In this final chapter, we want to give you some hints and suggestions regarding possible directions of further penetration testing skills development. We'll describe the following steps that will be definitely helpful to become a professional penetration tester.
The chapter will cover the following topics:
- Descriptions of the topics a reader can learn to develop certain penetration testing skills
- An overview of the penetration testing courses and trainings
- An overview of the penetration testing standards
- An overview of the sources of information helping penetration testers stay up to date
Needless to say, it is definitely not enough to just build a lab and try to use it without any certain plan and proper learning. This approach can bring some knowledge and skills, but it does not allow you to develop them systematically and comprehensively. We believe that a person who has learned just several attack techniques without a proper background preparation cannot reliably perform a penetration test and will identify only a part of all vulnerabilities and security flows in a target system or infrastructure.
Thus, it is essential for penetration testers to constantly improve their skills to be able to identify not only the common security vulnerabilities and misconfigurations, but also identify atypical ones using deep technology understanding and their own acquired experience.
Let's briefly introduce you to the main penetration testing domains (topics) you might be interested in.
This topic includes basic security assessment knowledge almost always overlapping with other topics because any other topic is a part of some infrastructure and usually highly dependent on it.
In this topic, we'll talk about all network components security and global and local networks. It includes but is not limited to the following high-level topics:
- Information gathering and enumeration
- Network and security protocols
- Client and server security
- Network devices security
- Access control subsystems and remote access
- Encryption
- Wireless hacking
- Vulnerability identification and exploitation
- Tunneling
- Virtualization hacking
- SCADA systems hacking
- VoIP
- Mobile device management
It is usually easier to start with a relevant course or training if you don't have the necessary background to learn these topics on your own.
You can also add some more network devices to your lab later to practice attacks on various inter-device protocols and various techniques of network tunneling and so on.
Also, install various vulnerability scanners to try them in your lab and choose which you like most.
This is currently the most wide-spread topic and we would estimate around 75% of all penetration testing projects are aimed on web application or service security assessment.
Although the topic may seem very narrow at first, it is actually very broad due to the number of available platforms, frameworks, and technologies used. Additionally, web applications are often developed in-house and the development process is not standardized as well, as not all developers are aware about secure coding. Altogether, it brings a lot of opportunities for investigation and research for penetration testers such as standard vulnerability types and often much more interesting things like juicy flaws in application logic.
A good source to start is the book The Web Application Hacker's Handbook, Second Edition, Dafydd Stuttard and Marcus Pinto, Wiley. This book contains a lot of information not only on vulnerability types, but also on the process of web application security assessment as a whole.
Another must-know source of information in the current topic is the Open Web Application Security Project (OWASP). Visit https://www.owasp.org for more information. You should also check out the OWASP Top 10 and OWASP Testing Guide.
We recommend you to use the web applications installed in the lab and start filling Liferay Portal with content to analyze how it works. We also recommend you to install additional popular web applications like Kentico CMS, for example. If you know which web applications are popular in enterprise networks in your region, try installing and hacking them. It will be definitely an advantage when you proceed to real projects.
Mobile security is tightly connected to the web application security topic, but nevertheless stays apart. It includes both device and application security as well as overlaps with the mobile device management topic, which is a part of the infrastructure.
To start with the mobile device security topic, learn the architectures and security subsystems of the most popular mobile OSes (iOS, Android, Windows Phone, and Blackberry). Try to figure out the differences in the security concepts and system architecture between various platforms.
Some information can be found at the official websites of all the platforms, but the most information is available for Android as an open project. Windows phone is also pretty well documented.
The good generic sources of information on this topic are the OWASP Mobile Security Project (https://www.owasp.org/index.php/OWASP_Mobile_Security_Project) and the book The Mobile Application Hacker's Handbook, Wiley (http://eu.wiley.com/WileyCDA/WileyTitle/productCd-1118958500.html) by Dominic Chell, Tyrone Erasmus, Shaun Colley, and Ollie Whitehouse.
The last topic in our recommendation list is Internet of Things and embedded devices. It is not as popular as web applications yet, but it seems to becoming so. We can see that not only laptops, tablets, and mobile phones are connected to SOHO networks, but also smart fridges, coffee machines, TVs, audio systems, thermostats, and so on. They all have security flaws. Some of the flaws allow harmless pranks, some of them allow data leakage or hidden surveillance, and some of them allow attackers to get inside a network. It will be worse with the further popularity of IoT when almost all or maybe all electronic devices have Internet connections.
To go deep in this topic, we believe you should learn the other ones from our list first. Additionally, you might want to learn reverse engineering to be successful at device researches.
Of course, this list is not comprehensive and different people can divide topics a little bit differently, but the main point is to provide you with an idea of how and where.