Introduction

In this story, I will share about How To Become A Penetration Tester based on my experience. you can learn about introduction to penetration testing, penetration testing phases, useful resources and some tips from me to improving your skills. hopefully this story can help you to be a good penetration tester.

Understanding Penetration Testing And Phases

Penetration Testing also known as Pentesting, is a activity to knowing potential vulnerability in the system. the actor who doing pentesting called as a Penetration Tester or Pentester. Pentesting is a proactive and authorized approach to evaluating the security of a computer system, network, or application by simulating cyberattacks.

Penetration Testing Phases

Penetration Testing have some element inside, in the picture above have 6 common phases in penetration testing, let’s find out about it!

Pre-Engagement Phase

First of all, we need to understand about engagement requirements. this phase is often skipped, even through this phase can help you to secure the testing process. the engagement such as Scope, Whitelist, methodologies, and rules of testing that agreed with the client.

Scope
Scope is a point or main target of the penetration testing process. for example, the client want to testing the application with example.com domain. here we know that the example.com domain is a scope or main target you must test.

Whitelist
Whitelist is a authorized scope and just pentester can access this scope. this is can prevent from another attack (ilegal hackers) during penetration testing process.

Methodologies
Methodologies in pentetration testing refers to approach used by penetration tester to systematically evaluate the security of system.

Reconnaissance Phase

In this phase is the first step of pentester during testing the system, pentester will collect all of information about the target (In Scope). a lot information obtained by pentester can make higher the potential for pentester to discover vulnerabilities.

Vulnerability Identification

in this phase the pentester identifies target and maps attack verctors from any result of information obtained during reconnaissance phase then pentester can use the information to attack during penetration testing.

Exploitation

in this phase the pentester start to test the exploits found from the system. this is way to pentester see how far they can get into system environtment and identify the potential risks or impact to about target.

Remediation and Reporting

In this phase the pentester create a Remediation or solution according to finding of vulnerabilites. remediation will included in the report of finding vulnerability and it falls within the organization’s/client responsibilities.

Improving Your Skills

The Element you must know

The Penetration Tester must have a knowledge about understanding system works, attacking method, and know addition programming language to help you discover vunlnerabilities and exploit development.

Tips:

if you focus on Web Application Testing, you can learn how to build a website to know about common element and web application works.

you can also learn common programming language for building website such as html,php,javascript, and other language. these are the points can help you to understand the system.

Learn About OWASP TOP 10

OWASP TOP 10 is a list of 10 most common and critical web application vulnerabilities. OWASP, which stands for Open Web Application Security Project, is a global community focused on web application security. you can refer to this when you testing web application.

Capture The Flag

Capture The Flag is the best way to improving skills. you can join Capture The Flag from any platform such as HackThebox and TryHackMe. the both of these platform is recommended for improving your skills, gaining new knowledge, and insight because every labs or machine design with existed vulnerability and LEGAL.

Bug Bounty

Bug Bounty will give you benefit or rewards from each vulnerability discovered, of course it’s will be interesting to improving skill with earn money. you can also read “Bug Bounty Writeups” to understand how they can find vulnearbility from the target.

Join Into Community

There is a lot of community that focused in cyber security, you can try to find out community in your region and start to sharing and interact with them because with the good community you can learn everything for free.

Taking a Certification

Taking a certification is a great way to demonstrate your expertise and knowledge in the field of penetration testing. it’s important to assess your current knowledge and experience level and this is good to improving your skills to be better.

Useful Resource To Improving Skills

Youtube

• https://www.youtube.com/c/TheCyberMentor
• https://www.youtube.com/c/Tech69YT
• https://www.youtube.com/c/HackerSploit
• https://www.youtube.com/c/JohnHammond010
• https://www.youtube.com/c/LiveOverflow

Blog / Articles

• https://latesthackingnews.com/
• https://infosecwriteups.com/tagged/penetration-testing
• https://pentester.land/writeups/

CheatSheet

• https://viperone.gitbook.io/
• https://book.hacktricks.xyz/
• https://www.ired.team/offensive-security-experiments/offensive-security-cheetsheets

Practical

• https://app.hackthebox.com/
• https://tryhackme.com/
• https://picoctf.org/
• https://portswigger.net/web-security

Conclusion

Some of the points above are the things that i practice to improve my skills and hopefully it’s can be useful for your career in penetration testing.