Professional Penetration Testing: Volume 1 and over 2 million other books are available for Amazon Kindle . Learn more
Buy Used
+ £2.80 UK delivery
Used: Very Good | Details
Sold by Nearfine
Condition: Used: Very Good
Comment: Gently used. Expect delivery in 2-3 weeks.
Trade in your item
Get a £10.46
Gift Card.
Have one to sell?
Flip to back Flip to front
Listen Playing... Paused   You're listening to a sample of the Audible audio edition.
Learn more
See this image

Professional Penetration Testing Paperback – 25 Sep 2009

See all 3 formats and editions Hide other formats and editions
Amazon Price New from Used from
Kindle Edition
"Please retry"
"Please retry"
£15.65 £15.64

There is a newer edition of this item:

Trade In this Item for up to £10.46
Trade in Professional Penetration Testing for an Amazon Gift Card of up to £10.46, which you can then spend on millions of items across the site. Trade-in values may vary (terms apply). Learn more

Product details

  • Paperback: 750 pages
  • Publisher: Syngress; Pap/Cdr edition (25 Sept. 2009)
  • Language: English
  • ISBN-10: 1597494259
  • ISBN-13: 978-1597494250
  • Product Dimensions: 23.1 x 18.8 x 3 cm
  • Average Customer Review: 4.2 out of 5 stars  See all reviews (4 customer reviews)
  • Amazon Bestsellers Rank: 639,816 in Books (See Top 100 in Books)

More About the Author

Discover books, learn about writers, and more.

Product Description


"Wilhelm has created the ultimate handbook for becoming a pen tester. This is going to help launch many a career." - Richard Stiennon, Chief Research Analyst, IT-Harvest "Professional Penetration Testing covers everything from ethical concerns, to advance concepts, to setting up your own custom laboratory. It is the most comprehensive and authoritative guide at penetration testing that I have seen. Tom Wilhelm is a true expert in the field who not only is in the trenches on a daily basis, but also takes the time to instruct others on the ways and means of pen testing." -Frank Thornton, Owner, Blackthorn Systems

About the Author

Thomas Wilhelm has been in involved in Information Security since 1990, when he served in the Army for eight years as a Signals Intelligence Analyst, Russian Linguist, and Cryptanalyst. A speaker at security conferences across the U.S., he is employed by a Fortune 500 company to conduct Risk Assessments, participate and lead in external and internal Penetration Testing efforts, and manage Information Systems Security projects. Wilhelm is also a doctoral student, holding a Masters degree in both Computer Science and Management, and has obtained the following certifications: ISSMP CISSP SCSECA SCNA SCSA IAM. Wilhelm dedicates some of his time as an Adjunct Professor at Colorado Technical University and contributes to multiple publications in his spare time, including Hakin9 magazine. His latest contributions include multiple chapters in the Syngress title Netcat Power Tools, his third book contribution to Syngress.

Inside This Book (Learn More)
Browse Sample Pages
Front Cover | Copyright | Table of Contents | Excerpt | Index
Search inside this book:

What Other Items Do Customers Buy After Viewing This Item?

Customer Reviews

4.2 out of 5 stars
5 star
4 star
3 star
2 star
1 star
See all 4 customer reviews
Share your thoughts with other customers

Most Helpful Customer Reviews

6 of 6 people found the following review helpful By jmp esp on 28 Nov. 2010
Format: Paperback Verified Purchase
This book will not teach you how to hack, I don't think that was the intention of the author either. What this book does is teach you the lifecycle of Professional Penetration Tests and I feel it does that quite well.

The first part of the book covers ethics, careers, setting up a lab, pen test methodologies, metrics and management. This is a large part of the book and will be useful to anyone looking to get in to penetration testing as a career, there is a lot more to it than rooting boxes...

The second part covers the different phases of a penetration test: information gathering, vulnerability identification and verification, penetration and privilege escalation, maintaining access and covering your tracks.

The third part which is only 70 pages covers: reporting, archiving, cleaning up and planning for the next pen test.

The book is 500 pages which is not a lot of space to cover such a huge subject so what you get here is more of an introduction to professional penetration testing than anything else, the tools on the included DVD are good fun to practice your skills with too.

In short, if you are just getting started or are interested in becoming a penetration tester, this book should provide a lot of insight in to how a penetration test is carried out. It covers a whole lot and will give you a good understanding of the lifecycle from the Penetration Testers perspective.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
1 of 1 people found the following review helpful By Michail Poultsakis on 4 April 2011
Format: Paperback
It's been a while since I purchased a copy of this book, and I admit that at first glance it did not make me that happy.
This book is actually like 2 totally different books bundled into one, comprised by the two parts of the book's title:

Part One: Creating and Operating a Formal Hacking Lab
Part Two: Professional Penetration Testing


Half of the book presents information already known to any Pentest engineer out there and information that suffers from being too specific that risks into becoming obsolete within a very short timeframe (certifications, hackable distros, virtual machine deployment etc).

On the other hand, the second half presents extremely valuable information for individuals already working (or willing to work) professionally on the field; information that will remain applicable for many years to come. Team Formation, Project Management, Methodology, Reporting, Archiving and other challenges daily encountered by pentesting professionals are some of the aspects addressed by this book targeting specifically pentesting as a profession itself. It manages to define the specific profession's details and, if you are already employed as a Penetration Tester, you will see that all of the every-day problems and issues you face are mentioned in this book.

For its second part (which I wish was longer), this is a must-have book for individuals willing to or already work as Professional Penetration Testers as well as for professionals managing PenTesting Teams and PenTesting projects.

This is not a hacking book. This is a book on Penetration Testing as a career/profession.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
By Cari B on 4 Oct. 2014
Format: Paperback Verified Purchase
Interesting read, not for the faint hearted!
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
0 of 1 people found the following review helpful By Bird is the Word on 6 Mar. 2013
Format: Paperback Verified Purchase
A detailed and helpful book if you want to get into penetration testing. Give good guidance on if you want to set a business alone too.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again

Most Helpful Customer Reviews on (beta) 10 reviews
38 of 41 people found the following review helpful
Should be called "Professional Pen Testing Project Management" 27 Jan. 2010
By Richard Bejtlich - Published on
Format: Paperback
I had fairly high hopes for Professional Penetration Testing (PPT). The book looks very well organized, and it is published in the new Syngress style that is a big improvement over previous years. Unfortunately, PPT should be called "Professional Pen Testing Project Management." The vast majority of this book is about non-technical aspects of pen testing, with the remainder being the briefest overview of a few tools and techniques. You might find this book useful if you either 1) know nothing about the field or 2) are a pen testing project manager who wants to better understand how to manage projects. Those looking for technical content would clearly enjoy a book like Professional Pen Testing for Web Applications by Andres Andreu, even though that book is 3 years older and focused on Web apps.

PPT offers 18 chapters, with 12 chapters on project management and non-technical issues, and 6 ostensibly covering technical issues. The technical material is limited to the basics of conducting reconnaissance, running Nmap, Nessus, CORE IMPACT, Ettercap, Aircrack-ng, Netcat for "maintaining access," SSH for an "encrypted tunnel," and trivial file and script changes to "cover tracks." Seriously. I'm sure some review readers are saying "sometimes it's just that easy." That's true, but we don't need a 528 page book with an outrageous price tag to read about these well-known methods. If your experience with pen testing is limited to this book, take a look at Andres Andreu's title to see the sort of material you should expect in a book on pen testing.

I didn't find the project management parts all that helpful, either. Some of it just repeats material published in various guides like the Open Source Security Testing Methodology Manual. Other sections repeat certification descriptions found on vendor Web sites. It is clear the author really cares about project management, so maybe he should have just written a book on project management for security managers?

I gave the book three stars because I didn't find the book to be technically or managerially incorrect. (If that had been the case, I would have rated it two stars.) If you want much better coverage on technical matters not found in Andreu's book, try the core Hacking Exposed titles. They address the same topics that PPT barely introduces.
10 of 10 people found the following review helpful
A Very Good book for the intended Audience 19 Mar. 2010
By Bane - Published on
Format: Paperback
I recently finished going through Professional Penetration Testing by Wilhelm. This book is very good for beginers and advance Pen testers. In the past there have not really been any texts that focused on the entire process of Penetration testing. This is where Professional Penetration Testing excells. It goes over the entire process from start to finish.

For beginners, this text gives a very good overview of the entire penetration testing process from scoping all the way to writing an executive summary. For advanced testers, the most valuable sections are problaby the ones on testing frameworks, scoping, and report writing. I have met many testers who were excellent technically but could not communicate the results effectively to business leaders, this book will help these testers improve in that area. Advanced Pen Testers will probably not learn any technical tricks from this text.

My only complaint about the book is that it doesn't really go into how any of the exploits that one would use in pen testing work. For example, the author gives a listing of different NMAP scan options and very briefly goes over what the options are, but doesn't really explain why you would use one over the other. I am guessing that this omission is primarily due to the space required to add such information and the that the goal of the text seems to be to give the whole view of pen testing without going into too much deatil on any section.
7 of 8 people found the following review helpful
PPT is an excellent and easy read 27 April 2010
By K. Wolstencroft - Published on
Format: Paperback
I have read quite a few books covering the security field and have found most of them very dry and hard to read. Thomas Wilhelm's PPT book is the exception, I found it easy to read and managed to complete it in a weekend. The book will suit both the security professional and those new to the security field. The technical depth of the book will benefit systems administrators who need to gain an understanding of penetration testing. The project management aspects of the book will benefit the security professional moving into a more managerial role.
2 of 2 people found the following review helpful
Of Value - Maybe Not What You Expect 30 Dec. 2010
By Douglas Gullett - Published on
Format: Paperback
This book appears to be directed toward at least three audiences: Security consultants that may wish to start their own company, project managers interested in managing penetration testing, and finally those that want to get into the penetration testing field. There were some awesome nuggets in this book, but I felt that I had to dig to get to them. The book did not flow well in my opinion. Based on the title, I was hoping for a book that would take you through setting up an advanced "Professional" lab and address more advanced techniques.

The author definitely thought out all the ins and outs of writing up a contract with a client and many more legal ramifications that most companies focus on. That section is much marked up and will be kept for future reference.

I will admit I was a bit disappointed in part 2 as it clearly is directed toward beginners and not those with much experience. Overall, there is valuable information in this book and the material and extras on the CD are valuable. I think that it may have been more suitable to make this into two separate books.

The book has valuable knowledge, but the title is a bit misleading.

The next book on my list: Ninja Hacking: Unconventional Penetration Testing Tactics and Techniques, from the same author.
1 of 1 people found the following review helpful
Open to disappointment 10 Oct. 2011
By Capture - Published on
Format: Paperback
Overall, I enjoyed Professional Penetration Testing book. It is aimed at rookies, so I overall found it useful. I was disappointed with the labs corresponding with the CD. I admit I wanted the BackTrack brain dead version, but there is no BackTrack on the CD. No big deal, because it easy enough to download...but when you pay $75, it is disappointing. So why is BackTrack not on the CD? Per [...]link, the "DVD was changed at the last minute to exclude the BackTrack images due to space issues.". So there is not enough space for a "readme" file?

I did like the down to earth explanations of what the reader should be seeing, etc.
Were these reviews helpful? Let us know