Freelance Pentester

[luckynine]

Hi folks,

I am new to this forum and glad to see many helpful advice on a hacker career.

My situation is that I have been working in the field of web application development for many years and now as a senior manager.  In the area of web security, my knowledge is mostly about how to avoid xss, sql injection, some rule settings in network devices, working with external pentesters, Windows hardening...etc.  That's basic understanding from developer point of view.

To gradually change my path to security, I wonder if its practical step one could be getting certified and try working as a freelance pentester.  I am happy with low paid part-time jobs.  Just want to know if this is a typical starting point.

Thanks in advance for any advice 

LN

[MaXe]

I have a few suggestions to resources you may find useful. (Keep in mind none of them are necessary to become a web app pentester, but they add a lot to your image.)

Books:
The Web Applications Hacker's Handbook 2nd Edition

Courses to check out:
SANS SEC542
Advanced Web Attacks (Offensive Security)

Certifications:
GWAPT (GIAC Web Application Penetration Tester)
OSWE (Offensive Security Web Expert)

Jobs:
This is a bit more difficult, but projects such as Hatforce could be a start.

Research:
Do your own research in this field and release advisories, whitepapers, etc., to brand yourself in a positive way.

[millwalll]

Some great advice from MaXe the web applications handbook is imo the best book on web applications testing they also have labs where you can practice too.

You also have elearnsecurity course what will be a lot cheaper than Sans but because of your background it maybe not sort course you need but worth looking into.

Also offensive security have a web course but this mainly done on site at places like defcon so on but again maybe worth looking into.

Another tip might be to produce some vulnerable apps of your own like a live CD this will not only get your name into the industry but also allow other to attack it and they might be able to find issue you was not expecting then you can learn how they found them issue.

[3xban]

As for freelancing, maybe don't quit your day job but if you have some friends and family that have small shops and maybe can't afford a full time tester, you can always offer them a service for a low cost just to get your feet wet.  At least start out with vulnerability testing and gradually move up into pen testing.  After all many places are afraid to let a tester go full bore on their app or website.  Find the vulns, recommend fixing and learn how to exploit them along the way.  Eventually you will pick it up.  I learned a lot just going through a large external vulnerability assessment that did some minor testing.  But it made me have to research a good deal to determine the best methods to fix the holes.  It was kinda of crappy that the testers didn't actually put in detailed methods of fixing the vulnerabilities.  They just sort of listed the CVE and maybe a link to the fix, but nothing customized.  I think the company got ripped off.  Looked much like a canned report from an automated tool.

but I digress

[luckynine]

Thanks for the great advice.  Its very helpful.  I will do some more studies on those.