Pentesting Skillset

I’ve been fumbling together a list of skills necessary to succeed as a pentester. This was prompted by mapping out my own short-term education and by gathering a list of necessary skills for potential hires.

These are the skills i find necessary and want to promote in my own team. I’m curious if the list is what you would expect a penetration tester to know?

This list doesn’t focus on important things like the security mindset and other high-level skills like communication, organization, and discipline. It also stays away from specific technical (attack) tools and techniques.  Its main goal is to establish a minimum understanding and capability baseline for a pentesting team.

  • General / Overall
    • Project Management – Start, maintain and complete a project
    • Toolkit and Exploit Management – Maintain a useful set of tools
    • Education – Stay up to date, learn new concepts (books, people, training)
    • Teaching – Explain new concepts, publish information
    • Research – Own a topic or research area
    • Bullshit Management – Ability to work in close quarters
  • Auditing
    • Law / Regulation Knowledge
      • HIPAA,FISMA,GLBA (High level regulations)
      • ISO17799,ISO27002 (IT standards)
      • PCI, COBIT (Lower-level guidelines)
    • CISSP Domains
  • Writing
    • Technical writing ability
    • Ability to analyze & correlate information
    • Ability to reconstruct a narrative from technical information
  • Social / People Skills
    • Common Sense – Finding the quickest, easiest solution to a problem at hand
    • Social Engineering
  • Searching / Information Gathering
    • Research Skills
    • Google Hacking
    • Recon Techniques
    • Information Correlation
  • Attack Modeling
    • Risk and Threat Modeling
    • Attack Modeling
    • Security Mindset
    • System Decomposition
  • Web Application Skills
    • General Development and Testing
    • AJAX
    • Design Patterns (MVC) – Ruby
    • Javascript Debugging – Venkman, Firebug
    • Web Services – Rest, XML-RPC, SOAP, json
    • Web Specific Languages – ASP, PHP, JSP, Coldfusion
    • Web Frameworks and Platforms – ASP.NET, J2EE
    • Database Administration
    • SQL / Data Query
  • OS-Specific Skills
    • System Administration
    • OS Theory
      • System Architecture
      • System Security Models
      • Filesystems, Networking, I/O
      • Startup / Shutdown
      • Analysis (dump, debugging, memory, forensic)
      • Management + Maintenance
    • Windows
      • Active Directory
      • Exchange / OWA
      • SQL Server
    • Linux / BSD
      • Apache
      • MySQL
      • Sendmail / Postfix
    • Package Managers
    • OS X
    • AIX / Solaris / Unix
    • Kernel / Posix
    • System Programming
  • Networking
    • Networking Theory
    • Protocol Theory
    • Routing and Switching
      • Cisco & Juniper
    • Firewalls
    • Embedded Devices
  • VOIP / Voice Skills
    • PSTN experience
    • Routing + Signaling Protocols
  • Scripting Skills
    • Bash,etc
    • Perl, Python, Ruby
    • PHP, ASP
    • Batch, VBScript, Powershell
  • Hardware Hacking
    • Embedded Devices
    • Electronics Theory
    • Secure Design of a System
  • Wireless
    • WEP / WPA / WPA2
    • Packet Injection
    • Hardware / Driver knowledge
    • Basic Encryption
      • Symmetric ciphers
      • Asymmetric ciphers
    • 802.11
    • Antenna Theory
    • Mobile Networking
      • CDMA, GSM, Mesh Theory
  • Development
    • Coding
    • Regular Expressions
    • Development
      • Design Patterns
      • Development Methodology
    • Version Control
    • Database Design
    • Language
      • C / C++, Java
      • C# / dotNet Framework
  • Vulnerability Development
    • Reverse Engineering
    • Buffer / Heap Overflows (explain + code + find)
    • Creative Thinking
    • Analytic Thinking
    • Coding / Debugging
    • Fuzzing
      • Testing Theory
      • File Fuzzing
      • Protocol Fuzzing
      • SPIKE, Peach, etc
  • Attack Analysis / Forensics
    • IDS / IPS experience
      • Snort / Commercial IDS
      • Honeypots
    • Forensics experience
    • Packet capture and analysis
      • packet dumps, bpf, flows, wireshark


  1. Tom says:

    Great list! I would add that it is very difficult for a single pentester to be an expert in a all of these areas (at least I have yet to meet one!). Hence, one of the things that bothers me is when I see a pentest company send one person out to do a two week penetration test! How could one person be an expert in all of these areas? This is why you should have a diverse pentesting team with experts in most of the ‘major’ areas (Web app, OS-Specific, Networking, scripting/dev) you listed. Other skill sets like vuln development can easily be learned by someone with skills in scripting/development. In general, the more diverse and well rounded your team is the better. 🙂

  2. jcran says:


    definitely, this was aimed as more of a wish-list for a team.

    it would be interesting to put together a maturity model for a pentesting team. — what skills are absolutely (day-one) necessary for a generic pentest. i guess it depends on the network / idea of a “generic” pentest.

    surely though, there should be some way to boil down to skills which are more essential:
    – networking
    – unix / linux
    – security mindset
    – scripting (debatable, but imo necessary…)

    and those that are secondary (again, depending on a lot of factors):
    – scripting++
    – networking++
    – unix-foo
    – web-app skillz


    again, all of this is debatable, and depends on the environment which needs testing.

    the goal is to make a list of where anyone interested should focus. the short answer seems to be any of these areas, though some are easier than others…

  3. Panarchy says:


    I’m going to print this out.

    And learn as much as the things from the list as I can.

    For pen-testing and white hat hacker, this’ll be a good goal to set myself.

  4. Pingback: Quora

Leave a Comment

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s