We cover how to get into Security Testing, a brief look into the mindset of security testing, and share resources to allow you to start Security Testing ethically, legally, and without making your Sys Admins angry.
- Resources and tools!
- Being legal and ethical
- Check your local laws – in the UK/EU/US it’s illegal to hack a production site
- There are some fake sites to train/practice this testing:
- If you’re bringing this testing into your workplace, seek permission first
- Talk to your system admins/security team/technical team/line manager
- Get a quarantined environment to work on
- Take a backup on the environment first
- Warn your sys admin team before you start crawling sites/running reports – they may have logging and be alerted to suspicious behaviour (and do you ever really want to piss off your sys admins?)