Hacker News new | past | comments | ask | show | jobs | submit login

Love this:


"You can become a penetration tester at home by testing your own server and later make a career out of it."

Sounds like the old style correspondence school ads - a bit hokey.


I would have rewritten that as:

"Many people have actually made a career out of being a penetration tester by first testing their own home server"

You can absolutely learn to do penetration testing on your own time with your own servers. We have a script we give people to do the same thing. If you feel like you have a knack for systems programming, being a good systems programmer is 1/2 the hard part of appsec; the other 1/2 is literally "taking pleasure in finding creative ways to break things", and you can find out if you have that personality streak in just a couple hours of trying attacks.

Agree. Fully understand the ability to self learn (and have done that with almost everything I've ever made a dollar on despite going to one of those good business schools which is why people think I make money rather than other qualities).

My comment strictly related to the style of what they were saying (and how I might rewrite that) I think it's a great idea.

When you say "a script" what do you mean? A script that configures a server incorrectly to let you see the kind of things you can do?

I think he refers to a teaching script, as in a series of exercises.

Is this script available? Thanks

Shoot me an email.

Would be interesting to offer this script as "ptaas" penetration testing as a service. That way instead of having the script and having the potential to abuse the script (or temptation) someone would be forced to allow tracking of the IP (presumably their own or their companies) that they are doing the testing on (and you could compile statistics for use elsewhere as a condition if they got the script for free). I know companies already offer this service (we had to go through one of those for PCI) but iirc it was rather expensive. FWIW the bank that required it never followed up after the initial "you have to do this and we suggest this particular company".


"By and large, Management agrees that there is but one adequate solution to the problem ... a solution that can be applied only by Management itself."

There was way less cowbell in that picture than I expected.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact