Penetration tests (or pentests, in short) are simulated attacks carried out in a controlled environment by third-party security specialists. A pentest will reveal whether an organization is potentially vulnerable to cyberattacks and provides recommendations on how to strengthen its security posture. Given today’s ever evolving cyberthreat landscapes, penetration tests have become one of the most-commonly known security tactics to help organizations uncover critical vulnerabilities, strengthen their security defenses and meet compliance requirements such as PCI DSS.
Related post: Top 7 Cyber Security Resources
There is a large demand for skilled professional penetration testers or so-called ‘ethical hackers’, and more and more security professionals pursue relevant certifications such as Certified Ethical Hacker (C|EH), Licensed Penetration Tester (LPT), Certified Penetration Tester (CPT) or GIAC Penetration Tester (GPEN). In fact, a 2016 research report revealed that the penetration testing market is estimated to triple in size from USD 594.7 million to USD 1,724.3 million between 2016 and 2021.
Curious about how to stay up to speed? We’ve gathered 10 useful resources vetted by Hitachi Systems Security’s own Penetration Testers that will help you keep up with the rapidly evolving landscape of ethical hacking. Make sure to bookmark this blog and check back regularly for updates!
Top 10 Pentesting Resources
Offensive Security is an industry-leading information security training and penetration testing website, offering trainings and certifications, virtual penetration testing labs, etc. Offensive Security provides safe virtual network environments through its penetration testing labs to help aspiring and seasoned penetration testers acquire and enhance their penetration testing skills. In terms of certifications, Offensive Security offers the Offensive Security Certified Professional certification (OSCP) – the crown jewel of all related certifications, if we don’t count the higher level certs such as OSCE (Offensive Security Certified Expert).
The Exploit Database is an online archive of public exploits and corresponding vulnerable software, developed and maintained by Offensive Security for the information and use of vulnerability researchers and penetration testers. The exploits listed on the Exploit Database are collected through mailing lists, direct submissions and other publicly available resources.
The SANS Institute is a private for-profit training organization, known as one of the largest in the world for IT Security information and education. They maintain a wide variety of blogs and resources aimed at all subcategories of IT and IT Security, including penetration testing. Fun penetration testing resources include posters such as “Blueprint: Building a Better Pentester” or “Penetration Testing: Attack Surfaces, Tools & Techniques”, training courses about penetration testing and ethical hacking and a vast library of blog articles on the SANS Penetration Testing Blog.
PentesterLab provides a collection of penetration testing labs of varying degrees of difficulty to help penetration testers understand and test systems for vulnerabilities. By completing the online exercises, penetration testers can earn certificates of completion, such as the Capture-the-Flag Badge, the Authentication Badge or the Serialize Badge.
Cybrary is possibly one of the best information security education sites on the internet. It contains full-length college course videos for everything from basic networking up to and including training for certifications, explanations of secure coding, penetration testing and everything else security related. The majority of Cybrary content is free.
Building your skills through hands-on lab experimentation is vital in the life of penetration tester. Aman Hardikar, who built a hugely useful mind map showing various free, publicly available distributions, challenges, and other resources for practicing your skills. Access the Penetration Testing Practice Lab here and have a look.
Ethical Hacking is a LinkedIn group specifically created for ethical hackers to have a medium for exchanging knowledge, ideas and techniques specific to penetration testing. Some of our own Penetration Testers have joined this LinkedIn group to stay abreast of trends & best practices.
Kioptrix is a hands-on, practical blog that provides penetration testers with flawed Operating System images that they can download. Once downloaded, they can set up their own virtual machine and try attacking these Operating Systems to learn about the most common vulnerabilities and security holes.
EHacking.net is yet another great resource for free content about penetration testing and vulnerability scanning, including a directory of relevant open source tools, penetration testing and Metasploit tutorials, blog articles, videos etc.
GitHub is home to over 20 million developers working together to host and review code, manage projects, and build software together. GitHub has compiled a post called “Awesome Penetration Testing” that lists a collection of “awesome penetration testing resources, tools and other shiny things”. In short, it really is awesome because it’s one of the most complete lists we’ve found. Penetration testers can find resources about vulnerability databases, report templates, books, security courses, conferences, magazines etc.
Bonus: This one’s for our French-speaking readers
Founded in 1995, the French publication MISC (Multi-System & Internet Security Cookbook) is dedicated 100% to information security subjects, both in technical as well as in scientific nature. For our francophone penetration testers, this subscription-based resource will provide you with a regular rundown of information security-related subjects, such as reverse engineering, security certifications, internal and external penetration testing, smart city security, secure messaging apps, IoT security, etc.
If you’re interested in learning more about penetration testing at Hitachi Systems Security, check out our related blog articles or get in touch with us directly to request a quote.