Our field of expertise is very dynamic and always changing. It demands professional penetration testers or ethical hackers to be aware and keep abreast of new technologies, trends, attacks, and vulnerabilities.
There is no excuse for a penetration tester who checks an infrastructure against attacks during the time of Windows 95 and does not assess the possibility of launching an attack on a newly discovered vulnerability that is breaking networks or applications all over the world at the same time.
Important information types and news for staying up-to-date and competent in our profession are:
- Information on new vulnerabilities, new attack types, and scenarios
- News about changes in the existing or new technologies, protocols, standards, and information security-related laws
- News about big compromises and data breaches in the corporate world
- Security reports and whitepapers
- Security research results
You can obtain such information from the following sources:
- Various security newsfeeds (full disclosure, Darknet.org.uk, Exploit Database updates, and so on)
- Blogs of security researchers (Corelan Team, Carnal0wnage, DigiNinja, Offensive Security, Blue Frost Security Lab, and hundreds of others)
- Vendor and security companies' blogs (for example, Cisco blog and security advisory)
- Security conference talks and whitepapers (especially BlackHat talks)
- Security magazines and e-zines (Phrack, PentestMag, Xakep, and Hackin9)
- Certain tools newsfeeds (Aircrack-ng, Nessus, Metasploit, and so on)
One of the outstanding sources for getting security information and news is Reddit. It's /netsec channel is highly recommended. Most of the news appear in a couple of hours after being published for the first time and some of the news or papers have live discussions and comments full of useful additional information.
We have provided an approximate overview of the information sources based on our own news aggregation configs, but pentesters compile their own lists of newsfeeds based on their interests and experience.