Penetration testing for dummies / Robert Shimonski.
The go-to book for those who have some IT experience but desire more knowledge of how to gather intelligence on a target, learn the steps for mapping out a test, and discover best practices for analyzing, solving, and reporting on vulnerabilities.
Record details
- ISBN: 9781119577485
- ISBN: 1119577489
- Physical Description: xii, 232 pages : illustrations ; 24 cm.
- Publisher: Hoboken, New Jersey : John Wiley & Sons, [2020]
Content descriptions
General Note: | "Learning made easy"--Cover. Includes index. |
Formatted Contents Note: | Getting started with Pen testing -- Understanding the different types of Pen testing -- Diving in: preparations and testing -- Creating a Pen test report -- The part of tens. |
Search for related items by subject
Subject: | Penetration testing (Computer security) Computer networks > Access control. Testing > Data processing. |
Search for related items by series
Available copies
- 1 of 1 copy available at Missouri Evergreen.
- 1 of 1 copy available at Cass County. (Show)
Holds
- 1 current hold with 1 total copy.
Show Only Available Copies
Location | Call Number / Copy Notes | Barcode | Shelving Location | Status | Due Date |
---|---|---|---|---|---|
Cass County Library-Northern Resource Center | 005.8 SHI 2020 (Text) | 0002205667849 | Adult Non-Fiction | Available | - |
Penetration Testing for Dummies
Click an element below to view details:
Table of Contents
Penetration Testing for Dummies
Section | Section Description | Page Number |
---|---|---|
Introduction | p. 1 | |
About This Book | p. 1 | |
Foolish Assumptions | p. 2 | |
Icons Used in This Book | p. 2 | |
What You're Not to Read | p. 3 | |
Where to Go from Here | p. 3 | |
Part 1 | Getting Started with Pen Testing | p. 5 |
Chapter 1 | Understanding the Role Pen Testers Play in Security | p. 7 |
Looking at Pen Testing Roles | p. 8 | |
Crowdsourced pen testers | p. 8 | |
In-house security pro | p. 9 | |
Security consultant | p. 10 | |
Getting Certified | p. 10 | |
Gaining the Basic Skills to Pen Test | p. 10 | |
Basic networking | p. 12 | |
General security technology | p. 14 | |
Systems infrastructure and applications | p. 15 | |
Mobile and cloud | p. 16 | |
Introducing Cybercrime | p. 16 | |
What You Need to Get Started | p. 18 | |
Deciding How and When to Pen Test | p. 19 | |
Taking Your First Steps | p. 21 | |
Chapter 2 | An Overview Look at Pen Testing | p. 23 |
The Goals of Pen Testing | p. 23 | |
Protecting assets | p. 24 | |
Identifying risk | p. 24 | |
Finding vulnerabilities | p. 26 | |
Scanning and assessing | p. 27 | |
Securing operations | p. 28 | |
Responding to incidents | p. 29 | |
Scanning Maintenance | p. 31 | |
Exclusions and ping sweeps | p. 31 | |
Patching | p. 32 | |
Antivirus and other technologies | p. 33 | |
Compliance | p. 34 | |
Hacker Agenda | p. 35 | |
Hackivist | p. 36 | |
Script kiddie to elite | p. 36 | |
White hat | p. 36 | |
Grey hat | p. 37 | |
Black hat | p. 37 | |
Doing Active Reconnaissance: How Hackers Gather Intelligence | p. 37 | |
Chapter 3 | Gathering Your Tools | p. 39 |
Considerations for Your Toolkit | p. 39 | |
Nessus | p. 40 | |
Wireshark | p. 43 | |
Kali Linux | p. 46 | |
Nmap | p. 49 | |
Part 2 | Understanding the Different Types of Pen Testing | p. 51 |
Chapter 4 | Penetrate and Exploit | p. 53 |
Understanding Vectors and the Art of Hacking | p. 54 | |
Examining Types of Penetration Attacks | p. 55 | |
Social engineering | p. 55 | |
Client-side and server-side attacks | p. 60 | |
Password cracking | p. 62 | |
Cryptology and Encryption | p. 63 | |
SSL/TLS | p. 64 | |
SSH | p. 64 | |
IPsec | p. 65 | |
Using Metasploit Framework and Pro | p. 65 | |
Chapter 5 | Assumption (Man in the Middle) | p. 69 |
Toolkit Fundamentals | p. 70 | |
Burp Suite | p. 70 | |
Wireshark | p. 72 | |
Listening In to Collect Data | p. 74 | |
Address spoofing | p. 74 | |
Eavesdropping | p. 75 | |
Packet capture and analysis | p. 77 | |
Key loggers | p. 77 | |
Card skimmers | p. 77 | |
USB drives | p. 78 | |
Chapter 6 | Overwhelm and Disrupt (DoS/DDoS) | p. 79 |
Toolkit Fundamentals | p. 80 | |
Kali | p. 80 | |
Kali T50 Mixed Packet Injector tool | p. 83 | |
Understanding Denial of Service (DoS) Attacks | p. 84 | |
Buffer Overflow Attacks | p. 86 | |
Fragmentation Attacks | p. 88 | |
Smurf Attacks | p. 90 | |
Tiny Packet Attacks | p. 91 | |
Xmas Tree Attacks | p. 91 | |
Chapter 7 | Destroy (Malware) | p. 93 |
Toolkit Fundamentals | p. 94 | |
Antivirus software and other tools | p. 94 | |
Nessus | p. 94 | |
Malware | p. 97 | |
Ransomware | p. 99 | |
Other Types of Destroy Attacks | p. 101 | |
Chapter 8 | Subvert (Controls Bypass) | p. 103 |
Toolkit Fundamentals | p. 103 | |
Antivirus software and other tools | p. 104 | |
Nmap | p. 104 | |
Attack Vectors | p. 109 | |
Phishing | p. 111 | |
Spoofing | p. 111 | |
Malware | p. 112 | |
Using malware to find a way in | p. 112 | |
Bypassing AV software | p. 113 | |
Part 3 | Diving In: Preparations and Testing | p. 115 |
Chapter 9 | Preparing for the Pen Test | p. 117 |
Handling the Preliminary Logistics | p. 117 | |
Holding an initial meeting | p. 118 | |
Gaining permission | p. 120 | |
Following change control | p. 121 | |
Keeping backups | p. 121 | |
Having documentation | p. 121 | |
Gathering Requirements | p. 121 | |
Reviewing past test results | p. 122 | |
Consulting the risk register | p. 122 | |
Coming Up with a Plan | p. 124 | |
Selecting a projector scan type | p. 125 | |
Selecting the tool(s) | p. 125 | |
Having a Backout Plan | p. 127 | |
Chapter 10 | Conducting a Penetration Test | p. 129 |
Attack! | p. 130 | |
Infiltration | p. 131 | |
Penetration | p. 133 | |
Exploitation | p. 134 | |
APT | p. 135 | |
Exfiltration (and success) | p. 135 | |
Next steps | p. 135 | |
Looking at the Pen Test from Inside | p. 136 | |
Documenting Your Every Move | p. 136 | |
Network mapping | p. 137 | |
Updating the risk register | p. 138 | |
Maintaining balance | p. 138 | |
Other Capture Methods and Vectors | p. 139 | |
Assessment | p. 139 | |
Infiltrate | p. 140 | |
Penetrate | p. 140 | |
Exploit | p. 141 | |
Exfiltrate | p. 141 | |
Prevention | p. 142 | |
Hardening | p. 142 | |
Active monitoring | p. 143 | |
Retesting | p. 143 | |
Devising best practices from lessons learned | p. 143 | |
Part 4 | Creating a Pen Test Report | p. 147 |
Chapter 11 | Reporting | p. 149 |
Structuring the Pen Test Report | p. 150 | |
Executive Summary | p. 150 | |
Tools, Methods, and Vectors | p. 152 | |
Detailed findings | p. 153 | |
Conclusion | p. 154 | |
Recommendations | p. 155 | |
Appendix/Appendices | p. 155 | |
Creating a Professional and Accurate Report | p. 156 | |
Be professional | p. 156 | |
Stay focused | p. 156 | |
Avoid false positives | p. 156 | |
Classify your data | p. 157 | |
Encourage staff awareness and training | p. 157 | |
Delivering the Report: Report Out Fundamentals | p. 157 | |
Updating the Risk Register | p. 158 | |
Chapter 12 | Making Recommendations | p. 161 |
Understanding Why Recommendations Are Necessary | p. 162 | |
Seeing How Assessments Fit into Recommendations | p. 162 | |
Networks | p. 165 | |
General network hardening | p. 165 | |
Network segmentation | p. 166 | |
Internal network | p. 167 | |
Wired/wireless | p. 168 | |
External | p. 168 | |
Systems | p. 168 | |
Servers | p. 169 | |
Client-side | p. 170 | |
Infrastructure | p. 171 | |
Mobile | p. 172 | |
Cloud | p. 172 | |
General Security Recommendations: All Systems | p. 173 | |
Ports | p. 173 | |
Unneeded services | p. 173 | |
A patch schedule | p. 174 | |
Firewalls | p. 174 | |
AV software | p. 174 | |
Sharing resources | p. 175 | |
Encryption | p. 176 | |
More Recommendations | p. 177 | |
Segmentation and visualization | p. 177 | |
Access control | p. 177 | |
Backups | p. 178 | |
Securing logs | p. 179 | |
Awareness and social engineering | p. 179 | |
Chapter 13 | Retesting | p. 181 |
Looking at the Benefits of Retesting | p. 182 | |
Understanding the Reiterative Nature of Pen Testing and Retesting | p. 183 | |
Determining When to Retest | p. 184 | |
Choosing What to Retest | p. 185 | |
Consulting your documentation | p. 185 | |
Reviewing the report | p. 187 | |
Reviewing the risk register | p. 188 | |
Running a Pen Retest | p. 189 | |
Part 5 | The Part of Tens | p. 191 |
Chapter 14 | Top Ten Myths About Pen Testing | p. 193 |
All Forms of Ethical Hacking Are the Same | p. 194 | |
We Can't Afford a Pen Tester | p. 194 | |
We Can't Trust a Pen Tester | p. 195 | |
We Don't Trust the Tools | p. 196 | |
Pen Tests Are Not Done Often | p. 197 | |
Pen Tests Are Only for Technical Systems | p. 198 | |
Contractors Can't Make Great Pen Testers | p. 199 | |
Pen Test Tool Kits Must Be Standardized | p. 199 | |
Pen Testing Itself is a Myth and Unneeded | p. 200 | |
Pen Testers Know Enough and Don't Need to Continue to Learn | p. 200 | |
Chapter 15 | Ten Tips to Refine Your Pen Testing Skills | p. 201 |
Continue Your Education | p. 201 | |
Build Your Toolkit | p. 202 | |
Think outside the Box | p. 203 | |
Think Like a Hacker | p. 204 | |
Get Involved | p. 204 | |
Use a Lab | p. 205 | |
Stay Informed | p. 207 | |
Stay Ahead of New Technologies | p. 207 | |
Build Your Reputation | p. 207 | |
Learn about Physical Security | p. 208 | |
Chapter 16 | Ten Sites to Learn More About Pen Testing | p. 209 |
SANS Institute | p. 210 | |
GIAC Certifications | p. 211 | |
Software Engineering Institute | p. 211 | |
(Assorted) Legal Penetration Sites | p. 212 | |
Open Web Application Security Project | p. 212 | |
Tenable | p. 213 | |
Nmap | p. 214 | |
Wireshark | p. 214 | |
Dark Reading | p. 215 | |
Offensive Security | p. 215 | |
Index | p. 217 |