Atnaujinkite slapukų nuostatas

Penetration Testing For Dummies [Minkštas viršelis]

3.33/5 (8 ratings by Goodreads)
  • Formatas: Paperback / softback, 256 pages, aukštis x plotis x storis: 234x185x15 mm, weight: 340 g
  • Išleidimo metai: 03-Jul-2020
  • Leidėjas: For Dummies
  • ISBN-10: 1119577489
  • ISBN-13: 9781119577485
Kitos knygos pagal šią temą:
Penetration Testing For DummiesDidesnis paveikslėlis
  • Formatas: Paperback / softback, 256 pages, aukštis x plotis x storis: 234x185x15 mm, weight: 340 g
  • Išleidimo metai: 03-Jul-2020
  • Leidėjas: For Dummies
  • ISBN-10: 1119577489
  • ISBN-13: 9781119577485
Kitos knygos pagal šią temą:
Pastovi nuoroda: https://www.kriso.lt/db/9781119577485.html
Raktažodžiai:

Target, test, analyze, and report on security vulnerabilities with pen testing

Pen Testing is necessary for companies looking to target, test, analyze, and patch the security vulnerabilities from hackers attempting to break into and compromise their organizations data. It takes a person with hacking skills to look for the weaknesses that make an organization susceptible to hacking. 

Pen Testing For Dummies aims to equip IT enthusiasts at various levels with the basic knowledge of pen testing. It is the go-to book for those who have some IT experience but desire more knowledge of how to gather intelligence on a target, learn the steps for mapping out a test, and discover best practices for analyzing, solving, and reporting on vulnerabilities.

  • The different phases of a pen test from pre-engagement to completion
  • Threat modeling and understanding risk
  • When to apply vulnerability management vs penetration testing
  • Ways to keep your pen testing skills sharp, relevant, and at the top of the game

 

Get ready to gather intelligence, discover the steps for mapping out tests, and analyze and report results!

Introduction 1(1)
About This Book 1(1)
Foolish Assumptions 2(1)
Icons Used in This Book 2(1)
What You're Not to Read 3(1)
Where to Go from Here 3(2)
PART 1 GETTING STARTED WITH PEN TESTING
5(46)
Chapter 1 Understanding the Role Pen Testers Play in Security
7(16)
Looking at Pen Testing Roles
8(2)
Crowdsourced pen testers
8(1)
In-house security pro
9(1)
Security consultant
10(1)
Getting Certified
10(1)
Gaining the Basic Skills to Pen Test
10(6)
Basic networking
12(2)
General security technology
14(1)
Systems infrastructure and applications
15(1)
Mobile and cloud
16(1)
Introducing Cybercrime
16(2)
What You Need to Get Started
18(1)
Deciding How and When to Pen Test
19(2)
Taking Your First Steps
21(2)
Chapter 2 An Overview Look at Pen Testing
23(16)
The Goals of Pen Testing
23(8)
Protecting assets
24(1)
Identifying risk
24(2)
Finding vulnerabilities
26(1)
Scanning and assessing
27(1)
Securing operations
28(1)
Responding to incidents
29(2)
Scanning Maintenance
31(4)
Exclusions and ping sweeps
31(1)
Patching
32(1)
Antivirus and other technologies
33(1)
Compliance
34(1)
Hacker Agenda
35(2)
Hackivist
36(1)
Script kiddie to elite
36(1)
White hat
36(1)
Grey hat
37(1)
Black hat
37(1)
Doing Active Reconnaissance: How Hackers Gather Intelligence
37(2)
Chapter 3 Gathering Your Tools
39(12)
Considerations for Your Toolkit
39(1)
Nessus
40(3)
Wireshark
43(3)
Kali Linux
46(3)
Nmap
49(2)
PART 2 UNDERSTANDING THE DIFFERENT TYPES OF PEN TESTING
51(64)
Chapter 4 Penetrate and Exploit
53(16)
Understanding Vectors and the Art of Hacking
54(1)
Examining Types of Penetration Attacks
55(8)
Social engineering
55(5)
Client-side and server-side attacks
60(2)
Password cracking
62(1)
Cryptology and Encryption
63(2)
SSL/TLS
64(1)
SSH
64(1)
IPsec
65(1)
Using Metasploit Framework and Pro
65(4)
Chapter 5 Assumption (Man in the Middle)
69(10)
Toolkit Fundamentals
70(4)
Burp Suite
70(2)
Wireshark
72(2)
Listening In to Collect Data
74(5)
Address spoofing
74(1)
Eavesdropping
75(2)
Packet capture and analysis
77(1)
Key loggers
77(1)
Card skimmers
77(1)
USB drives
78(1)
Chapter 6 Overwhelm and Disrupt (DoS/DDoS)
79(14)
Toolkit Fundamentals
80(4)
Kali
80(3)
Kali T50 Mixed Packet Injector tool
83(1)
Understanding Denial of Service (DoS) Attacks
84(2)
Buffer Overflow Attacks
86(2)
Fragmentation Attacks
88(2)
Smurf Attacks
90(1)
Tiny Packet Attacks
91(1)
Xmas Tree Attacks
91(2)
Chapter 7 Destroy (Malware)
93(10)
Toolkit Fundamentals
94(3)
Antivirus software and other tools
94(1)
Nessus
94(3)
Malware
97(2)
Ransomware
99(2)
Other Types of Destroy Attacks
101(2)
Chapter 8 Subvert (Controls Bypass)
103(12)
Toolkit Fundamentals
103(6)
Antivirus software and other tools
104(1)
Nmap
104(5)
Attack Vectors
109(2)
Phishing
111(1)
Spoofing
111(1)
Malware
112(3)
Using malware to find a way in
112(1)
Bypassing AV software
113(2)
PART 3 DIVING IN: PREPARATIONS AND TESTING
115(32)
Chapter 9 Preparing for the Pen Test
111(18)
Handling the Preliminary Logistics
117(4)
Holding an initial meeting
118(2)
Gaining permission
120(1)
Following change control
121(1)
Keeping backups
121(1)
Having documentation
121(1)
Gathering Requirements
121(3)
Reviewing past test results
122(1)
Consulting the risk register
122(2)
Coming Up with a Plan
124(3)
Selecting a project or scan type
125(1)
Selecting the tool(s)
125(2)
Having a Backout Plan
127(2)
Chapter 10 Conducting a Penetration Test
129(18)
Attack!
130(6)
Infiltration
131(2)
Penetration
133(1)
Exploitation
134(1)
APT
135(1)
Exfiltration (and success)
135(1)
Next steps
135(1)
Looking at the Pen Test from Inside
136(1)
Documenting Your Every Move
136(3)
Network mapping
137(1)
Updating the risk register
138(1)
Maintaining balance
138(1)
Other Capture Methods and Vectors
139(1)
Assessment
139(3)
Infiltrate
140(1)
Penetrate
140(1)
Exploit
141(1)
Exfiltrate
141(1)
Prevention
142(5)
Hardening
142(1)
Active monitoring
143(1)
Retesting
143(1)
Devising best practices from lessons learned
143(4)
PART 4 CREATING A PEN TEST REPORT
147(44)
Chapter 11 Reporting
149(12)
Structuring the Pen Test Report
150(6)
Executive Summary
150(2)
Tools, Methods, and Vectors
152(1)
Detailed findings
153(1)
Conclusion
154(1)
Recommendations
155(1)
Appendix/Appendices
155(1)
Creating a Professional and Accurate Report
156(1)
Be professional
156(1)
Stay focused
156(1)
Avoid false positives
156(1)
Classify your data
157(1)
Encourage staff awareness and training
157(1)
Delivering the Report: Report Out Fundamentals
157(1)
Updating the Risk Register
158(3)
Chapter 12 Making Recommendations
161(20)
Understanding Why Recommendations Are Necessary
162(1)
Seeing How Assessments Fit into Recommendations
162(3)
Networks
165(3)
General network hardening
165(1)
Network segmentation
166(1)
Internal network
167(1)
Wired/wireless
168(1)
External
168(1)
Systems
168(5)
Servers
169(1)
Client-side
170(1)
Infrastructure
171(1)
Mobile
172(1)
Cloud
172(1)
General Security Recommendations: All Systems
173(4)
Ports
173(1)
Unneeded services
173(1)
A patch schedule
174(1)
Firewalls
174(1)
AV software
174(1)
Sharing resources
175(1)
Encryption
176(1)
More Recommendations
177(4)
Segmentation and virtualization
177(1)
Access control
177(1)
Backups
178(1)
Securing logs
179(1)
Awareness and social engineering
179(2)
Chapter 13 Retesting
181(10)
Looking at the Benefits of Retesting
182(1)
Understanding the Reiterative Nature of Pen Testing and Retesting
183(1)
Determining When to Retest
184(1)
Choosing What to Retest
185(4)
Consulting your documentation
185(2)
Reviewing the report
187(1)
Reviewing the risk register
188(1)
Running a Pen Retest
189(2)
PART 5 THE PART OF TENS
191(26)
Chapter 14 Top Ten Myths About Pen Testing
193(8)
All Forms of Ethical Hacking Are the Same
194(1)
We Can't Afford a Pen Tester
194(1)
We Can't Trust a Pen Tester
195(1)
We Don't Trust the Tools
196(1)
Pen Tests Are Not Done Often
197(1)
Pen Tests Are Only for Technical Systems
198(1)
Contractors Can't Make Great Pen Testers
199(1)
Pen Test Tool Kits Must Be Standardized
199(1)
Pen Testing Itself Is a Myth and Unneeded
200(1)
Pen Testers Know Enough and Don't Need to Continue to Learn
200(1)
Chapter 15 Ten Tips to Refine Your Pen Testing Skills
201(8)
Continue Your Education
201(1)
Build Your Toolkit
202(1)
Think outside the Box
203(1)
Think Like a Hacker
204(1)
Get Involved
204(1)
Use a Lab
205(2)
Stay Informed
207(1)
Stay Ahead of New Technologies
207(1)
Build Your Reputation
207(1)
Learn about Physical Security
208(1)
Chapter 16 Ten Sites to Learn More About Pen Testing
209(8)
SANS Institute
210(1)
GIAC Certifications
211(1)
Software Engineering Institute
211(1)
(Assorted) Legal Penetration Sites
212(1)
Open Web Application Security Project
212(1)
Tenable
213(1)
Nmap
214(1)
Wireshark
214(1)
Dark Reading
215(1)
Offensive Security
215(2)
Index 217
Robert Shimonski is an ethical hacker and a professional IT leader who has led numerous efforts to architect, design, strategize and implement enterprise solutions that must remain secure. Rob has been involved in security and technology operations for over 25 years and has written his books from the trenches of experience.