The 2011 CWE/SANS Top 25 Most Dangerous Software Errors is a list of the most widespread and critical errors that can lead to serious vulnerabilities in software. See the list here.
I think these guys nail the pros and cons of doing penetration testing work on the head.
The thing that has fascinated me about this group is their utter disregard for the consequences of their actions, especially as it relates to the average citizen. Add to that, their moral naivete, or as Dr. Gene Spafford, Executive Director of the Purdue University Center for Education and Research in Information Assurance and Security (CERIAS) put it, “it is obvious that these individuals and groups are displaying a significant political and moral bias — or blindness — they are ignoring the worst human rights offenders and criminals on the planet. It seems they are after the ego-boosting publicity, and concerned only with themselves. The claims of exposing evil is intended to fool the naive.”
The revised and second edition of Practical Packet Analysis (published by No Starch Press), teaches the reader, using Wireshark and 45 new scenarios , how to analyze packets in order to better understand network communication and troubleshoot network problems. In addition, readers learn how to:
- Use packet analysis to identify and resolve common network problems like loss of connectivity, DNS issues, sluggish speeds, and malware infections
- Build customized capture and display filters
- Monitor their network in real-time and tap live network communications
- Graph traffic patterns to visualize the data flowing across their network
- Use advanced Wireshark features to understand confusing captures
- Build statistics and reports to help them better explain technical network information to non-techies