I try to put up a new poll on Right Hand Column every month, and the time is at hand. The responses in the forums to the last poll on advancing your careers was great. As always the members came through with awesome advice. So I thought maybe I would go to you for advice on the next poll. Anything you would like to ask our readers?

Remember, this is not a forum poll, so non-members can vote.

Thanks for your suggestions,
Don

Thanks oleDB.

Anyone else have ideas or do you all think I should go with one of oleDB's suggestions?

Don

In the military of course 

Wow... seems like a lot of you are interested in certs. Here are my initial thoughts on cert polls:

1. If specific certs are to be part of a poll, we would like to keep them limited to certs that are relevant to EH-Net. To see certs related to pen testing, forensics and incident response click HERE. For other security certs, all of you can help build the community at our sister site, Certified Security Professional (CSP) Magazine. This site is more dedicated to certs than this one.

2. I know this site is named the Ethical Hacker Network, and there is a cert named Certified Ethical Hacker, but that does not mean that this site should be dedicated to certs. In fact, most of the articles and forum topics are non-cert related. Or is it that you agree and are just curious this month on how people feel about other security related certs?

Based on the results of the last poll, certs and practical experience are tops on the list by far. Hopefully all of you feel the same as I do that we have struck a pretty good balance of general knowledge, experience and certifications on the site.

But, this is a community driven site, and if it's cert polls you want, cert polls you shall have.

Let me read a few more responses, and we'll make a decision on a poll.

Thanks and as always, I know I can count on your feedback,
Don

I agree that ideally the poll should not be cert-related if possible.

I really like Negrita's number two idea about the programming/scripting requirements for a security professional.
I would very much like to see the results of such a poll!

If we are doing that, it would be great to see more articles or tutorials on this topic as well.

No problems Don. Could you please add Assembly language too, or is it too late? I see people have started to vote already. I have a good reason for adding it - I'll tell you why in a PM, so as not to bias the voting.

Wow judging by the early results, I think people misunderstand what the role of a pen tester is. I will wait till the final results are in though to post why I believe web based languages like Java/Javascript/PHP/ActiveX are most important. Jezz I almost even think SQL, used in SQL injection attacks would be more important then C/C++

Hardly any pen testers write their own exploits. I would say only 20% actually code exploits. Not to be confused with writing scripts that automate pen testing functions. IMO, its more important to know the code that is being exploited. Not the code your using to exploit. For malware analysis and code review C/C++ would be important, but that is not a pen testing function. There may be some overlap, but in order of importance, as a pentester your are looking for ways to get into their network. Knowing how to find bugs in web based code is way more critical then knowing how to write an exploit in C++. Really, with out being able to analyze the Java/PHP code, knowing how to write in C++ is useless with out the bug to begin with. I would also venture to say that more and more, I'm see less exploits in C++, and more in Perl and PHP. Eitherway I think I've made my point. Knowing C++ while valuable, is not necessarily the way your going to get into someones network. In almost all cases its not. Most pentesters, are infact a form of script kiddy. And thats not in a derogatory way. They aren't writing the exploits they are using them on vulnerabilities they have found.