Qualities of a good pentester

The following points describe the qualities of a good pentester. They should:

• Choose a suitable set of tests and tools that balance cost and benefits
• Follow suitable procedures with proper planning and documentation
• Establish the scope for each penetration test, such as objectives, limitations, and the justification of procedures
• Be ready to show how to exploit the vulnerabilities that they find
• State the potential risks and findings clearly in the final report and provide methods to mitigate the risk(s) if possible
• Keep themselves updated at all times because technology is advancing rapidly

A pentester tests the network using manual techniques or the relevant tools. There are lots of tools available on the market. Some of them are open source and some of them are highly expensive. With the help of programming, a programmer can make his/her own tools. By creating your own tools, you can clear your concepts and also perform more R&D. If you are interested in pentesting and want to make your own tools, then the Python programming language is the best, since extensive and freely available pentesting packages are available in Python, in addition to its ease of programming. This simplicity, along with the third-party libraries such as scapy and mechanize, reduces the code size. In Python, to make a program, you don't need to define big classes such as Java. It's more productive to write code in Python than in C, and high-level libraries are easily available for virtually any imaginable task.

If you know some programming in Python and are interested in pentesting, this book is perfect for you.