a good start, but it was good to hear how poorly it paid, I don't think it is worth pursuing.

Thx

That’s the point; it’s something to get my interest rekindled as I feel like I’ve seen it all and done it all in testing. I haven’t, obviously, but that’s how I feel. I’m a critically minded type of person and I like to do things that ‘break the rules’ for the right reasons. However, obviously I’ve got accustomed to a certain income level and don’t want to see that drop too much.

If you are serious about it, then I would look at the Certified Ethical Hacker qualification which would be a good to have, IMO.

I've considered doing it in the past, as it interests me, rather than doing it as something that might be a money-spinner.

Probably, best bet might be to bring it up when you do other testing work where you can see it might be needed, and offer it as an additional service.

When I was contracting it was something I would offer to do for a client as part of the initial gap analysis, to show where the major weaknesses were, rather than as a test of what I'd done for them at the end of the project. I always recommended they get a third party to do it if they wanted a proper objective test.

thx
Might it be more of a useful sideline to testing than a career choice?

Security testing is an odd one. No one really employs internal security testers, they want external third parties to test for them so most of the industry is made up of specialist security testing companies and most of the big consultanicies have a testing arm.

The scope for contracting is pretty limited from what I've seen, I've been on the implementation side for years rather than testing directly.

Testing itself is seen as a technical job but not a particularly comlpex or involved one. Most security vulnerabilities are known and documented and testing is easily automated and scripted. Jobs dont pay hugely well and there doesnt seem to be much of a contract market.

The deep technical stuff is in identifying new threats and vulnerabilities and is more akin to coding than testing. A lot of it is done by independent security researchers and findings are usually put in the public domain for free, as a loss leader to generate security consultancy business.

WHS, I would like to know too.