What goes into selecting a Web Pentesting consultant?
- OWASP Top 10 Concepts
- Decent Development Background Coding Basics
- Having a Hacker thinking psychology
- Knowledgeable in UNIX/Linux
- Participated in Bug Bounty Programs(Added Bonus)
- Attended a security conference
- Has published exploits or disclosures in Exploit-DB, Packet Storm, or other Vulnerability Databases
- Security certification is also a plus
- Knowing to code helps an pentester to understand white box logic
- Familiarity with OWASP top-10 helps design POCs and the know how of application vulnerabilities and attack vector
- Bug Bounties and Disclosures proves his/her research oriented bent of mind showing him as an exceptional researcher and learner
- Knowledge of Linux is must to handle PT distros such as Backtrack/Kali
- Certifications show he's willing to invest time to learn concepts and build his concepts and foundations. Security Conferences attendance shows his like-mindedness to mingle with hackers and keep upto date with trending hacker world.
Above points can be taken as a sampling basis.A lot more goes into making oneself a great hacker and researcher!