Code and Things

This is a blog for me to write down my thoughts about projects I work on.

Penetration Testing

In the field computer science, technology is ever changing and engineers need to stay relevant. To do that, we have to continue looking into new things that come out even if our current positions don’t require it. I’ve had an interest in security for years, and after discovering a podcast about computers and security Security Now, I realized I wanted more structured learning than passive reading and listening could provide. Security Now had a sponsor, IT PRO TV, that offered online learning content relevant to my interests. I decided to look into them and found a class on Penetration Testing, which is all about Ethical Hacking, a subject that is very important in the industry right now but very undervalued.

Penetration testing has always appealed to me because it is not necessarily a tester’s job to fix the problems; they are just supposed to find weaknesses and vulnerabilities and report them to the owner so the holes can be closed. Much of penetration testing can be accomplished with pre existing scripts, but many more complex things can be tested using only a basic understanding of programming. This course helped me utilize my skills in programming to build my previous simple understanding of penetration testing into a more complex one, filling in the gaps of my knowledge.

The class I took has a lot of good information broken down in smaller pieces with great examples and notes. I look forward to sitting down and watching each new class offered in the series. The Penetration Class has courses from basic information on setup and operation of penetration testing, to Buffer overflows, XSS, and SQL injection. I intend to use this knowledge to help my current employer and future employers by testing their software and infrastructure via penetration testing. I also have a much better understanding of how these exploits work, making me a better programmer because I can visualize the problems as I code and not find them as an afterthought.

Moving forward, there are many other classes that are related and may be very useful to me. To start, I want to learn more about Kali Linux which is the Pentesting OS of choice – it is linux, but with a lot of useful tools and scripts preloaded. There are also interesting classes on basics which would be nice to brush up on, such as bash scripting and python. I have also started setting up my own laptop to practice the skills I have learned. I am hopeful that when I finish my classes and implement my new knowledge, I can help my current company test our systems better.