Pierluigi Paganini October 20, 2013

Penetration testing is a skill, a profession that requests specific capabilities and the respect of strict rules. Hacking is different from pen testing …

Professional hackers are an essential component in today IT landscape, in a previous post I highlighted the great request of the market for so precious figures.

Being a hacker is a state of mind, a different way to approach IT world, penetration testing is just an example of the activities that hackers can do as part of a corporation, but there is much more.

Companies need security experts able to share the results of their investigations, that have an analytical approach to the problems and are able to find innovative solutions.

In today’s society the data is probably the primary asset for the majority of the company, results focused professionals must be able to drive their clients in the right direction with professionality and ethics.

Every professional has to adopt a code of ethics based on the following fundamentals described by(ISC)²:

• Protect society, the common good, necessary public trust and confidence, and the infrastructure.
• Act honorably, honestly, justly, responsibly, and legally.
• Provide diligent and competent service to principals.
• Advance and protect the profession.

Penetration testing is a precious skill, not a technique, that must be refined through practice and hard study.

To start this fascinating work there are some useful requisites that could help youngsters such as a strong background in the IT security, a good knowledge of current tools and it could be an advantage to have followed a specific certification (e.g. GPEN – GIAC, OSSTMM Professional Security Tester Accredited Certification (OPST) and Certified Ethical Hacker).

Pentesting is often confused with hacking, but there is a substantial difference that novices have to understand, while “hacking” is exploratory and unstructured, penetration testing is based on a scientific and structured method.

Pentester follows structured approach documenting each phase of its test and the results obtained. Every step must be argued detailing the following things:

• scope of the test.
• results of the test.
• precedure followed.

Penetration testing is almost always a consulting-focused job  also when companies have their own internal security team, consider that during their career pen testers works for many different companies as contractors.

Our surface of attack is increasing with the exponential growth of the penetration level of technology, everything surrounds us has an “intelligent component” that could be compromised by hackers, it’s clear the importance of security for those objects and the rule of a penetration tester for their evaluation.

This and much more is possible to understand taking a tour in the Hacking Academy Modules, that also gives to the participants to test what they learned with specific Interactive Lab … Test it for free

Pierluigi Paganini

(Security Affairs –  Penetration Testing, hacking)