Hello,

I'm looking to get started in the world of Penetration Testing with the aim to make it my career. The company I work for has indicated that it may be able to help out with training and finances as part of my development as they are looking to bring some pen testing in house but while this is being sorted I'd like to put myself in the best possible position.

I currently work as a manual tester and am mainly involved in testing UNIX server software and applet based GUI's. I have a good working knowledge of UNIX (currently use Solaris) and SQL as well as VB. I have also dabbled with Linux at home.

So far I've browsed the forums here as well as looking at the Offensive Security and Remote Exploit websites. I've downloaded and just started playing with BackTrack 2 as well as begun readig a book on pen testing (can't remember the title). I've also ordered a book on TCP/IP (TCP/IP: Jumpstart by Andrew Blank) as I've read a good knowledge of networking is fundamental.

Can you suggest anything else in terms of websites/books/free or cheap online courses that I can be looking at that will help my progress. Also, can you recommed the best certsto be looking at for when I get something sorted through my work.

Thanks in advance

Yes, welcome to this site!  I agree with KrisTeason, this is an excellent place to start and a lot of people here are quite knowledgeable and are willing to help out.

Two books I highly recommend to you are:  Hacking for Dummies and Hacking Exposed (pick your poison).

Again, welcome to the forum.   

This might seem like I am being sarcastic at first glance, but I am not at all. Perhaps the very first skill to learn in hacking is Google!  Seriously. If you really know how to use it beyond the norm, its amazing what you can find. Not only is there so much info available on how to hack, but you can locate a large amount of sensative data. So much so that Bill Gates had mentioned one time Google should be out lawed! You can even locate vulnerable servers to attack. 

This is a good site to spend some time on:

http://johnny.ihackstuff.com/forums/index.php?s=c80ca039aea9628881cf5b7f026f2f76

Not to get nitpicky, but I wouldn't want someone mislead.  SQL really has nothing to do with HTML.  SQL is a database technology (MS-SQL, MySQL, Postgresql, etc) and lives on the back end.  Data in SQL is accessed through programming languages such as PHP, Perl, Python, Ruby, etc.  HTML and SQL actually don't communicate at all.  Code can be embedded (server side includes) in HTML to poll SQL databases, but HTML has nothing in the markup language to work with databases.

Just wanted to clear that up.

thx Bigwhiff, that was exactly what i meant.lol. I almost thought i was on the wrong forum.  ;-)
Even HTML can be generated straight from the database. Dont forget all kinds of database-injection techniques and cross-site-scripting