How To Learn Penetration Testing? (The Ultimate Guide!)

Penetration testing is a fun and lucrative field: on average, pen testers earn around $120,000 yearly. However, there’s a long road to walk until you can penetrate a system. Here’s how to learn penetration testing the easy way.

Learning the basics, practicing in simulated environments, and getting real-life experience is the best way to learn how to pen test. At the same time, joining CTF competitions and doing gamified hacking tutorials is a fun way to improve your penetration skills.

Penetration testing isn’t easy to learn and isn’t something you’ll pick up in a day. Those who have what it takes can land interesting, challenging jobs and have a nice income to go along with it. Knowing the best way to learn pen testing will fast-track the learning process.

What’s the Best Way To Learn Pen Testing?

The best way to learn pen testing is to get real-world experience. Working an IT job while you learn about cybersecurity on the side will put you on a fast track to achieving your ethical hacking goals.

However, that’s not the only way. You can simulate different environments you can hack if you have the right tools. Setting up defenses to attack them is also an efficient way of learning pen testing: you better understand how to penetrate a system when you know how to set it up.

You can also follow a structured path, both free and paid. Websites like PortSwigger, TryHackMe, and PentesterLab offer a beginner-friendly way of learning penetration testing.

Who Can Become a Pen Tester?

Anyone patient enough to learn the basics and hardheaded enough to push through sticking points is a great candidate to become a pen tester. Of course, that’s far from the only thing you need, though it’s the perfect foundation to achieve this goal.

Penetration testing isn’t easy or simple. Even worse, it’s an ever-changing craft that keeps you on your toes. If you learn to hack today, most of what you know will be obsolete tomorrow (you can always use the fundamentals, though). Fortunately, that’s what makes it exciting!

Is pen testing for anyone? Hardly so. However, those who enjoy it will love doing it. It’d be a good idea to sit down and think about whether you want to go through the grueling process of learning how to hack. More importantly, you should figure out if you have the skills to learn (and stick with) penetration testing.

Skills Needed To Do Penetration Testing

  • Curiosity. Pen testing is for the curious minds alone: those who have the itch to learn new ways of doing things. Stagnation is the worst thing that could happen to someone in this field. In fact, after you learn the basics, most of your work will be about either applying the fundamentals or staying updated with the latest exploits.
  • Creativity. Sometimes, learning the latest reported exploits won’t help. You’ll have to figure out how to penetrate a system using creativity and cunning. Finding where’s the weakest link in a system is the most efficient way to penetrate it, though you’ll seldom achieve that goal if you’re not creative enough.
  • Equanimity. Keeping your calm and composure during a penetration test is a must. You can’t lose yourself to desperation if you find no ins to a network. At the same time, patience is also a must when you’re learning to pen test: it’ll take a long time before you consider yourself good at it.
  • Tenacity. Determination goes hand in hand with being equanimous (which sounds like a big word but means to keep your composure during tough times). Whether your goal is to learn to pen test or penetrate a system, sticking to that goal (no matter how hard it gets) is a must.

Tips To Learn Penetration Testing Faster

  • Avoid the black hat route. Hackers can walk down different paths, including black hat, gray hat, and white hat paths. Black hat hackers are cybercriminals who penetrate systems without regard for people or laws, and doing so will get you in trouble. Gray hat hackers do the same with no malicious intentions, though good intentions don’t keep you out of jail. Wearing your white hat (working as a pen tester in legal scenarios) will allow you to use your hacking skills and have no trouble with anyone.
  • Make it before you break it. Penetration testing is about infiltrating a network, though that’s not the only thing you need to know. Learning how to build something from scratch (e.g., how to make a website) is a great way to understand where the vulnerabilities are (e.g., why XSS attacks work)
  • Set up a timeline. It’s worth repeating that pen testing takes a long time to learn. For that reason, it’d be better to set up a timeline. Dedicate a few months to learning the basics, practice in simulated and real environments, and look for an entry-level job after a while. Creating a timeline seems unnecessary – until you realize following a structure is an efficient way to learn, especially when there’s so much to know about.
  • Trust your tools. Pen testers deal mostly with tools and people. They hardly do any coding, though knowing how to code is a must. Using tools (like the Burp Suite and ZAP) will help you automate your penetration process, making you a better pen tester.

9-Step Guide To Learn Penetration Testing

1. Start With the Basics

Penetration testing is about knowing everything about a system, so you can gain access to it (even if you don’t have permission). In other words, you need to have a foundation before you learn the fun stuff.

Before you dive into the world of pen testing, you need to know the basics of:

  • Coding. Learning a language or two is necessary, although you won’t do much coding yourself. Learning Python is the best way to get started if you know nothing about programming languages. However, learning JavaScript is great if you want to dedicate your career to web app penetration.
  • Linux. Most systems are set up in Linux, meaning you won’t get your foot in the door if you want to stick to Windows. Learning Bash is a must if you want anything to do with the IT world, especially for anything pen-testing-related. Installing a basic Linux OS and playing with it is a great way to learn.
  • Networking. Do you know what the TCP/IP protocol is? What’s the difference between a client and a server? Can you explain how a router works? Unless you can answer all these questions (and some more) off the top of your head, you shouldn’t start learning how to do a pen test.

2. Set Up Your Pen Testing Lab

Have you learned how to use Linux? Great! However, we have the perfect opportunity for you to learn if you haven’t yet. Most penetration testing tools run on Linux, so you’ll need an adequate OS to use them.

A quick Google search will show you Kali Linux is the go-to distro (“distro” is short for Linux distribution, a way of referring to a Linux-based OS)  for pen testers. You also have other alternatives, such as BackBox, Black Arch, and Parrot OS.

These distros come loaded with countless tools you can use to do penetration testing (though you won’t know how to yet). However, if you don’t know the first thing about using Linux, we recommend starting with beginner-friendly distros, such as Ubuntu or Linux Mint.

3. Read a Lot of Theory

You have the tools for the job – but hardly know anything about the job! For that reason, reading a lot of material is a must.

The easiest way to learn is to do courses. We’d recommend starting with basic SysAdmin courses, then moving to penetration testing. Remember, you have to learn how something works before you can look for vulnerabilities.

There’s no right way to learn: you can read books, watch videos, or do courses. If you don’t know where to start, check the first step and research the questions laid out under Networking.

4. Practice With CTF and Web Games

Capture The Flag simulates what hacking feels like, though it’s not the same as the real thing. However, it’ll help you develop the creative and curious mindset necessary to become a great pen tester.

You’ll also find tons of online web games that simulate the pen testing experience. Although this step is far from mandatory, it’s a great way to have fun and learn in a more relaxed way.

Great CTFs and hacking web games:

  • OverTheWire
  • SmashTheStack
  • HackTheBox

5. Dip Your Toes in the Bug Bounty Experience

A bug bounty hunter will look for vulnerabilities in websites and software to report them to their developers. It’s an interesting way to make money as an ethical hacker. You should research this path when you think you know enough.

You should know the average bug bounty hunter can earn thousands of dollars if you want motivation.

However, it’ll be a humbling experience: you’ll soon realize it’s difficult to look for bugs, especially when you don’t know where to start. Most books, courses, and tutorials will hold your hand – but that’s not how the real world works.

You should get certified if you still love penetration testing.

6. Go Back To Learning and Get Certified

You need to bulk up your resume to land a penetration testing job. To do so, you need to get certifications. Doing so will take you to the next level, helping you join the workforce, so you can truly understand how penetration testing works.

The best pen testing certifications are:

  • PenTest+ (CompTIA)
  • OSCP (Offensive Security)
  • SEC504, SEC542, SEC560, and SEC660 (SANs)

After getting one or a few certs, revisit old CTFs you couldn’t hack or games you couldn’t finish. You can also set up different environments and attack them (it’s like playing chess against yourself, which is a great way to practice).

A small caveat about certifications: these are not cheap at all, and the best move would be to do the most affordable certifications, then get hired by a company willing to pay for the most expensive ones.

7. Get an Entry-level IT Job

At this point, you can call yourself a penetration tester. However, that doesn’t mean you’ve reached the ceiling. You’re on the ground floor, so getting an entry-level position to climb the corporate ladder won’t be too far-fetched.

Most ethical hackers start their career working a help desk job. It’s not the glamorous hacking lifestyle most dream about when they think about penetration testing – but it’s the best way to work close to real systems, people, and networks.

Think about your resume before you disregard this step. You have to get experience before landing the penetration tester job you want, and an entry-level position is a sound way to do so.

8. Become an Experienced Pen Tester

Learning penetration testing is half the job – now you have to prove yourself. Getting experience to become a better hacker is the next step.

You have two ways to make that happen: climb up the corporate ladder after landing your first IT job or find ways to work on the side.

Putting the work in and asking for a promotion is a good way to work the first option. Looking for better positions on job boards is also a great way to fast-track your pen testing career.

Working on the side will also help you improve (and could become a career too). You can start your own cybersecurity business, become a freelance penetration tester, or go back to doing bug bounty.

9. Stay Up to Date With the Latest Exploits

It’s impossible to have a career in penetration testing unless you’re willing to continue learning. Regularly visiting places like HackerNews and cybersecurity-related subreddits is a great way to stay updated. Following security engineers, hackers, and bug bounty hunters on Twitter is great too.

People find new vulnerabilities in software and websites all the time. In fact, this decade started with an all-time zero-day vulnerability record – something that every pen tester should keep an eye on!

At the same time, a curious mindset is a must to continue enjoying pen testing. Half the fun is learning ways to compromise (and later improve) a system.

Conclusion

The best way to become a pen tester is to learn the basics, join games and competitions, and get real-life experience. Getting certifications and staying up to date with the latest exploits is also a must to keep your edge in penetration testing. Doing bug bounty on the side will help you better your skills.

Herman McCargo

Herman is a Microsoft Certified Security Engineer and Cybersecurity Specialist. He’s been in the technology field for over 20 years and has expertise working with the most critical technology infrastructures. He has a deep understanding of cyber risks, threat mitigation and prevention, and overseeing infrastructure.