Junior Penetration Tester Interview



Full Member
Full Member

Posts: 199

Joined: Sat Feb 21, 2009 7:11 am

Post Mon Sep 27, 2010 1:56 pm

Junior Penetration Tester Interview

Ok, what level of knowledge would you guys says is necessary for a Junior Penetration Tester to have? What type of questions should he be able to answer?


User avatar

Hero Member
Hero Member

Posts: 1718

Joined: Mon Jan 29, 2007 2:59 pm

Post Mon Sep 27, 2010 3:45 pm

Re: Junior Penetration Tester Interview

This is a short list, off the top of my head, and I'm sure others will add, or comment, but...  Remember, assuming Junior, and that others are willing and able to work with the 'Junior' person to mentor them, that this list means to 'at a minimum, understand basics of'.

Personally, I'd expect them to understand concepts and things like :

-Privacy and regulatory laws
-Knowledge / acceptance / admission of what they do and don't know (in the event they're working in a team atmosphere) 

They should, at a minimum, understand fundamentals (even if not knowing exactly 'how-to') of:

-What a buffer-overflow is and how the stack works
-What privilege escalation is
-The OSI layer (at least a good overview, at a minimum)
-How network protocols work
-IP addressing fundamentals
-Types of web-based attacks (even if not knowing HOW TO, such as SQL injection, authentication bypass, CGI / PERL exploitation, etc.)
-Understand what types of encryption / obfuscation exist, and their uses (even if not completely understanding their inner workings.)
-Minimum basic understanding of routing and switching

IMHO, they should also be at least somewhat comfortable with some sort of scripting language (whether dos batch scripting, Windows PowerShell, *nix BASH, etc) and not be 'afraid' of a command-line.

Those are starter items, and by all means, not all-inclusive.  I'm sure, as I sit and think, others will come to mind, but since this is a forum, I'm sure other folks will chime in, too.  ;D
~ hayabusa ~ 

"All men can see these tactics whereby I conquer,
but what none can see is the strategy out of which victory is evolved."
- Sun Tzu, 'The Art of War'

OSCE, OSCP (Former - GPEN, C|EH - both expiring / expired)

Return to Other

Who is online

Users browsing this forum: No registered users and 0 guests

Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software