| || |
Starting off in security testing
Hello fellow testers,
I would like to break into the realm of security testing. What would I need to get my foot in the door? (besides networking). I have 5 years of Testting experience, mostly in functional, database, and load. Would you guys reccommend any certs or none at all? How should I start off on this journey? [img]/images/graemlins/confused.gif[/img]
Re: Starting off in security testing
Here's what I did.
We had some projects in the pipeline that had some aspects of generic "security testing" that customers (and bosses) wanted done. The testers looked at each other and I said "I'd like to give it a shot." The other testers (and the boss) looked relieved that someone volunteered and shazaam! There I was, the official security tester when one was needed.
In more practical sense, there are some delicate things that need to be considered. I'm not sure how much exposure you have had to ideas around security testing, however, the Open Web Application Security Project (OWASP) at www.owasp.org is a very good starting point.
It was my first stop (after sticking my hand up) and I still refer to it from time to time.
I'd suggest trying small tastes of security testing before launching in full speed. If there are some projects that may need a hand, volunteer to take it on and see if you like it. It really is not for everyone.