Ask HN: How do I get into pen test as a developer?

by waspight on 1/22/2023, 5:28:02 PM with 2 comments
Earlier this week someone asked why devs seems to not care too much about secure development. I figured that it must be because there is no positive feedback if a system is secure. Only negative feedback when it isn’t.

So as a developer I would like to gain more knowledge about how pentesters usually work, so that I can continuously test my own implementations. And because I am curious ofc. Is there any good sources out there?

  • by 4RealFreedom on 1/22/2023, 6:02:29 PM

    First, make sure you know OSs and TCP/IP. Having a firm grasp of these will help immeasurably. After that move on to some war gaming sites. I used https://www.hackthissite.org/ around 10 years ago. Don't know if it's still as good as it used to be. Any war gaming sites will help. Finally, depending on the structure of your company, try to get involved at your current job. Volunteer to help with any pen testing going on. I've used external companies for most pen testing but someone has to communicate with them and analyze the results.

  • by barbazoo on 1/22/2023, 5:43:11 PM

    Microsoft has some useful entrypoints [0] such as the OWASP Top Ten [1]

    [0] https://learn.microsoft.com/en-us/azure/security/fundamental...

    [1] https://owasp.org/www-project-top-ten/