What skills do I need to be a security tester?
Security testing is the buzz word these days, in almost all aspects of software testing. And that's for a good reason, too! Too many applications are being written with poor security, and too much personal information is being exposed across the Internet. I'm often asked what a tester needs in order to move into security testing. My initial answer is "good for you for even asking!" Not many testers give this much consideration to their career. Let's take a second and probe what skills one needs to be a good security tester.
The first aspects of a successful security tester are shared amongst all good testers: curiosity and a drive for perfection. If you find yourself wondering how something is made, asking how you might break it, and naming what's wrong with it, you are a member of a very elite group of professional testers! If you keep following these instincts, you have a distinguished career ahead of you. However, you still don't have everything it takes to succeed in security testing.
A great first step is to master the art of testing the OWASP top ten exploits. These exploits exist in most Web applications at the completion of the development cycle. They're 'low hanging fruit' and they're the vulnerabilities hackers are looking for when they're scanning for targets of opportunity (rather than targets of choice). Implementing Top Ten testing will result in a relatively secure application, much like locking doors and windows secure the home against the average intruder. Numerous companies are requiring their applications to be tested for Top Ten exploits, so developing an expertise in these areas will benefit you dramatically.
If you thought software testing in general was fun, just wait till you try security testing!