Wednesday, January 11, 2012

My Profile in 2 years for best penetration tester

I will be a best penetration tester!!!
Below is my future skills.
I will get these skills step by step.




Technical Skills:

• Experience in black and white box penetration testing to identify system vulnerabilities and test security controls in firewalls, routers, IDS and IPS, and various types of servers, including Windows and UNIX Web, mail, FTP, DNS, Domain Controllers and applications hosted internally 
• Strong Web Application Assessment experience such as Cross Site Scripting, SQL Injection, Cookie Manipulation, Buffer Overflows
• Experience developing with Perl, Python, bash, C, C++, UNIX shell or Java
• Vulnerability Detection and Remediation
• Familiarity with penetration testing tools such as BackTrack, Nessus, nmap, MetaSpolit, vulnerability scanning tools, tcpdump, wireshark, NiktoQualys, AppScan, WebInspect
• Familiarity with Open Source Security Testing Methodology Manual (OSSTMM), Open Web Application Security Project (OWASP) and National Institute of Standards and Technology (NIST) Special Publications.
• Database administration, device configuration hardening and compliance verification experience.
• Familiarity with XML, SOAP, and Ajax
• Experience with wireless LAN security, including 802.11 standards
• In depth familiarity with Windows and Unix operating systems.
• Experience in with multiple OS such as Linux, Mac OSX, iOS, Blackberry, Android, HP-UX, Solaris, or Windows 
• Capacity to analyze and apply technology solutions which meet the security control requirements specified by FISMA, OMB, and NIST guidance. 
• Conduct onsite and remote Social Engineering testing including persuasion, phishing, mock websites, and telephone contact.
• Knowledge of security tools such as IDS/IPS, SIEM, Firewalls, WAF and Database monitoring.
• Working knowledge of JavaScript, AJAX, PHP, Perl, SOAP-based web Services and ability to perform code review in Java, C# and/or .Net.
Enterprise Solutions, Storage & Databases: advanced understanding of relational database, database management systems, enterprise storage solutions, and security concerns specific to these technologies.
• Web Servers: IIS, Apache, Lotus Domino, Sun Java System
• Technical knowledge in network security products, cryptographic suites and network/application firewalls
• Experience in evasion techniques to bypass firewalls, and intrusion detection
• Understanding of best-practice methodologies
• Perform wireless penetration testing using both collaborative and covert methods.
• Middleware software: Oracles WebLogic, IBMs WebSphere, Apache Tomcat
• Network Switching and Routing (Cisco).
• Physical and logical security audits
• Logical protocol and network traffic audits
• Troubleshooting
• Training of client staff




Consulting Skills:


• Standard operating procedures documents
• Formal policy and procedure documents
• Application assessment reports
•Independence: self-managed and motivated
•Team oriented
•Project Management: Takes responsibility for satisfaction of client assigned project
•BT Representative
•Technical writing and vulnerability research
•Public Speaking
•Scoping of clients testing effort


Required Certifications:

CEH - Certified Ethical Hacker(will get until 2012)
CISA - Certified Information Systems Auditor(will get until 2012)
SESW - SecurityTube Wi-Fi Security Expert(will get until 2012.02)
SMFE - SecurityTube Metasploit Framework Expert(will get until 2012)


=============Below is 2013 Goal==================

GWAPT - Web App Penetration testing and Ethical Hacking
GPEN - GIAC Certified Penetration Tester
OSCP - Offensive Security Certified Professional
CEPT - Certified Expert Penetration Tester
CPTE - Certified Penetration Testing Expert
CPTS - Certified Penetration Testing Specialist 
ECSA - EC-Council Certified Security Analyst
GIAC(Global Information Assurance Certification)