Sign in Subscribe

pentester

Business will expect you to support them in non-pentesting activities...

Business will expect you to support them in non-pentesting activities...

...supporting business will help you learn the big picture and will make you better. Don't skip it, when asked. Third in the 'things no pentest course will teach you' series, this post talks about activities that a pentester can support a business into, and how a pentester will benefit out of them.

To business, pen-testers are like jumbo-jets...

To business, pen-testers are like jumbo-jets...

...profitable only when on-air, expensive when in hanger. Second in the 'things no pentest course will teach you' series, this post talks about how business looks at pentesters, and what a pentester needs to keep in mind during their career.

Not every customer wants you to become domain admin...

Not every customer wants you to become domain admin...

...and other truths that no pen-testing course will teach you. Penetration testing (and security assessments in general) has evolved a lot in the last decade or so. This series of posts is about the other side of the fence.

You are one cog in the wheel...

You are one cog in the wheel...

Pen-tester is a very important role in a pen-testing business. However, there are other people and skills required before the business takes off and money starts rolling in. Read on to know more...

6 elements that every penetration test report must have

6 elements that every penetration test report must have

Customer pays for the report, not for pentest. Here are the 6 important items that must be present in every penetration test report. Have a read.

Don't focus on admin certs when you want to become a Pentester. However...

Don't focus on admin certs when you want to become a Pentester. However...

focussing on administrative certifications while aiming to be a pentester - could be a waste of time. I try to explain 'why' and 'what to do instead' in this post.

You are not getting value from pen-tests. Here are 5 reasons why.

You are not getting value from pen-tests. Here are 5 reasons why.

Penetration testing is a part of most of security regulations now. However, regulatory compliance need not be the only value proposition.As a customer, there could be 5 reasons why you are unable to get more value out of pen-tests. Have a read.

Try these tools to prepare your pentest report

Try these tools to prepare your pentest report

Everyone dreads preparing report, post-work. However, it is extremely important for the

Vulnerability, Control, and Risk are not same

where-is-the-risk

Vulnerability, Control, and Risk are not same

As Pentester, auditor, or risk assessor, it is important to understand difference

'Lack of CAPTCHA' is not always a valid vulnerability or risk

where-is-the-risk

'Lack of CAPTCHA' is not always a valid vulnerability or risk

CAPTCHA is a valid security control. However, lack of it may not be a valid vulnerability in all cases and 'lack of CAPTCHA' is definitely not a risk. May be part of risk.

Risks of a cybersecurity career

Risks of a cybersecurity career

Cybersecurity is one of buzz-words promising the la-la land these days. Everyone is running towards it. However, it will help if one is aware of the 2 big risks.

A Day in a Pen-tester’s life

A Day in a Pen-tester’s life

My 2 cents on a day in a pentester's life, from the vantage point of someone who does it (sometimes) but observes it (a lot). TLDR - it is not all pentesting!