May 2, 2023
Table of Contents After introducing 3 Broken Access Control Attacks in our first OWASP Top 10 post, we now move on to
Nowadays, penetration tests are indispensable if the best possible IT security is to be provided. Companies fall victim to cyber attacks every day.
Not only corporations can count themselves among the victims, but also medium-sized companies as well as individual companies from a wide range of industries.
Penetration testers, also known as ethical professional hackers, now help to make future attacks more difficult throughout Germany thanks to their knowledge and skills in the form of penetration tests and also to clarify the current status of the given IT security of a company. In doing so, they examine a wide variety of security vulnerabilities and security weaknesses.
The goal of such a penetration test is to uncover errors or omissions in patch management as well as to exploit vulnerabilities resulting, for example, from the everyday use of services and protocols using a wide variety of techniques and tactics as well as exploits, and to prove them accordingly with "PoCs" (proof of concept).
The career of a good penetration tester starts at the "Junior Penetration Tester" competence level. Initially, as a Junior Penetration Tester, you will perform smaller tests such as vulnerability analyses or smaller penetration tests and support a wide variety of larger pentest projects under the guidance of a "Professional Penetration Tester".
In the process, the junior penetration tester for the job learns the most important techniques and skills needed to perform a good quality penetration test. A basic understanding of how computers and networks work and how they work together should be present beforehand.
Furthermore, the junior penetration tester is brought up to the level of the other penetration testers (professional penetration testers) in order to be able to apply this knowledge independently in future penetration tests. Initiative and a willingness to learn are fundamental building blocks that a penetration tester must have if he or she wants to perform qualitative penetration tests. A certain amount of ambition as well as a pinch of curiosity and adaptability are also required if you want to get a job as a junior penetration tester.
Own strategies and procedures for testing should be acquired. A quantitatively and, above all, qualitatively good penetration test should never be carried out according to a "pattern".
In addition, at least three years of professional experience is recommended. However, there are no legal requirements. Three years of professional experience are also required through a computer science degree (not business informatics or comparable!).
The advantage, however, is that you can advance faster in the competence level. However, this is not a guarantee, but purely dependent on your performance and competence as a junior penetration tester in this job.
Since each penetration tester is responsible for his own penetration test, a high degree of self-organization and documentation is part of the daily routine. Without self-organization, a qualitatively good penetration test result cannot be achieved in any case.
Structured documentation is essential for a penetration tester to enable application security and to prepare the administrators on the customer side to quickly eliminate the found vulnerabilities and implement missing security mechanisms.
Table of Contents After introducing 3 Broken Access Control Attacks in our first OWASP Top 10 post, we now move on to
The status report of the Federal Office for Information Security (BSI) 2022 shows: IT security in the public sector is increasingly
Interview with Christian Rosenzweig (Johner Institute) - Part 2 In the first part of our interview, we asked basic questions about
Start your career now as a Junior Penetration Tester, a job with opportunities!
Together with the IHK-Akademie Koblenz, ProSec GmbH provides professional and in-service training, guaranteed on the advertised date! Our offer is designed to provide an intuitive learning curve. It is primarily aimed at IT officers, network administrators and others who are responsible for IT security consulting in the company. Take advantage of the access to professionals that will give you a whole new perspective and become a Junior Penetration Tester a job with opportunities for advancement.
A comprehensive PDF on "Junior Penetration Tester" and this job can be found here.