|
|
|
|
|
|
by lowpro
2951 days ago
|
|
|
I'm still an intern in the industry but have worked for a few places, you normally start by poking around/recon, look at where things get complicated and where systems are connected because those are often the breaking points. During recon, if you can find what tech is being used you can see if it's outdated at all or where vulnerabilities were found in the past. If you're doing penetration testing/vulnerability assessment you're not inventing new exploits, just using what's already out there and tweaking it. Research on new exploits is more rare as a job I think. See [0] for the steps of pentesting and OWASP [1] for everything regarding security. [0] https://www.cybrary.it/2015/05/summarizing-the-five-phases-o... [1] https://www.owasp.org/index.php/Main_Page Also there is a big security community on twitter where you can see researchers tweet about a lot of the stuff they're working on right now. |
|
|