I have been delivering pentesting courses to undergraduate and postgraduate students for several years, and have worked closely with professional pentesters and pentest brokers. The majority of students I teach will go into the CyberSecurity industry, obtaining employment as professionals within the sector for a wide range of well known (and not so well known) businesses and organisations.
This workshop is a necessarily short introduction to the work of a pentester. We will consider the legal requirements, the learning environments, the tools used, and then we will explore the basics of an actual pentest. We will reference the OWASP Top 10, but we will also look at the contents of a scoping document, and how to structure a pentest by selecting relevant ideas from a range of pentesting methodologies.