In 2020, both big and small companies alike are embracing pen-testing as a solution to ensure the quality and availability of their mission-critical communication systems and data storage.
Detectify Crowdsource is our private bug bounty community that’s powering our automated web security scanners to protect 1000s of security teams. It’s true that bug bounty hunters and pen-testers are not the same breed yet we see a lot of our hackers learning new skills to break into the pen-testing scene, and help keep out hackers with hats as black as ink.
Detectify security researcher, Fredrik N. Almroth and his thoughts on the growing interest for pen-testing:
“As a researcher, I see a lot of mistakes that can be avoided out in the wild such as unauthorized access to things in the supply chain and obvious tampering marks in the data. Year after year, companies have 2 options with pentesting: they can be proactive with testing business assets, or react once everything suddenly breaks at once. If you have the resources, bringing in pentesting can help companies stay on top of risks and get results before the ink is even dry on the auditing contract.”
While there are differences in what they do, there are also a lot of similarities. So we asked the Detectify Crowdsource community, some who’ve even hacked the Pentagon, to share some of their top-paying tips that every great pen-tester should know:
Top 12 tips every pen-tester should know:
#12 @gehaxelt: I don’t think all of people know what true pen-testing really is. It’s all about documentation, and the writing between the lines.
#11 @p4fg: “Find your niche. When it comes to pentesting, I’ve found it to be more lucrative to become an expert on fountain pens, than being a jack-of-all-pens.”
#8 @ozgur_bbh “Always carry a pineapple.”
“Don’t lose track of the scope – it’s easy to get sucked in by pencils because they have erasers, but you’re really there for the pens.
#1 @tomnomnom: Put pen-to-paper and share what you found with the community. Embrace the twitter fame.”
As mentioned our community applies these tips already today, and we’ve had great updates of progress including from researcher, @tareksiddiki:
“Following these tips have helped me keep my eyes on the ball and I’ve pointed out numerous flaws to my clients, helping them cross t’s and dot the i’s.
It’s really helped me put a feather in my cap as a pen-tester!”
There you have it, some top-paying pen-testing tips from Detectify Crowdsource hackers. Now it’s time to get out there and get your next gig. Happy pen-testing!
Happy April Fool’s Day!
Are you interested in joining our community on Detectify Crowdsource? Learn more at https://cs.detectify.com/