
Ask HN: Best route to software dev from pentesting - wepple
I'm currently contracted as a penetration tester, but I find the most exciting part of my week is when I get to code new tools and actually create cool things.<p>I've looked at junior positions doing software development (I'm interested in mainly django and android at this point) but they still often require a fair amount of experience.<p>I think I've probably developed quite a bad coding style - generally my projects are small, fast, and developed for me so hardly make it to release, which is something I've been reading up on to improve.<p>The upside is that I know a pretty wide range of tech - as a pentester I have to do code reviews of most common languages, I know low-level networking fairly well, I obviously understand security very well, and have a mindset built around the fact that every couple of weeks I'm given an application/technology I've never seen before and have to understand it really fast.<p>Do you have any pointers as to what the easiest way to get into software development might be?
======
tptacek
If you enjoy your pentesting role enough to continue doing it for awhile,
start a side project (you don't have to publish it on Github if you don't want
to) that's more ambitious than a pentesting tool.

Are you a network penetration test person, or primarily an appsec person?
Another step you could take (talking my own book here, admittedly) is to move
to an appsec firm, which will have you working in software full time. If
that's something interesting to you, you can ping me directly; I probably know
firms working wherever you are.

Most of my career has been as a software developer, actually shipping
software. If I thought longer I could probably generate more advice, but my
basic advice to you is to realize that most employed software developers are
not all that great; you might be making things harder for yourself by applying
for "junior" roles. Can you code? Can you build working systems? Apply for dev
jobs. You'll eventually get one.

------
X4
Hi, I'm about to learn pentesting, I'm a dev/sysadmin/designer. I've not
thought myself the complete lecture, but the definitive way to go for you is
learning everything over @ <http://mitpress.mit.edu/sicp/>

I suggest that you leaern C and Python, because as a Pentester, these are the
languages that are most relevant. C++/C#/PHP/Java etc. might be nice to have,
but you can solve all of your tasks with C and Python more efficiently, thanks
to the great Frameworks that have developed around these langauges. Checkout
Continuum.io, NumPy, wxPython, wolframalpha.

If you run out of ideas, run this # pip search framework

Here's an example of what can be accomplished with Python:
<http://en.wikipedia.org/wiki/List_of_Python_software>

Where should I start learning Pentesting? (I know Metasploit a little)

~~~
tptacek
Can you code? Can you work in SFBA, Chicago, or NYC? You could contact me
directly.

------
il
Put your email in your profile, people in HN might see this post and want to
reach out.

