Thanks to bad people’ and the mainstream media, the term ‘hacking’ or ‘hacker’ usually viewed as a negative thing to the public. Now, we have a term called ‘Ethical hacker’ to differentiate the good and the bad one.
An ethical hacker is a computer and networking expert who systematically attempts to do a penetration testing.
Penetration testing or pentest is an authorized attack on a computer system in order to find the vulnerability and protect it from malicious hackers.
More role of security and penetration tester:
Crackers are those who break into the system and destroys
Script kiddies/pocket monkeys are young inexperienced hackers and mainly copy codes and techniques from knowledgeable hacker
Programming languages used by experienced penetration testers:
- Practical Extraction and Report Language (Perl)
- C
- Python
Tiger box is a collection of OSs and hacking tools
Questions to explore
Why do we need penetration testing?
Every system must have a vulnerability, even if it updated every time, it still has. We need a penetration testing to keep improving the system and of course protecting it from malicious hackers.
What is the market value of penetration tester?
According to Payscale, the median salary for a Penetration Tester is $71,929 (2014 figures). Overall, you can expect to take home a total pay of $44,220 – $117,398. This includes your base annual salary, bonuses, profit sharing, tips, commissions, overtime pay and other forms of cash earnings, as applicable.
Is penetration test legal? How about in Indonesia?
Legalization of pentest are different in some countries. Some legalize it and some not, depending on their law. In this case, Indonesia actually legalizes it. It is written UU ITE article 34.
Penetration testing process
- Define the scope of test > It’s like the 5w1H
- Performing the test
- Reporting and delivering the result
Kali Linux Testing Methodology
- Target scoping
- Information gathering
- Target discovery
- Enumerating target
- Vulnerability mapping
- Social engineering
- Target exploitation
- Privilege escalation
- Maintaining access
- Documentation and reporting