Book
Penetration testing for dummies / Robert Shimonski.
The go-to book for those who have some IT experience but desire more knowledge of how to gather intelligence on a target, learn the steps for mapping out a test, and discover best practices for analyzing, solving, and reporting on vulnerabilities.
Record details
- ISBN: 9781119577485
- ISBN: 1119577489
- Physical Description: xii, 232 pages : illustrations ; 24 cm.
- Publisher: Hoboken, New Jersey : John Wiley & Sons, [2020]
Content descriptions
| General Note: | "Learning made easy"--Cover. Includes index. |
| Formatted Contents Note: | Getting started with Pen testing -- Understanding the different types of Pen testing -- Diving in: preparations and testing -- Creating a Pen test report -- The part of tens. |
Search for related items by subject
| Subject: | Penetration testing (Computer security) Computer networks > Access control. Testing > Data processing. |
Search for related items by series
Available copies
- 1 of 1 copy available at Missouri Evergreen.
- 1 of 1 copy available at Cass County. (Show)
Holds
- 1 current hold with 1 total copy.
Show Only Available Copies
| Location | Call Number / Copy Notes | Barcode | Shelving Location | Status | Due Date |
|---|---|---|---|---|---|
| Cass County Library-Northern Resource Center | 005.8 SHI 2020 (Text) | 0002205667849 | Adult Non-Fiction | Available | - |
Penetration Testing for Dummies
Click an element below to view details:
Table of Contents
Penetration Testing for Dummies
| Section | Section Description | Page Number |
|---|---|---|
| Introduction | p. 1 | |
| About This Book | p. 1 | |
| Foolish Assumptions | p. 2 | |
| Icons Used in This Book | p. 2 | |
| What You're Not to Read | p. 3 | |
| Where to Go from Here | p. 3 | |
| Part 1 | Getting Started with Pen Testing | p. 5 |
| Chapter 1 | Understanding the Role Pen Testers Play in Security | p. 7 |
| Looking at Pen Testing Roles | p. 8 | |
| Crowdsourced pen testers | p. 8 | |
| In-house security pro | p. 9 | |
| Security consultant | p. 10 | |
| Getting Certified | p. 10 | |
| Gaining the Basic Skills to Pen Test | p. 10 | |
| Basic networking | p. 12 | |
| General security technology | p. 14 | |
| Systems infrastructure and applications | p. 15 | |
| Mobile and cloud | p. 16 | |
| Introducing Cybercrime | p. 16 | |
| What You Need to Get Started | p. 18 | |
| Deciding How and When to Pen Test | p. 19 | |
| Taking Your First Steps | p. 21 | |
| Chapter 2 | An Overview Look at Pen Testing | p. 23 |
| The Goals of Pen Testing | p. 23 | |
| Protecting assets | p. 24 | |
| Identifying risk | p. 24 | |
| Finding vulnerabilities | p. 26 | |
| Scanning and assessing | p. 27 | |
| Securing operations | p. 28 | |
| Responding to incidents | p. 29 | |
| Scanning Maintenance | p. 31 | |
| Exclusions and ping sweeps | p. 31 | |
| Patching | p. 32 | |
| Antivirus and other technologies | p. 33 | |
| Compliance | p. 34 | |
| Hacker Agenda | p. 35 | |
| Hackivist | p. 36 | |
| Script kiddie to elite | p. 36 | |
| White hat | p. 36 | |
| Grey hat | p. 37 | |
| Black hat | p. 37 | |
| Doing Active Reconnaissance: How Hackers Gather Intelligence | p. 37 | |
| Chapter 3 | Gathering Your Tools | p. 39 |
| Considerations for Your Toolkit | p. 39 | |
| Nessus | p. 40 | |
| Wireshark | p. 43 | |
| Kali Linux | p. 46 | |
| Nmap | p. 49 | |
| Part 2 | Understanding the Different Types of Pen Testing | p. 51 |
| Chapter 4 | Penetrate and Exploit | p. 53 |
| Understanding Vectors and the Art of Hacking | p. 54 | |
| Examining Types of Penetration Attacks | p. 55 | |
| Social engineering | p. 55 | |
| Client-side and server-side attacks | p. 60 | |
| Password cracking | p. 62 | |
| Cryptology and Encryption | p. 63 | |
| SSL/TLS | p. 64 | |
| SSH | p. 64 | |
| IPsec | p. 65 | |
| Using Metasploit Framework and Pro | p. 65 | |
| Chapter 5 | Assumption (Man in the Middle) | p. 69 |
| Toolkit Fundamentals | p. 70 | |
| Burp Suite | p. 70 | |
| Wireshark | p. 72 | |
| Listening In to Collect Data | p. 74 | |
| Address spoofing | p. 74 | |
| Eavesdropping | p. 75 | |
| Packet capture and analysis | p. 77 | |
| Key loggers | p. 77 | |
| Card skimmers | p. 77 | |
| USB drives | p. 78 | |
| Chapter 6 | Overwhelm and Disrupt (DoS/DDoS) | p. 79 |
| Toolkit Fundamentals | p. 80 | |
| Kali | p. 80 | |
| Kali T50 Mixed Packet Injector tool | p. 83 | |
| Understanding Denial of Service (DoS) Attacks | p. 84 | |
| Buffer Overflow Attacks | p. 86 | |
| Fragmentation Attacks | p. 88 | |
| Smurf Attacks | p. 90 | |
| Tiny Packet Attacks | p. 91 | |
| Xmas Tree Attacks | p. 91 | |
| Chapter 7 | Destroy (Malware) | p. 93 |
| Toolkit Fundamentals | p. 94 | |
| Antivirus software and other tools | p. 94 | |
| Nessus | p. 94 | |
| Malware | p. 97 | |
| Ransomware | p. 99 | |
| Other Types of Destroy Attacks | p. 101 | |
| Chapter 8 | Subvert (Controls Bypass) | p. 103 |
| Toolkit Fundamentals | p. 103 | |
| Antivirus software and other tools | p. 104 | |
| Nmap | p. 104 | |
| Attack Vectors | p. 109 | |
| Phishing | p. 111 | |
| Spoofing | p. 111 | |
| Malware | p. 112 | |
| Using malware to find a way in | p. 112 | |
| Bypassing AV software | p. 113 | |
| Part 3 | Diving In: Preparations and Testing | p. 115 |
| Chapter 9 | Preparing for the Pen Test | p. 117 |
| Handling the Preliminary Logistics | p. 117 | |
| Holding an initial meeting | p. 118 | |
| Gaining permission | p. 120 | |
| Following change control | p. 121 | |
| Keeping backups | p. 121 | |
| Having documentation | p. 121 | |
| Gathering Requirements | p. 121 | |
| Reviewing past test results | p. 122 | |
| Consulting the risk register | p. 122 | |
| Coming Up with a Plan | p. 124 | |
| Selecting a projector scan type | p. 125 | |
| Selecting the tool(s) | p. 125 | |
| Having a Backout Plan | p. 127 | |
| Chapter 10 | Conducting a Penetration Test | p. 129 |
| Attack! | p. 130 | |
| Infiltration | p. 131 | |
| Penetration | p. 133 | |
| Exploitation | p. 134 | |
| APT | p. 135 | |
| Exfiltration (and success) | p. 135 | |
| Next steps | p. 135 | |
| Looking at the Pen Test from Inside | p. 136 | |
| Documenting Your Every Move | p. 136 | |
| Network mapping | p. 137 | |
| Updating the risk register | p. 138 | |
| Maintaining balance | p. 138 | |
| Other Capture Methods and Vectors | p. 139 | |
| Assessment | p. 139 | |
| Infiltrate | p. 140 | |
| Penetrate | p. 140 | |
| Exploit | p. 141 | |
| Exfiltrate | p. 141 | |
| Prevention | p. 142 | |
| Hardening | p. 142 | |
| Active monitoring | p. 143 | |
| Retesting | p. 143 | |
| Devising best practices from lessons learned | p. 143 | |
| Part 4 | Creating a Pen Test Report | p. 147 |
| Chapter 11 | Reporting | p. 149 |
| Structuring the Pen Test Report | p. 150 | |
| Executive Summary | p. 150 | |
| Tools, Methods, and Vectors | p. 152 | |
| Detailed findings | p. 153 | |
| Conclusion | p. 154 | |
| Recommendations | p. 155 | |
| Appendix/Appendices | p. 155 | |
| Creating a Professional and Accurate Report | p. 156 | |
| Be professional | p. 156 | |
| Stay focused | p. 156 | |
| Avoid false positives | p. 156 | |
| Classify your data | p. 157 | |
| Encourage staff awareness and training | p. 157 | |
| Delivering the Report: Report Out Fundamentals | p. 157 | |
| Updating the Risk Register | p. 158 | |
| Chapter 12 | Making Recommendations | p. 161 |
| Understanding Why Recommendations Are Necessary | p. 162 | |
| Seeing How Assessments Fit into Recommendations | p. 162 | |
| Networks | p. 165 | |
| General network hardening | p. 165 | |
| Network segmentation | p. 166 | |
| Internal network | p. 167 | |
| Wired/wireless | p. 168 | |
| External | p. 168 | |
| Systems | p. 168 | |
| Servers | p. 169 | |
| Client-side | p. 170 | |
| Infrastructure | p. 171 | |
| Mobile | p. 172 | |
| Cloud | p. 172 | |
| General Security Recommendations: All Systems | p. 173 | |
| Ports | p. 173 | |
| Unneeded services | p. 173 | |
| A patch schedule | p. 174 | |
| Firewalls | p. 174 | |
| AV software | p. 174 | |
| Sharing resources | p. 175 | |
| Encryption | p. 176 | |
| More Recommendations | p. 177 | |
| Segmentation and visualization | p. 177 | |
| Access control | p. 177 | |
| Backups | p. 178 | |
| Securing logs | p. 179 | |
| Awareness and social engineering | p. 179 | |
| Chapter 13 | Retesting | p. 181 |
| Looking at the Benefits of Retesting | p. 182 | |
| Understanding the Reiterative Nature of Pen Testing and Retesting | p. 183 | |
| Determining When to Retest | p. 184 | |
| Choosing What to Retest | p. 185 | |
| Consulting your documentation | p. 185 | |
| Reviewing the report | p. 187 | |
| Reviewing the risk register | p. 188 | |
| Running a Pen Retest | p. 189 | |
| Part 5 | The Part of Tens | p. 191 |
| Chapter 14 | Top Ten Myths About Pen Testing | p. 193 |
| All Forms of Ethical Hacking Are the Same | p. 194 | |
| We Can't Afford a Pen Tester | p. 194 | |
| We Can't Trust a Pen Tester | p. 195 | |
| We Don't Trust the Tools | p. 196 | |
| Pen Tests Are Not Done Often | p. 197 | |
| Pen Tests Are Only for Technical Systems | p. 198 | |
| Contractors Can't Make Great Pen Testers | p. 199 | |
| Pen Test Tool Kits Must Be Standardized | p. 199 | |
| Pen Testing Itself is a Myth and Unneeded | p. 200 | |
| Pen Testers Know Enough and Don't Need to Continue to Learn | p. 200 | |
| Chapter 15 | Ten Tips to Refine Your Pen Testing Skills | p. 201 |
| Continue Your Education | p. 201 | |
| Build Your Toolkit | p. 202 | |
| Think outside the Box | p. 203 | |
| Think Like a Hacker | p. 204 | |
| Get Involved | p. 204 | |
| Use a Lab | p. 205 | |
| Stay Informed | p. 207 | |
| Stay Ahead of New Technologies | p. 207 | |
| Build Your Reputation | p. 207 | |
| Learn about Physical Security | p. 208 | |
| Chapter 16 | Ten Sites to Learn More About Pen Testing | p. 209 |
| SANS Institute | p. 210 | |
| GIAC Certifications | p. 211 | |
| Software Engineering Institute | p. 211 | |
| (Assorted) Legal Penetration Sites | p. 212 | |
| Open Web Application Security Project | p. 212 | |
| Tenable | p. 213 | |
| Nmap | p. 214 | |
| Wireshark | p. 214 | |
| Dark Reading | p. 215 | |
| Offensive Security | p. 215 | |
| Index | p. 217 |
Descriptive content provided by Syndetics™, a ProQuest® service.
Click here for Terms of Use.
Click here for Terms of Use.
