In a penetration test (often called pen testing), penetration testers, also known as ethical hackers, test the security of an IT system. This can be a computer network, a website, or a smartphone app, for example. The aim is to identify vulnerabilities in the system at an early stage so that it can then be protected against attackers.
Hacker vs. ethical hacker: what’s the difference?
Whether with good or bad intentions, as a hacker, you try to penetrate third-party IT systems, infrastructures, applications, or networks. To do this, you look for vulnerabilities in the source code that you can use as exploits, i.e. points of attack. It is quite normal for a bug to creep in here and there in thousands of lines of code, and as long as the functionality is not restricted, the programmers usually do not notice it. But you do, because you are explicitly looking for it.
The more you deal with it, the clearer the underlying concept of the programmer becomes, whose system you will now push to its limits. Once you have found a bug, you experiment with different inputs and try to get the program to produce unexpected results. If this works, then you have your exploit. Up to this point, all hackers proceed similarly. What they do with their findings ultimately determines which side they are on.
Black Hat Hackers
They are on the dark side of the force and exploit technical and human weaknesses to paralyze systems, change programs and, above all, steal data to enrich themselves. Since the 1980s, they have been scaring companies, institutions, organizations, and private individuals. For most hackers, the focus is on the power it allows them to exert over an organization.
Grey Hat Hacker
This is the name given to anyone who hunts for exploits in someone else’s system without being asked. Often they report vulnerabilities to the system owners, but sometimes their discoveries are enough for them as hunting trophies. Others fear punishment and leave the vulnerabilities open, but do not touch them further.
White Hat Hackers
They are dedicated to doing good. They usually organize themselves in relevant communities like the Chaos Computer Club or join associations like HackerOne on a global level to make the Internet a safer place. To do this, they are commissioned by companies and organizations to simulate cyberattacks.
What can you earn as a penetration tester?
First of all, let’s assume that you have a permanent position as a penetration tester in a company. Usually, you start your ethical hacker career with job titles like IT Security Engineer and IT Security Analyst and then continue your education. As an IT Security Analyst, a starting salary is between €44,400 and €50,200. Penetration testers and IT security engineers can expect a starting salary of between €47,300 and €55,300. Professionals get up to 70,000 €, seniors even more. As always, these are only approximate values that depend on factors such as company, industry, country, talent, and, last but not least, your experience in penetration testing. With our salary calculator, you can easily calculate your individual salary with the central salary factors.
Your earnings look different when you participate in bug bounties. In 2019, HackerOne paid out bonuses totaling $40 million for Bounties and a total of $82 million to Ethical Hackers. Hackers exist in about 170 countries around the world, but the money made from Bug Bounties mostly goes in a few directions, primarily to hackers in the U.S. and Canada, followed by the UK, Germany, Singapore, and Russia. Maybe this has to do with the openness of nations towards bug bounties, but that doesn’t stop you from participating in an international project!
Where do you get this certification?
Hacking a company without its permission is basically illegal. So how do you learn it without a run-in with the police?
Ideally, the answer to this question would be quite clear: “You can study it at university”. Unfortunately, the answer is not so simple, because there are hardly any degree programs that focus on information security. There are, of course, the classic computer science degree programs that provide a good foundation, but those who want to focus mainly on information security often have to study online.
What exactly do you learn there?
In a course like this, you gain practical experience in various areas of information security. Of course, no two-degree programs offer exactly the same, so here’s a brief overview of what certifications program might contain:
Just like in traditional computer science courses, programming is an important part of the degree. Students learn how to program efficiently in different languages. You learn how to develop an analytical view while programming, so that you can find a solution afterwards with the right design patterns.
Windows and Linux servers
As a penetration tester, you come into contact with Windows and Linux environments the most. Therefore, it is important to be familiar with these environments in order to be able to execute targeted attacks. Here you will learn everything from user administration in the Windows Active Directory to the installation and configuration of Snort, an intrusion detection system, on Linux systems.
As a penetration tester, you work in the gray area of the law, so a good knowledge of the law is essential. If you don’t think about it, you will very quickly find yourself working illegally.
Web application testing
For several years now, developers have more often preferred web applications instead of standalone operating system-bound applications. This move to the web, of course, brings with it various security issues, especially if you make the application available on the Internet.
Cryptography, the science of encrypting information, is one of the most important topics in the security field. For ages, people have been trying to hide communication from unauthorized eyes. This is no different in computer science. Of course, you don’t want your banking information to end up in the hands of hackers either. In this subject, students are taught basic knowledge of modern encryption methods.
To practice penetration testing, the university has provided a lab environment. In this lab environment, there are vulnerable systems that students try to hack. The subject works in the game form: for each hacked system, students can get points, which they get by entering so-called “flags” (specific text) on a game platform. So students compete with each other to hack as many systems as possible. As a final module assignment, they produce a detailed penetration test report that lists and explains all vulnerabilities found.
Certified Ethical Hacker
At the end of the program, students get the chance to receive the “Certified Ethical Hacker” certificate from the EC-Council, an information security certificate that is recognized by the U.S. Department of Defense, among others.
Information security is a field that is experiencing a lot of growth right now. Compared to traditional computer science studies, there are very few institutions that offer information security as a full-time course of study. Slowly, however, the field is establishing itself. In the last couple of years, several new degree programs in information security have been founded, that the number will increase exponentially in the next few years.
The requirements for certified pentesters are very high. Getting there requires a high level of interest, intrinsic motivation, and initiative. If you like discovering security gaps and have fun doing it, you should take the path there.