BackTrack 4: Assuring Security by Penetration Testing
and over one million other books are available for Amazon Kindle .
Learn more
| |||||||||||||||
 Trade In this Item for up to £16.85
Trade in BackTrack 4: Assuring Security by Penetration Testing for an Amazon.co.uk gift card of up to £16.85, which you can then spend on millions of items across the site. Plus, get an extra £5 when you trade in books worth £10 or more until June 30, 2012. Trade-in values may vary (terms apply). Find more products eligible for trade-in.
|
Frequently Bought Together
Product details
|
Product Description
Product Description
BackTrack is a penetration testing and security auditing platform with advanced tools to identify, detect, and exploit any vulnerabilities uncovered in the target network environment. Applying appropriate testing methodology with defined business objectives and a scheduled test plan will result in robust penetration testing of your network.
BackTrack 4: Assuring Security by Penetration Testing is a fully focused, structured book providing guidance on developing practical penetration testing skills by demonstrating the cutting-edge hacker tools and techniques in a coherent step-by-step strategy. It offers all the essential lab preparation and testing procedures to reflect real-world attack scenarios from your business perspective in today's digital age.
The authors' experience and expertise enables them to reveal the industry's best approach for logical and systematic penetration testing.
The first and so far only book on BackTrack OS starts with lab preparation and testing procedures, explaining the basic installation and configuration set up, discussing types of penetration testing (black-box and white-box), uncovering open security testing methodologies, and proposing the BackTrack specific testing process. The authors discuss a number of security assessment tools necessary to conduct penetration testing in their respective categories (target scoping, information gathering, discovery, enumeration, vulnerability mapping, social engineering, exploitation, privilege escalation, maintaining access, and reporting), following the formal testing methodology. Each of these tools is illustrated with real-world examples to highlight their practical usage and proven configuration techniques. The authors also provide extra weaponry treasures and cite key resources that may be crucial to any professional penetration tester.
This book serves as a single professional, practical, and expert guide to developing hardcore penetration testing skills from scratch. You will be trained to make the best use of BackTrack OS either in a commercial environment or an experimental test bed.
A tactical example-driven guide for mastering the penetration testing skills with BackTrack to identify, detect, and exploit vulnerabilities at your digital doorstep.
BackTrack 4: Assuring Security by Penetration Testing is a fully focused, structured book providing guidance on developing practical penetration testing skills by demonstrating the cutting-edge hacker tools and techniques in a coherent step-by-step strategy. It offers all the essential lab preparation and testing procedures to reflect real-world attack scenarios from your business perspective in today's digital age.
The authors' experience and expertise enables them to reveal the industry's best approach for logical and systematic penetration testing.
The first and so far only book on BackTrack OS starts with lab preparation and testing procedures, explaining the basic installation and configuration set up, discussing types of penetration testing (black-box and white-box), uncovering open security testing methodologies, and proposing the BackTrack specific testing process. The authors discuss a number of security assessment tools necessary to conduct penetration testing in their respective categories (target scoping, information gathering, discovery, enumeration, vulnerability mapping, social engineering, exploitation, privilege escalation, maintaining access, and reporting), following the formal testing methodology. Each of these tools is illustrated with real-world examples to highlight their practical usage and proven configuration techniques. The authors also provide extra weaponry treasures and cite key resources that may be crucial to any professional penetration tester.
This book serves as a single professional, practical, and expert guide to developing hardcore penetration testing skills from scratch. You will be trained to make the best use of BackTrack OS either in a commercial environment or an experimental test bed.
A tactical example-driven guide for mastering the penetration testing skills with BackTrack to identify, detect, and exploit vulnerabilities at your digital doorstep.
About the Author
Shakeel Ali
Shakeel Ali is a main founder and CTO of Cipher Storm Ltd, UK. His expertise in the security industry markedly exceeds the standard number of security assessments, compliance, governance, and forensic projects that he carries in day-to-day operations. As a senior security evangelist and having spent endless nights without taking a nap, he provides constant security support to various businesses and government institutions globally. He is an active independent researcher who writes various articles, whitepapers, and manages a blog at Ethical-Hacker.net. He regularly participates in BugCon Security Conferences, Mexico, to highlight the best-of-breed cyber security threats and their solutions from practically driven countermeasures.
Tedi Heriyanto
Tedi Heriyanto currently works as a Senior Technical Consultant in an Indonesian information technology company. He has worked with several well-known institutions in Indonesia and overseas, in designing secure network architecture, deploying and managing enterprise-wide security systems, developing information security policies and procedures, doing information security audit and assessment, and giving information security awareness training. In his spare times, he manages to research, write various articles, participate in Indonesian Security Community activities, and maintain a blog site. He has shared his knowledge in information security by writing several information security and computer programming books.
Inside This Book
(Learn More)
Suggested Tags from Similar Products(What's this?)Be the first one to add a relevant tag (keyword that's strongly related to this product)
|
What Other Items Do Customers Buy After Viewing This Item?
Customer Reviews
Most Helpful Customer Reviews
7 of 7 people found the following review helpful
Format:Paperback
This book is not just about learning a bunch of command line tools for p0wning a few poorly-maintained systems. In this book, the authors do a good job exposing the reader to the many facets of pen testing, and present the readers with the opportunity to try a few new things along the way, including virtualization, Linux, and BackTrack itself.
The authors introduce the idea that pen testing is not about randomly using a collection of tools to plink around a network. Instead, a structured, procedural methodology should be used to achieve timely, thorough, and reportable results. The author's also provide a detailed description of a security testing methodology to be used with BackTrack itself.
Each step in this methodology represents an element in the penetration testing life cycle management performed for each customer. The authors describe how this organized progression allows pen testers to determine their course of action, plan for needed resources, and not waste time and resources by duplicating effort. My only complaint is that this section is too small, and deserves expanding using actual case studies.
A considerable number of pen testing tools for each step in the methodology are covered with examples and instruction. Popular tools covered include Metasploit (Meterpreter), Maltego, NMap, NetXpose, and Nessus. Tools for exploiting (uh, testing) Web servers, databases, applications, and even Cisco devices are also covered.
I was very happy to see a chapter on Social Engineering. Experienced pen testers often remark that the most penetrable area of any system are the people who use and control it. The authors provide a detailed description of the psychology, tactics, and objectives of social engineering and how it is used to penetrate the "fleshy" parts of information systems.
This book is intended to educate both novice and experienced pen testers on how to successfully use BackTrack 4. I am sure not every professional pen testing will agree with everything in this book, as it represents the personal experience of only a few people in the profession. However, novices will find a tremendous amount of hands-on practice and enlightening information related to the pen testing profession in clear and readable instructions. Pros should a few things about becoming an even more efficient and versatile pen tester too.
The authors introduce the idea that pen testing is not about randomly using a collection of tools to plink around a network. Instead, a structured, procedural methodology should be used to achieve timely, thorough, and reportable results. The author's also provide a detailed description of a security testing methodology to be used with BackTrack itself.
Each step in this methodology represents an element in the penetration testing life cycle management performed for each customer. The authors describe how this organized progression allows pen testers to determine their course of action, plan for needed resources, and not waste time and resources by duplicating effort. My only complaint is that this section is too small, and deserves expanding using actual case studies.
A considerable number of pen testing tools for each step in the methodology are covered with examples and instruction. Popular tools covered include Metasploit (Meterpreter), Maltego, NMap, NetXpose, and Nessus. Tools for exploiting (uh, testing) Web servers, databases, applications, and even Cisco devices are also covered.
I was very happy to see a chapter on Social Engineering. Experienced pen testers often remark that the most penetrable area of any system are the people who use and control it. The authors provide a detailed description of the psychology, tactics, and objectives of social engineering and how it is used to penetrate the "fleshy" parts of information systems.
This book is intended to educate both novice and experienced pen testers on how to successfully use BackTrack 4. I am sure not every professional pen testing will agree with everything in this book, as it represents the personal experience of only a few people in the profession. However, novices will find a tremendous amount of hands-on practice and enlightening information related to the pen testing profession in clear and readable instructions. Pros should a few things about becoming an even more efficient and versatile pen tester too.
7 of 7 people found the following review helpful
Format:Paperback
The authors tackle a persistent danger to many websites and networks that hang off the Internet, where often the complexity of the operating systems and applications and the interactions between these can open doors to attackers. So the basic idea of penetration testing is to preemptively probe ('attack') your system. Find the weaknesses first, before others do so.
In part, the text offers a good overview of the field, separate from the usages of BackTrack. So you get a summary of several common security testing methodologies. Including the Open Source Security Testing Methodology Manual. If you have a background in science experiments, you'll see clear parallels in how this OSSTMM approach investigates an unknown system.
As far as BackTrack is concerned, its capabilities are explored in depth through most of the text. It does seem to have covered all the bases. Like checking/scanning for open TCP and UDP ports on target machines. Or looking for live machines on a network. One thing that becomes clear is that you can treat BackTrack as a repertoire of free tools. And you can pick just a subset of these tools to initially use against your network, if you have specific needs or suspicions,
To be sure, the recommended usage is a top down one, where you treat BackTrack as an integrated whole and you systematically first plan out your entire testing. No argument from me. You should do this, if you decide to use BackTrack in the first place. But a pragmatic incremental approach might still have some merit. Where you can just choose a tool and look up its usage in the text and run it. Easy to get some experience and confidence.
In part, the text offers a good overview of the field, separate from the usages of BackTrack. So you get a summary of several common security testing methodologies. Including the Open Source Security Testing Methodology Manual. If you have a background in science experiments, you'll see clear parallels in how this OSSTMM approach investigates an unknown system.
As far as BackTrack is concerned, its capabilities are explored in depth through most of the text. It does seem to have covered all the bases. Like checking/scanning for open TCP and UDP ports on target machines. Or looking for live machines on a network. One thing that becomes clear is that you can treat BackTrack as a repertoire of free tools. And you can pick just a subset of these tools to initially use against your network, if you have specific needs or suspicions,
To be sure, the recommended usage is a top down one, where you treat BackTrack as an integrated whole and you systematically first plan out your entire testing. No argument from me. You should do this, if you decide to use BackTrack in the first place. But a pragmatic incremental approach might still have some merit. Where you can just choose a tool and look up its usage in the text and run it. Easy to get some experience and confidence.
5 of 5 people found the following review helpful
Format:Paperback
Right after I got this book, Backtrack 5 was released. My intention was to go through the book and compare/contrast things to Backtrack 5. Well, we all know the saying about the best layed plans...
That being said, I believe the information in this book to be directly applicable to Backtrack 5 and a good reference for it!
The book is a great tutorial and walk-through on how to use Backtrack for security and penetration testing, but, more than that, it offers good information about the field in general. You will go through software installations, software overviews, methodologies, tests / testing, and my favorite part, reporting and deliverables, a MUST for professional computer people.
I think this is an excellent book to add to your knowledge arsenal and you may be surprised at just how much you didn't know. I know I was. This really is an important subject for computer professionals and I cant think of a better way to brush up than by grabbing a copy today. Thumbs up!
That being said, I believe the information in this book to be directly applicable to Backtrack 5 and a good reference for it!
The book is a great tutorial and walk-through on how to use Backtrack for security and penetration testing, but, more than that, it offers good information about the field in general. You will go through software installations, software overviews, methodologies, tests / testing, and my favorite part, reporting and deliverables, a MUST for professional computer people.
I think this is an excellent book to add to your knowledge arsenal and you may be surprised at just how much you didn't know. I know I was. This really is an important subject for computer professionals and I cant think of a better way to brush up than by grabbing a copy today. Thumbs up!
Would you like to see more reviews about this item?
Were these reviews helpful?
Let us know
Most Recent Customer Reviews
Security through offensive techniques
A few days before BackTrack 5 came out the book finally arrived in my mailbox. As I also had the opportunity to play with BackTrack 5 during the time I read the book, I should be... Read more
Published 10 months ago by Jade
Develop hardcore penetration testing skills
Right after I got this book, Backtrack 5 was released. My intention was to go through the book and compare/contrast things to Backtrack 5. Read more
Published 10 months ago by Greg Spencer
One of the best BackTrack manuals
Its really great to see many positive reviews and comments before I decide to purchase this book (BackTrack 4: Assuring Security by Penetration Testing) from a local bookshop. Read more
Published 10 months ago by dd
Revealing the secrets of underground armory and next-generation...
It is one of the best penetration testing guides that helps you to understand and plan the security assessments in accordance with BackTrack testing process. Read more
Published 12 months ago by Kenneth Mongan Jr
Methodical, lists many tools of the trade
I suppose these tools are going to be in the public domain anyway, so we might as well educate white hats as well as the black hats that may know them already. Read more
Published 12 months ago by Richard J. Wagner
Journey from intelligence gathering to tactical exploitation
The book offers a fantastic option to understand and execute the process of penetration testing through an in-depth knowledge-base and fine-grained analysis. Read more
Published 12 months ago by Digital Democracy
Listmania!
Look for similar items by category
Look for similar items by subject
Feedback
- Would you like to update product info or give feedback on images?
- I am the Author, and I want to comment on my book.
- I am the Publisher, and I want to comment on this book.
|
