For the people that they want to make a start into the penetration testing industry it is really important to build their knowledge in a structure way. Books can provide guidance and build the foundation knowledge that is required for a start.
In nowadays there are plenty of books written by penetration testers for penetration testers that provide technical examples so it would be easier for the reader to understand them and obtain as well some practical skills.
The skills that someone will require by reading a technical book and following the examples in his home lab environment will not only be useful for a potential job interview but on his day to day job as well.
As a starting point the following books are recommended:
One of the questions that university students with an interest in the field of penetration test are having is how they can keep up to date with the latest news, tools and techniques. The answer is simple since the majority of the InfoSec people exist on Twitter and they use it as a platform for sharing knowledge, tools and ideas.
If a major vulnerability is discovered or there is a data breach then this is going to be discussed over Twitter. It is really important to follow the correct people so you can have all the latest news on your timeline.
It is recommended to create a Twitter account if you don’t have already one and to follow the accounts below:
There are interview questions that will possibly come up more often than others. The majority of the companies will look for candidates that they can demonstrate knowledge regarding networking concepts, some common web application vulnerabilities, they know how to perform basic tasks. are familiar with console commands and they have the passion to learn.
The following questions have been identified as the most common for junior penetration testing roles, so candidates who are able to answer them correctly they have more chances of being successful.
- What are the differences between TCP and UDP?
- Describe the 3-way handshake?
- Describe the layers of OSI model and knowledge some of the protocols for each layer?
- What are the differences between a hub a switch and a router?
- What is a port?
- What is SSL?
- What are the differences between symmetric and asymmetric encryption?
- What is SQL injection?
- What is Cross-Site Scripting?
- How you could perform a TCP scan with Nmap?