You can check here:

http://www.testingfaqs.org/

That site seems to have some good information.  Testing is an important part of the SDLC and should have been given thought throughout the entire development process.  So there should be a number of unit tests and things you can use to test different conditions in your application.  At least that's what I learned from my Java programming classes, I've never had to do it IRL though. 

I am not currently in the pen testing field, although I am in IT security, so I can't say from experience but according to the the SANS salary survey below pen testers make anywhere from 56k (0-4 years experience) to 111k (10 years experience).  It would seem that according to the Salary vs. Title chart (page 3) pen testers are paid the least.  Can any of you pen testers out there confirm these findings?  Personally, this is the type of thing that makes me comfortable just being normal system engineer in IT security... its not as 1337 but I guess its way more money?

http://www.sans.org/resources/salary_survey_2008.pdf

Thanks again for the information everyone.  I think I am going to try to see if I can first for the GPEN then the OSCP.  Since both of these certs/courses seem like a decent amount of fun as well as high quality that would seem to be the best route.  Even if I have to foot the bill for the OSCP myself I think it would be worth it.  My main objective here is to learn as much as possible so I think both would be best.   

Thanks again,
themadhatter

Thanks for your responses! 

I think at this point I will try my best to take both courses starting with GPEN.  That way I get the proper format of a pentest, the business reasons, and everything  else like that from GPEN and I learn the 1337 techniques from OSCP. 

One another note, which cert do you think has more industry recognition?  Also, what does the GPEN certification test actually entail?

Thanks,
themadhatter

Hey all,

I finally got to the point where I'm ready to take the next step as far as my certifications are concerned and I need your help.  I am trying to decided between taking the GPEN or OSCP, which do you all think is better?  I am looking for the certification that will give me the most knowledge and be the most fun to complete.  Money is not a concern, so I'm just looking for a quick poll.  Personally, I would like to do both but I don't know if I can swing that.  Anyhow, please comment if you have either of these certs or both.

Thanks,
themadhatter

Update on what happened yesterday with this in case anyone would like to know.  There was a protest in multiple places around the world heres a link to a blog post about what happened:

http://www.bandergrove.com/?p=4

Check this link out http://www.renderlab.net/projects/wrt54g/kiswin.html

Let me know if it works because I have not had the chance to try it out myself yet.

Check this out http://www.partyvan.info/index.php/Project_Chanology

Yeah obviously I don't think it was a great idea to do the DOS and I don't know all the facts about Scientology I'm just interested to see if random people on the internet can actaully put something like this together without leaders and what not. 

HAHA yeah they might be looking for some now.  However from everything I looked up about Anonymous they seem to be done with the DOS and are moving on to other phases of their attack e.g. prank calls, IRL protests and other things.  I am very interested to see how this all plays out.  Obviously its not very ethical to DOS a website but I am interested to see if these people who all met online and have no leaders can actually have a successful protest and or be noticed.  I have never heard of anything like this before...  This site isn't working now but I'll post a link to their "plan" when I can later. 

I found this video on you tube:

http://www.youtube.com/watch?v=JCbKv9yiLiQ&eurl=http%3A%2F%2Fencyclopediadramatica%2Ecom%2FMain_Page

A hacking ground named "Anonymous" did a DDOS attack on Scientology's website and that video is a declaration of their attack.  I just wanted to know what you all think of this and if anyone knows about this group.  You can find some more info about them at the following link:

http://www.encyclopediadramatica.com/Anonymous

Edit:

I also found out that there is a world wide protest of Scientology on 2-10-08 and this group even made a set of rules for people that are going to protest:

http://www.youtube.com/watch?v=-063clxiB8I

This is all too weird...

If their using a private key to encrypt something all they are doing is verifying that the data came from them thus protecting the data's integrity much like a digital signature.  This is due to that fact that anyone with the public key, which is everyone since its public, can decrypt it.  This does not work and makes no sense at all if their trying to protect the confidentiality of the data in order to prevent people from playing the games or w/e. 

I could be thinking about what they are using the key for wrong but thats the way asymmetric cryptography works.  If you use your private key to decrypt something you'r not actaully hiding anything because anyone can decrypt it.  Thats all I'm trying to say.

You have the first part right but using the if I wanted to send you a message I would use your public key to encrypt it not my own private key.  If I use my own private key anyone in the world would be able to decrypt it via my public key.  On the other hand if I used the recipient of the message's public key to encrypt only the person with his private key can encrypt (which is hopefully them).

Go to http://en.wikipedia.org/wiki/Public-key_cryptography to brush up on your public key cryptography 


If this is true its the stupidest way of doing things ever.

Wouldn't the public key be used to encrypt things as opposed to decrypt?

Yeah theres nothing wrong with them raising the price, they are a business.  I was just surprised when I saw it went up that much in about a weeks time, plus they took away a lot of the option and things that you had to choose from. 

But w/e, I just passed my security+ so this is the next cert I'm looking to get.  I honestly can't wait.

I don't really know what I think about selling exploits since there are strong cases for and against it.  But I came across  a website a while back that you can literally bid on exploits basically like eBay.  Check out the link below:

http://www.wslabi.com

Like don said his example was not the first time something like this happened.  While the site seems to have ethical intentions this could potentially be dangerous.  All in all I don't think selling exploits to someone based on the fact that they say it will be used ethically is as simple as it sounds.  It seems to me that providing someone who has not verified their identity to you is not necessarily unethical but goes against common sense.