Penetration Tester's Open Source Toolkit, Third Edition, discusses the open source tools available to penetration testers, the ways to use them, and the situations in which they apply. Great commercial penetration testing tools can be very expensive and sometimes hard to use or of questionable accuracy. This book helps solve both of these problems. The open source, no-cost penetration testing tools presented do a great job and can be modified by the student for each situation.
This edition offers instruction on how and in which situations the penetration tester can best use them. Real-life scenarios support and expand upon explanations throughout. It also presents core technologies for each type of testing and the best tools for the job. The book consists of 10 chapters that covers a wide range of topics such as reconnaissance; scanning and enumeration; client-side attacks and human weaknesses; hacking database services; Web server and Web application testing; enterprise application testing; wireless penetrating testing; and building penetration test labs. The chapters also include case studies where the tools that are discussed are applied. New to this edition: enterprise application testing, client-side attacks and updates on Metasploit and Backtrack.
This book is for people who are interested in penetration testing or professionals engaged in penetration testing. Those working in the areas of database, network, system, or application administration, as well as architects, can gain insights into how penetration testers perform testing in their specific areas of expertise and learn what to expect from a penetration test. This book can also serve as a reference for security or audit professionals.
Rezensionen / Stimmen
"For people looking to become pen-testers, this is an excellent first step. For anyone simply curious about what pen-testing involves and who wants to try some of the techniques for themselves, it may be all you need." --Network Security,December 1 2011
"This book is relevant for a community of hackers (in the positive sense hopefully) or technical auditors. The author, Jeremy Faircloth, is a Sr. Manager/Solutions Architect for Best Buy where, with his team, he architects and maintains enterprise-wide client/server and Web-based technologies. He is a member of the Society for Technical Communication and frequently acts as a technical resource for other IT professionals. He is an expert in many areas including Web development, database administration, enterprise security, network design, large enterprise applications and project management. The author is also co-author to several technical books covering a variety of topics. The author presents in this book a kind of toolbox that can help to test systems' resiliency to penetration actions and thus revealing any exploitable vulnerabilities. The elements presented in this book should enable the design of a penetration tests laboratory." --Computers and Security
"Readers would find a rich collection of tools here.... Those with a background in this area would find the collection of tool usage and reviews helpful and would benefit from this as a resource." --BCS.org
"Jeremy Faircloth continues to write about computer and network security in ways that help the InfoSec community. In Penetration Tester's Open Source Toolkit, Third Edition he combines his sharp insight into a wide variety of technologies, diverse penetration testing approaches and several penetration testing tools (then showcases these tools in action in the case study in each chapter) so the student of penetration testing can go out and get it done. This is just the kind of writing we should be expecting from our front runners in IT to be doing to support our Enterprise." --Tim Hoffman, President, Alida Connection
"All in all Penetration Tester's Open Source Toolkit is a good read. Clear, concise and made me want to put to work the knowledge I had learnt at the end of each chapter so that I could say, yes I do understand how that works and how to use it in future tests." --review on Hakin9.org
"Intended for new and experienced penetration testers as well as database administrators, system architects, and others involved in security design, this guide to open source tools provides detailed practical information on freely available applications for security testing. Beginning with an overview of general tools, the work covers reconnaissance and scanning, client side attacks, database hacking, web and web application vulnerabilities, wireless penetration and building customized testing and penetration 'labs.' The volume includes numerous screenshots, illustrations, and code examples as well as information on where to collect the open source applications discussed in the work." --SciTech Book News
Auflage
Sprache
Verlagsort
Zielgruppe
Für höhere Schule und Studium
Beginner to intermediate penetration testers as welll as security analysts/consultants and sys. admins
Illustrationen
Approx. 170 Illustrations; Illustrations
Maße
Höhe: 235 mm
Breite: 191 mm
Gewicht
ISBN-13
978-1-59749-627-8 (9781597496278)
Copyright in bibliographic data and cover images is held by Nielsen Book Services Limited or by the publishers or by their respective licensors: all rights reserved.
Schweitzer Klassifikation
Jeremy Faircloth (CISSP, Security+, CCNA, MCSE, MCP+I, A+) is an IT practitioner with a background in a wide variety of technologies as well as experience managing technical teams at multiple Fortune 50 companies. He is a member of the Society for Technical Communication and frequently acts as a technical resource for other IT professionals through teaching and writing, using his expertise to help others expand their knowledge. Described as a "Renaissance man of IT? with over 20 years of real-world IT experience, he has become an expert in many areas including Web development, database administration, enterprise security, network design, large enterprise applications, and project management. Jeremy is also an author that has contributed to over a dozen technical books covering a variety of topics and teaches courses on many of those topics.
Autor*in
(Security+, CCNA, MCSE, MCP+I, A+), Senior Principal IT Technologist, Medtronic, Inc.
Introduction
Chapter 1. Tools of the Trad
Chapter 2. Reconnaissance
Chapter 3. Scanning and Enumeration
Chapter 4. Client-side Attacks and Human Weaknesses
Chapter 5. Hacking Database Services
Chapter 6. Web Server and Web Application Testing
Chapter 7. Network Devices
Chapter 8. Enterprise Application Testing
Chapter 9. Wireless Penetration Testing
Chapter 10. Building Penetration Test Labs
