
Ask HN: Best route from developer to pentester - careershift
I have a lot of experience with web (rails, angular, ember, react), android and backend (nodejs, go), but got laid off a while back and am thinking of branching off a bit and look in to pentesting. It&#x27;s an area I have always had an interest in, so now that I have time I wanted to delve a little deeper. There are some costly courses available, but seeing as I am getting short on money it is quite the risk without having some solid testimonials backing it up.<p>If anyone can offer me some advice on a good starting point I would greatly appreciate it.
======
justsorneguy
I think [https://www.cybrary.it/](https://www.cybrary.it/) is pretty good for
free lessons. You can combine it with VMs like [https://www.offensive-
security.com/metasploit-unleashed/requ...](https://www.offensive-
security.com/metasploit-unleashed/requirements/) and those from
[https://www.vulnhub.com/](https://www.vulnhub.com/) for a bit of hands-on.
Also, you can get a lot of information specific to your language, like
[http://guides.rubyonrails.org/security.html](http://guides.rubyonrails.org/security.html)
and
[https://github.com/presidentbeef/brakeman](https://github.com/presidentbeef/brakeman)
to look at real apps, to see what can go wrong.

~~~
justsorneguy
Oh, and there are some good podcasts, too. Like Risky Business, 7 minute
security, Liquidmatrix, Security now... 7 minute security just had a decent
series on how to set up a DIY $500 pentesting lab, for example
([https://vimeo.com/179271256](https://vimeo.com/179271256)).

Finding some famous pentesters to follow on Twitter can't hurt, either.

------
andrewhayter
Really interested in this as well. Currently working as a web dev but really
get excited when it comes to web app security.

Can we also discuss paid courses that might be of value as well?

~~~
justsorneguy
I think [https://www.offensive-security.com/information-security-
trai...](https://www.offensive-security.com/information-security-
training/penetration-testing-training-kali-linux/) is probably currently the
best bang for the training buck...

