It is difficult sometimes for someone without any experience that he wants to join the field of the penetration testing to establish which tools he should know as a starting point. Based on what the industry usually expects from rookies during the interview or in their first year if they join the company that is hiring, the following list has been created as a pointer with the most common tools.
These tools can cover the basics in an infrastructure and in a web application penetration test. Of course all of these should be used in a safe lab environment and not across the Internet.
Most of the penetration testers have their own blog or website where they share their research, techniques or personal tools. Keeping a list of well-known blogs to follow it will allow you to learn about a specific technique which it cannot be found on books or a new script that will assist you during your daily penetration testing activities.
Below is a list of some of the most popular blogs which are recommended to follow and read:
For the people that they want to make a start into the penetration testing industry it is really important to build their knowledge in a structure way. Books can provide guidance and build the foundation knowledge that is required for a start.
In nowadays there are plenty of books written by penetration testers for penetration testers that provide technical examples so it would be easier for the reader to understand them and obtain as well some practical skills.
The skills that someone will require by reading a technical book and following the examples in his home lab environment will not only be useful for a potential job interview but on his day to day job as well.
As a starting point the following books are recommended:
One of the questions that university students with an interest in the field of penetration test are having is how they can keep up to date with the latest news, tools and techniques. The answer is simple since the majority of the InfoSec people exist on Twitter and they use it as a platform for sharing knowledge, tools and ideas.
If a major vulnerability is discovered or there is a data breach then this is going to be discussed over Twitter. It is really important to follow the correct people so you can have all the latest news on your timeline.
It is recommended to create a Twitter account if you don’t have already one and to follow the accounts below: