What is a Pentester?

Asked

Viewed 197 times

6

Browsing the internet, I saw some hackers talking that they work or worked as Pentesters and I would like to understand more about this profession. There is some difference between Pentester, Hacker and Programmer / Software Engineer ?

terminology hacking
  • 1

    In a nutshell, it’s those looking for loopholes and security holes, and "hacker" which is a term used informally and sometimes wrongly, could be an example of this, in the case a person with ability/knowledge of invasion can use their knowledge to improve the security of software and networks, basically this would be the such Pentester, the "hacker" of the "good" (more or less). But of course, it has tools, knowledge, experience, sectors, software and nothing is very specific, so much so that it is useless to have knowledge in X environment hoping to be able to search for gaps in the Y or Z environment.

  • 2

    @Guilhermenascimento There is a Difference between a "Good Hacker" and a Pentester.

  • 2

    @Cypherpotato exists is a very wrong way to use the term hacker, as I said at the beginning, but if I take to hit the people (not here of the posts, but of a whole, mainly the "millennials" and cia) there will start a discussion that does not fit here. There are many people who put tuxedo (Black-tie) on a duck and think something has changed. It is capable of a lay user to leave his password recorded in the "remember", another one manages to copy there already call of "hacker";

  • @Cypherpotato you created the tag [tag:hacking], intended to contextualize with a Wiki?

  • 1

    I’ll start with a fragment, @Guilhermenascimento .

  • @Guilhermenascimento hackers are no longer good ? Why keep talking about "good" all the time if who does bad are the crackers ?

  • @Jeanextreme002 Both are different from each other.

  • @Jeanextreme002 Is gravity good or is it evil? If you stand still, will it hurt you? If you jump off a mountain, will it hurt you? Maybe it’s not the best "metaphor". But I’ll leave the conversation aside because in a matter of "market terms" I’m not the best person to talk to.... ps: just for the record, "hacker" and "well" are in quotes, so I didn’t exactly say "hacker" much less exactly "well"

  • 1

    @Jeanextreme002 cited this discussion in chat: https://chat.stackexchange.com/transcript/message/53373807#53373807

Show 4 more comments

1 answer

7


There is difference between the four professions yes, and answering your question,

Pentester

It is also known as Penetrator, Evaluator de Invasão. As your name already says, a Pentester is responsible for mapping all possible vulnerabilities when it comes to trespassing. Hacking would be any unwanted access, whether done by a hacker or even by a client. Pentester should analyze all possible ways of malicious input into a system and map out these vulnerabilities so that they can be corrected.

An intrusion test assesses whether a system is capable of receiving attacks or cyber attacks. Unlike Hacker, Pentester is focused solely on hacking systems. Not limited to a type of system or platform, such as authentication and database, but any other malicious access.

Ethical hacker

Hackers are responsible for a wide region of system denial. It’s also a Pentester, but it involves other responsibilities: an ethical hacker (hired) maps all the possible vulnerabilities of a system so they can’t be hacked by other hackers.

Hacking techniques is a subject that is within Hackers. But "hack" it’s not just that.

An unethical hacker does his own hacking, takes advantage of the system and gains access to it. An ethical hacker does the hacking but does not take advantage. He is often hired directly to test the system. Others do it for good intentions. Cves authors are considered Ethical Hackers.

Software Engineer

He is not always a programmer. In this matter, he is responsible for demanding the evaluations made by the Pentesters/Hackers. He is responsible for applying vulnerability correction, and then passed to the programmer/developer to explicitly implement such correction.

Software engineers are also responsible for the structured construction of the software that will then be invaded.

Programmer

I won’t define what a programmer is, but in this matter, he is responsible for implementing the demands coming from the Software Engineer. It is the software developer who will implement such fixes.

In practice, there are people who are these four in one. There are teams more divided where they separate each function. Normally large systems have these four responsible, but I can’t guarantee that.

  • While we’re on the subject, could you tell me if it’s illegal or not to hack into a system without authorization to find a fault and report to the owner about the problem ?

  • 2

    @Jeanextreme002 is and isn’t. Often hackers who discover vulnerabilities first try to sell them anonymously, and if the company refuses, they may sell to other interested companies or other hackers. Everything works anonymously, some earned their living from it. Some companies publish their vulnerabilities already fixed as Cves.

  • 4

    @Jeanextreme002 illegal where? Depends. In Brazil, if you have circumvented the mechanism and obtained some information from it, it is illegal yes: https://pt.wikipedia.org/wiki/Lei_Carolina_Dieckmann - PS: I understand that this question is out of scope, because it is a question of market and not of programming (as relevant as asking if it is better to buy an Aeron chair, a New Ergon or a generic 300 real - important difference for the programmer, but also out of scope) but as my vote is binding as moderator, I prefer that the community decides the first vows.

Browser other questions tagged terminology hacking

You are not signed in. Login or sign up in order to post.