security testing - 1’; drop table user; · experience 2 years software developer >8 years...
TRANSCRIPT
![Page 1: Security Testing - 1’; drop table user; · Experience 2 years Software Developer >8 years Linux System Engineer 1½ years Information Security Management Hobbies Bouldering & hacking](https://reader033.vdocuments.net/reader033/viewer/2022050508/5f9932203b1a1c2f131f6f66/html5/thumbnails/1.jpg)
Security Testing | LWW18 | @droptableuser | https://droptableuser.me
Security Testing
An Overview
![Page 2: Security Testing - 1’; drop table user; · Experience 2 years Software Developer >8 years Linux System Engineer 1½ years Information Security Management Hobbies Bouldering & hacking](https://reader033.vdocuments.net/reader033/viewer/2022050508/5f9932203b1a1c2f131f6f66/html5/thumbnails/2.jpg)
Security Testing | LWW18 | @droptableuser | https://droptableuser.me
# whoami✪ Current
✭ Penetration Tester✭ Team Lead
✪ Experience✭ 2 years Software Developer✭ >8 years Linux System Engineer ✭ 1½ years Information Security Management
✪ Hobbies✭ Bouldering & hacking
2/45
![Page 3: Security Testing - 1’; drop table user; · Experience 2 years Software Developer >8 years Linux System Engineer 1½ years Information Security Management Hobbies Bouldering & hacking](https://reader033.vdocuments.net/reader033/viewer/2022050508/5f9932203b1a1c2f131f6f66/html5/thumbnails/3.jpg)
Security Testing | LWW18 | @droptableuser | https://droptableuser.me
1. Security Assessment2. Vulnerability Assessment3. Penetration Test
Agenda
3/45
![Page 4: Security Testing - 1’; drop table user; · Experience 2 years Software Developer >8 years Linux System Engineer 1½ years Information Security Management Hobbies Bouldering & hacking](https://reader033.vdocuments.net/reader033/viewer/2022050508/5f9932203b1a1c2f131f6f66/html5/thumbnails/4.jpg)
Security Testing | LWW18 | @droptableuser | https://droptableuser.me
Security Assessment
4/45
![Page 5: Security Testing - 1’; drop table user; · Experience 2 years Software Developer >8 years Linux System Engineer 1½ years Information Security Management Hobbies Bouldering & hacking](https://reader033.vdocuments.net/reader033/viewer/2022050508/5f9932203b1a1c2f131f6f66/html5/thumbnails/5.jpg)
Security Testing | LWW18 | @droptableuser | https://droptableuser.me
GoalImprove Security Posture
5/45
![Page 6: Security Testing - 1’; drop table user; · Experience 2 years Software Developer >8 years Linux System Engineer 1½ years Information Security Management Hobbies Bouldering & hacking](https://reader033.vdocuments.net/reader033/viewer/2022050508/5f9932203b1a1c2f131f6f66/html5/thumbnails/6.jpg)
Security Testing | LWW18 | @droptableuser | https://droptableuser.me
How and what?Methodology
● Paper exercise
Scope
● Processes and People● Systems, Organizations
6/45
![Page 7: Security Testing - 1’; drop table user; · Experience 2 years Software Developer >8 years Linux System Engineer 1½ years Information Security Management Hobbies Bouldering & hacking](https://reader033.vdocuments.net/reader033/viewer/2022050508/5f9932203b1a1c2f131f6f66/html5/thumbnails/7.jpg)
Security Testing | LWW18 | @droptableuser | https://droptableuser.me
How long, how often?Duration
● Hours to days
Repetition
● Yearly or before major changes
7/45
![Page 8: Security Testing - 1’; drop table user; · Experience 2 years Software Developer >8 years Linux System Engineer 1½ years Information Security Management Hobbies Bouldering & hacking](https://reader033.vdocuments.net/reader033/viewer/2022050508/5f9932203b1a1c2f131f6f66/html5/thumbnails/8.jpg)
Security Testing | LWW18 | @droptableuser | https://droptableuser.me
SDLC
8/45
![Page 9: Security Testing - 1’; drop table user; · Experience 2 years Software Developer >8 years Linux System Engineer 1½ years Information Security Management Hobbies Bouldering & hacking](https://reader033.vdocuments.net/reader033/viewer/2022050508/5f9932203b1a1c2f131f6f66/html5/thumbnails/9.jpg)
Security Testing | LWW18 | @droptableuser | https://droptableuser.me
Difference Audit - AssessmentAudit
● Singular event● Always third parties● Every few years● Compliance w/ standards and best practices
9/45
![Page 10: Security Testing - 1’; drop table user; · Experience 2 years Software Developer >8 years Linux System Engineer 1½ years Information Security Management Hobbies Bouldering & hacking](https://reader033.vdocuments.net/reader033/viewer/2022050508/5f9932203b1a1c2f131f6f66/html5/thumbnails/10.jpg)
Security Testing | LWW18 | @droptableuser | https://droptableuser.me
Vulnerability Assessment
10/45
![Page 11: Security Testing - 1’; drop table user; · Experience 2 years Software Developer >8 years Linux System Engineer 1½ years Information Security Management Hobbies Bouldering & hacking](https://reader033.vdocuments.net/reader033/viewer/2022050508/5f9932203b1a1c2f131f6f66/html5/thumbnails/11.jpg)
Security Testing | LWW18 | @droptableuser | https://droptableuser.me
GoalIdentify and classify vulnerabilities
11/45
![Page 12: Security Testing - 1’; drop table user; · Experience 2 years Software Developer >8 years Linux System Engineer 1½ years Information Security Management Hobbies Bouldering & hacking](https://reader033.vdocuments.net/reader033/viewer/2022050508/5f9932203b1a1c2f131f6f66/html5/thumbnails/12.jpg)
Security Testing | LWW18 | @droptableuser | https://droptableuser.me
How and what?Methodology
● Automated scanning
Scope
● Technology● Applications, systems, organizations
12/45
![Page 13: Security Testing - 1’; drop table user; · Experience 2 years Software Developer >8 years Linux System Engineer 1½ years Information Security Management Hobbies Bouldering & hacking](https://reader033.vdocuments.net/reader033/viewer/2022050508/5f9932203b1a1c2f131f6f66/html5/thumbnails/13.jpg)
Security Testing | LWW18 | @droptableuser | https://droptableuser.me
How long how often?Duration
● Hours to days
Repetition
● Quarterly or after major changes
13/45
![Page 14: Security Testing - 1’; drop table user; · Experience 2 years Software Developer >8 years Linux System Engineer 1½ years Information Security Management Hobbies Bouldering & hacking](https://reader033.vdocuments.net/reader033/viewer/2022050508/5f9932203b1a1c2f131f6f66/html5/thumbnails/14.jpg)
Security Testing | LWW18 | @droptableuser | https://droptableuser.me
SDLC
14/45
![Page 15: Security Testing - 1’; drop table user; · Experience 2 years Software Developer >8 years Linux System Engineer 1½ years Information Security Management Hobbies Bouldering & hacking](https://reader033.vdocuments.net/reader033/viewer/2022050508/5f9932203b1a1c2f131f6f66/html5/thumbnails/15.jpg)
Security Testing | LWW18 | @droptableuser | https://droptableuser.me
ToolsSemi automated scanners
● Network● Application● Source Code
15/45
![Page 16: Security Testing - 1’; drop table user; · Experience 2 years Software Developer >8 years Linux System Engineer 1½ years Information Security Management Hobbies Bouldering & hacking](https://reader033.vdocuments.net/reader033/viewer/2022050508/5f9932203b1a1c2f131f6f66/html5/thumbnails/16.jpg)
Security Testing | LWW18 | @droptableuser | https://droptableuser.me
Network Scanners● Nmap (https://nmap.org)
● OpenVAS (http://www.openvas.org/)
● Nessus (https://www.tenable.com/downloads/nessus)
16/45
![Page 17: Security Testing - 1’; drop table user; · Experience 2 years Software Developer >8 years Linux System Engineer 1½ years Information Security Management Hobbies Bouldering & hacking](https://reader033.vdocuments.net/reader033/viewer/2022050508/5f9932203b1a1c2f131f6f66/html5/thumbnails/17.jpg)
Security Testing | LWW18 | @droptableuser | https://droptableuser.me
Application Scanners● OWASP Zap (https://github.com/zaproxy/zaproxy)
● SQLmap (http://sqlmap.org/)
● BurpSuite (https://portswigger.net/burp)
17/45
![Page 18: Security Testing - 1’; drop table user; · Experience 2 years Software Developer >8 years Linux System Engineer 1½ years Information Security Management Hobbies Bouldering & hacking](https://reader033.vdocuments.net/reader033/viewer/2022050508/5f9932203b1a1c2f131f6f66/html5/thumbnails/18.jpg)
Security Testing | LWW18 | @droptableuser | https://droptableuser.me
Source Code Scanners ● Myriad of tools
○ Static ■ Style■ Conventions■ Standards
○ Dynamic■ Logic bugs
18/45
![Page 19: Security Testing - 1’; drop table user; · Experience 2 years Software Developer >8 years Linux System Engineer 1½ years Information Security Management Hobbies Bouldering & hacking](https://reader033.vdocuments.net/reader033/viewer/2022050508/5f9932203b1a1c2f131f6f66/html5/thumbnails/19.jpg)
Security Testing | LWW18 | @droptableuser | https://droptableuser.me
Static - Benefits● Output understandable for developers● Scales well● Integrated in IDE
19/45
![Page 20: Security Testing - 1’; drop table user; · Experience 2 years Software Developer >8 years Linux System Engineer 1½ years Information Security Management Hobbies Bouldering & hacking](https://reader033.vdocuments.net/reader033/viewer/2022050508/5f9932203b1a1c2f131f6f66/html5/thumbnails/20.jpg)
Security Testing | LWW18 | @droptableuser | https://droptableuser.me
Dynamic - Benefits● Temporal information● Runtime checks
20/45
![Page 21: Security Testing - 1’; drop table user; · Experience 2 years Software Developer >8 years Linux System Engineer 1½ years Information Security Management Hobbies Bouldering & hacking](https://reader033.vdocuments.net/reader033/viewer/2022050508/5f9932203b1a1c2f131f6f66/html5/thumbnails/21.jpg)
Security Testing | LWW18 | @droptableuser | https://droptableuser.me
Static - Drawbacks● Can’t find configuration issues● False-positives● Hard to proof
21/45
![Page 22: Security Testing - 1’; drop table user; · Experience 2 years Software Developer >8 years Linux System Engineer 1½ years Information Security Management Hobbies Bouldering & hacking](https://reader033.vdocuments.net/reader033/viewer/2022050508/5f9932203b1a1c2f131f6f66/html5/thumbnails/22.jpg)
Security Testing | LWW18 | @droptableuser | https://droptableuser.me
Dynamic - Drawbacks● Coverage difficult
22/45
![Page 23: Security Testing - 1’; drop table user; · Experience 2 years Software Developer >8 years Linux System Engineer 1½ years Information Security Management Hobbies Bouldering & hacking](https://reader033.vdocuments.net/reader033/viewer/2022050508/5f9932203b1a1c2f131f6f66/html5/thumbnails/23.jpg)
Security Testing | LWW18 | @droptableuser | https://droptableuser.me
Penetration Testing
23/45
![Page 24: Security Testing - 1’; drop table user; · Experience 2 years Software Developer >8 years Linux System Engineer 1½ years Information Security Management Hobbies Bouldering & hacking](https://reader033.vdocuments.net/reader033/viewer/2022050508/5f9932203b1a1c2f131f6f66/html5/thumbnails/24.jpg)
Security Testing | LWW18 | @droptableuser | https://droptableuser.me
Goal
24/45
Identify and exploit vulnerabilities while evading counter measures
![Page 25: Security Testing - 1’; drop table user; · Experience 2 years Software Developer >8 years Linux System Engineer 1½ years Information Security Management Hobbies Bouldering & hacking](https://reader033.vdocuments.net/reader033/viewer/2022050508/5f9932203b1a1c2f131f6f66/html5/thumbnails/25.jpg)
Security Testing | LWW18 | @droptableuser | https://droptableuser.me
How and what?Methodology
● Automated scanning & manual exploitation
Scope
● Technology● Applications, systems, organizations
25/45
![Page 26: Security Testing - 1’; drop table user; · Experience 2 years Software Developer >8 years Linux System Engineer 1½ years Information Security Management Hobbies Bouldering & hacking](https://reader033.vdocuments.net/reader033/viewer/2022050508/5f9932203b1a1c2f131f6f66/html5/thumbnails/26.jpg)
Security Testing | LWW18 | @droptableuser | https://droptableuser.me
How long, how often?Duration
● Days to weeks
Repetition
● Yearly or after major changes
26/45
![Page 27: Security Testing - 1’; drop table user; · Experience 2 years Software Developer >8 years Linux System Engineer 1½ years Information Security Management Hobbies Bouldering & hacking](https://reader033.vdocuments.net/reader033/viewer/2022050508/5f9932203b1a1c2f131f6f66/html5/thumbnails/27.jpg)
Security Testing | LWW18 | @droptableuser | https://droptableuser.me
SDLC
27/45
![Page 28: Security Testing - 1’; drop table user; · Experience 2 years Software Developer >8 years Linux System Engineer 1½ years Information Security Management Hobbies Bouldering & hacking](https://reader033.vdocuments.net/reader033/viewer/2022050508/5f9932203b1a1c2f131f6f66/html5/thumbnails/28.jpg)
Security Testing | LWW18 | @droptableuser | https://droptableuser.me
Phases of a Pentest1. Pre-engagement2. Intelligence Gathering3. Threat Modeling4. Vulnerability Analysis5. Exploitation6. Post Exploitation7. Reporting
28/45
![Page 29: Security Testing - 1’; drop table user; · Experience 2 years Software Developer >8 years Linux System Engineer 1½ years Information Security Management Hobbies Bouldering & hacking](https://reader033.vdocuments.net/reader033/viewer/2022050508/5f9932203b1a1c2f131f6f66/html5/thumbnails/29.jpg)
Security Testing | LWW18 | @droptableuser | https://droptableuser.me
Pre-Engagement● Permission to Attack● Rules of Engagement● Communication● Contract● Type of Penetration Test● 3rd Parties
29/45
![Page 30: Security Testing - 1’; drop table user; · Experience 2 years Software Developer >8 years Linux System Engineer 1½ years Information Security Management Hobbies Bouldering & hacking](https://reader033.vdocuments.net/reader033/viewer/2022050508/5f9932203b1a1c2f131f6f66/html5/thumbnails/30.jpg)
Security Testing | LWW18 | @droptableuser | https://droptableuser.me
ToolsWord. Microsoft Word
30/45
![Page 31: Security Testing - 1’; drop table user; · Experience 2 years Software Developer >8 years Linux System Engineer 1½ years Information Security Management Hobbies Bouldering & hacking](https://reader033.vdocuments.net/reader033/viewer/2022050508/5f9932203b1a1c2f131f6f66/html5/thumbnails/31.jpg)
Security Testing | LWW18 | @droptableuser | https://droptableuser.me
Intelligence Gathering● OSINT● Footprinting● HUMINT
31/45
![Page 32: Security Testing - 1’; drop table user; · Experience 2 years Software Developer >8 years Linux System Engineer 1½ years Information Security Management Hobbies Bouldering & hacking](https://reader033.vdocuments.net/reader033/viewer/2022050508/5f9932203b1a1c2f131f6f66/html5/thumbnails/32.jpg)
Security Testing | LWW18 | @droptableuser | https://droptableuser.me
Tools● https://github.com/digininja/CloudStorageFinder● https://punk.sh/#/● https://github.com/smicallef/spiderfoot
32/45
![Page 33: Security Testing - 1’; drop table user; · Experience 2 years Software Developer >8 years Linux System Engineer 1½ years Information Security Management Hobbies Bouldering & hacking](https://reader033.vdocuments.net/reader033/viewer/2022050508/5f9932203b1a1c2f131f6f66/html5/thumbnails/33.jpg)
Security Testing | LWW18 | @droptableuser | https://droptableuser.me
hunter.io
33/45
![Page 34: Security Testing - 1’; drop table user; · Experience 2 years Software Developer >8 years Linux System Engineer 1½ years Information Security Management Hobbies Bouldering & hacking](https://reader033.vdocuments.net/reader033/viewer/2022050508/5f9932203b1a1c2f131f6f66/html5/thumbnails/34.jpg)
Security Testing | LWW18 | @droptableuser | https://droptableuser.me
Recon-ng
34/45
![Page 35: Security Testing - 1’; drop table user; · Experience 2 years Software Developer >8 years Linux System Engineer 1½ years Information Security Management Hobbies Bouldering & hacking](https://reader033.vdocuments.net/reader033/viewer/2022050508/5f9932203b1a1c2f131f6f66/html5/thumbnails/35.jpg)
Security Testing | LWW18 | @droptableuser | https://droptableuser.me
Threat Modeling● Examine relevant data● Identify assets● Map assets/threats
35/45
![Page 36: Security Testing - 1’; drop table user; · Experience 2 years Software Developer >8 years Linux System Engineer 1½ years Information Security Management Hobbies Bouldering & hacking](https://reader033.vdocuments.net/reader033/viewer/2022050508/5f9932203b1a1c2f131f6f66/html5/thumbnails/36.jpg)
Security Testing | LWW18 | @droptableuser | https://droptableuser.me
Vulnerability Analysis
● Network Scanners● General Vulnerability Scanners● Traffic Monitoring● Metadata Analysis
36/45
![Page 37: Security Testing - 1’; drop table user; · Experience 2 years Software Developer >8 years Linux System Engineer 1½ years Information Security Management Hobbies Bouldering & hacking](https://reader033.vdocuments.net/reader033/viewer/2022050508/5f9932203b1a1c2f131f6f66/html5/thumbnails/37.jpg)
Security Testing | LWW18 | @droptableuser | https://droptableuser.me
Tools● Nmap scripts
○ nmap --script smb-vuln*○ ls /usr/share/nmap/scripts
● Wireshark (https://www.wireshark.org/)● OpenVAS● Nikto (https://cirt.net/Nikto2)● wp_scan (https://wpscan.org/)● OWASP ZAP (prev. Dirbuster)● Gobuster (https://github.com/OJ/gobuster)● …
37/45
![Page 38: Security Testing - 1’; drop table user; · Experience 2 years Software Developer >8 years Linux System Engineer 1½ years Information Security Management Hobbies Bouldering & hacking](https://reader033.vdocuments.net/reader033/viewer/2022050508/5f9932203b1a1c2f131f6f66/html5/thumbnails/38.jpg)
Security Testing | LWW18 | @droptableuser | https://droptableuser.me
Exploitation● Get initial foothold● Circumvent security measure● precision
38/45
![Page 39: Security Testing - 1’; drop table user; · Experience 2 years Software Developer >8 years Linux System Engineer 1½ years Information Security Management Hobbies Bouldering & hacking](https://reader033.vdocuments.net/reader033/viewer/2022050508/5f9932203b1a1c2f131f6f66/html5/thumbnails/39.jpg)
Security Testing | LWW18 | @droptableuser | https://droptableuser.me
Tools● Metasploit● DIY
39/45
![Page 40: Security Testing - 1’; drop table user; · Experience 2 years Software Developer >8 years Linux System Engineer 1½ years Information Security Management Hobbies Bouldering & hacking](https://reader033.vdocuments.net/reader033/viewer/2022050508/5f9932203b1a1c2f131f6f66/html5/thumbnails/40.jpg)
Security Testing | LWW18 | @droptableuser | https://droptableuser.me
Post-Exploitation● Rules of Engagement
○ Protect the client○ Protect yourself
● Infrastructure Analysis● Pillaging● Data Exfiltration● Persistence● Further Penetration● Cleanup
40/45
![Page 41: Security Testing - 1’; drop table user; · Experience 2 years Software Developer >8 years Linux System Engineer 1½ years Information Security Management Hobbies Bouldering & hacking](https://reader033.vdocuments.net/reader033/viewer/2022050508/5f9932203b1a1c2f131f6f66/html5/thumbnails/41.jpg)
Security Testing | LWW18 | @droptableuser | https://droptableuser.me
Tools● nmap● Metasploit● DIY
41/45
![Page 42: Security Testing - 1’; drop table user; · Experience 2 years Software Developer >8 years Linux System Engineer 1½ years Information Security Management Hobbies Bouldering & hacking](https://reader033.vdocuments.net/reader033/viewer/2022050508/5f9932203b1a1c2f131f6f66/html5/thumbnails/42.jpg)
Security Testing | LWW18 | @droptableuser | https://droptableuser.me
Reporting● Objectives, Methods, Results● CVSS3 Scores
This is what you buy!
42/45
![Page 43: Security Testing - 1’; drop table user; · Experience 2 years Software Developer >8 years Linux System Engineer 1½ years Information Security Management Hobbies Bouldering & hacking](https://reader033.vdocuments.net/reader033/viewer/2022050508/5f9932203b1a1c2f131f6f66/html5/thumbnails/43.jpg)
Security Testing | LWW18 | @droptableuser | https://droptableuser.me
Executive Summary● Background● Posture● Risk Profile● General Findings● Recommendation/Roadmap
43/45
![Page 44: Security Testing - 1’; drop table user; · Experience 2 years Software Developer >8 years Linux System Engineer 1½ years Information Security Management Hobbies Bouldering & hacking](https://reader033.vdocuments.net/reader033/viewer/2022050508/5f9932203b1a1c2f131f6f66/html5/thumbnails/44.jpg)
Security Testing | LWW18 | @droptableuser | https://droptableuser.me
Technical Report● Introduction● Information gathered● Vulnerabilities found● Exploitations● Risks● Conclusion
44/45
![Page 45: Security Testing - 1’; drop table user; · Experience 2 years Software Developer >8 years Linux System Engineer 1½ years Information Security Management Hobbies Bouldering & hacking](https://reader033.vdocuments.net/reader033/viewer/2022050508/5f9932203b1a1c2f131f6f66/html5/thumbnails/45.jpg)
Security Testing | LWW18 | @droptableuser | https://droptableuser.me
Tools● Dradis (https://dradisframework.com/ce/)● Latex● Most probably: Word. Again.
45/45
![Page 46: Security Testing - 1’; drop table user; · Experience 2 years Software Developer >8 years Linux System Engineer 1½ years Information Security Management Hobbies Bouldering & hacking](https://reader033.vdocuments.net/reader033/viewer/2022050508/5f9932203b1a1c2f131f6f66/html5/thumbnails/46.jpg)
Security Testing | LWW18 | @droptableuser | https://droptableuser.me
How to get started?
Bonus Slides
![Page 47: Security Testing - 1’; drop table user; · Experience 2 years Software Developer >8 years Linux System Engineer 1½ years Information Security Management Hobbies Bouldering & hacking](https://reader033.vdocuments.net/reader033/viewer/2022050508/5f9932203b1a1c2f131f6f66/html5/thumbnails/47.jpg)
Security Testing | LWW18 | @droptableuser | https://droptableuser.me
Books● Penetration Testing - Georgia Weidman
https://nostarch.com/pentesting● The Web Application Hacker's Handbook: Finding and
Exploiting Security Flaws● Black Hat Python - Justin Seitz
https://nostarch.com/blackhatpython● PoC||GTFO - Manul Laphroaig https://nostarch.com/gtfo● …
![Page 48: Security Testing - 1’; drop table user; · Experience 2 years Software Developer >8 years Linux System Engineer 1½ years Information Security Management Hobbies Bouldering & hacking](https://reader033.vdocuments.net/reader033/viewer/2022050508/5f9932203b1a1c2f131f6f66/html5/thumbnails/48.jpg)
Security Testing | LWW18 | @droptableuser | https://droptableuser.me
Virtual Machineshttps://github.com/Sliim/pentest-lab
https://github.com/bkimminich/juice-shop
More on:
https://www.abatchy.com/2017/02/oscp-like-vulnhub-vms
![Page 49: Security Testing - 1’; drop table user; · Experience 2 years Software Developer >8 years Linux System Engineer 1½ years Information Security Management Hobbies Bouldering & hacking](https://reader033.vdocuments.net/reader033/viewer/2022050508/5f9932203b1a1c2f131f6f66/html5/thumbnails/49.jpg)
Security Testing | LWW18 | @droptableuser | https://droptableuser.me
Wargames/Platforms● http://OverTheWire.org● http://hackthebox.eu● https://www.wechall.net/active_sites
![Page 50: Security Testing - 1’; drop table user; · Experience 2 years Software Developer >8 years Linux System Engineer 1½ years Information Security Management Hobbies Bouldering & hacking](https://reader033.vdocuments.net/reader033/viewer/2022050508/5f9932203b1a1c2f131f6f66/html5/thumbnails/50.jpg)
Security Testing | LWW18 | @droptableuser | https://droptableuser.me
Writeups/Walkthroughs● IPPSec’s Youtube Channel
https://www.youtube.com/channel/UCa6eh7gCkpPo5XXUDfygQQA/playlists
![Page 51: Security Testing - 1’; drop table user; · Experience 2 years Software Developer >8 years Linux System Engineer 1½ years Information Security Management Hobbies Bouldering & hacking](https://reader033.vdocuments.net/reader033/viewer/2022050508/5f9932203b1a1c2f131f6f66/html5/thumbnails/51.jpg)
Security Testing | LWW18 | @droptableuser | https://droptableuser.me
How not to get started!
![Page 52: Security Testing - 1’; drop table user; · Experience 2 years Software Developer >8 years Linux System Engineer 1½ years Information Security Management Hobbies Bouldering & hacking](https://reader033.vdocuments.net/reader033/viewer/2022050508/5f9932203b1a1c2f131f6f66/html5/thumbnails/52.jpg)
Security Testing | LWW18 | @droptableuser | https://droptableuser.me
WRONG: An error means it didn’t workOften an error is the result of a successful exploit.
![Page 53: Security Testing - 1’; drop table user; · Experience 2 years Software Developer >8 years Linux System Engineer 1½ years Information Security Management Hobbies Bouldering & hacking](https://reader033.vdocuments.net/reader033/viewer/2022050508/5f9932203b1a1c2f131f6f66/html5/thumbnails/53.jpg)
Security Testing | LWW18 | @droptableuser | https://droptableuser.me
Spending too much time learning reversing/exploit writing instead of assessing systems, mobile and web
Though really, really awesome these spots are already filled usually. Mobile and web will get you the job.
![Page 54: Security Testing - 1’; drop table user; · Experience 2 years Software Developer >8 years Linux System Engineer 1½ years Information Security Management Hobbies Bouldering & hacking](https://reader033.vdocuments.net/reader033/viewer/2022050508/5f9932203b1a1c2f131f6f66/html5/thumbnails/54.jpg)
Security Testing | LWW18 | @droptableuser | https://droptableuser.me
Reading a lot of security news without going in depth
Reproduce an exploit, or write one from the diff.
![Page 55: Security Testing - 1’; drop table user; · Experience 2 years Software Developer >8 years Linux System Engineer 1½ years Information Security Management Hobbies Bouldering & hacking](https://reader033.vdocuments.net/reader033/viewer/2022050508/5f9932203b1a1c2f131f6f66/html5/thumbnails/55.jpg)
Security Testing | LWW18 | @droptableuser | https://droptableuser.me
Spending too much time building the perfect lab/laptop/…Simply don’t.
![Page 56: Security Testing - 1’; drop table user; · Experience 2 years Software Developer >8 years Linux System Engineer 1½ years Information Security Management Hobbies Bouldering & hacking](https://reader033.vdocuments.net/reader033/viewer/2022050508/5f9932203b1a1c2f131f6f66/html5/thumbnails/56.jpg)
Security Testing | LWW18 | @droptableuser | https://droptableuser.me
Not writing code/scriptYou should be able to code, to talk to software engineers as peers.