Enter your mobile number or email address below and we'll send you a link to download the free Kindle App. Then you can start reading Kindle books on your smartphone, tablet, or computer - no Kindle device required.
To get the free app, enter your mobile phone number.
|Print List Price:||£30.99|
Save £12.95 (42%)
BackTrack 4: Assuring Security by Penetration Testing Kindle Edition
|New from||Used from|
|Length: 392 pages|
Kindle e-ReadersKindle Fire TabletsFire Phones
Would you like to tell us about a lower price?
Top customer reviews
There was a problem filtering reviews right now. Please try again later.
In part, the text offers a good overview of the field, separate from the usages of BackTrack. So you get a summary of several common security testing methodologies. Including the Open Source Security Testing Methodology Manual. If you have a background in science experiments, you'll see clear parallels in how this OSSTMM approach investigates an unknown system.
As far as BackTrack is concerned, its capabilities are explored in depth through most of the text. It does seem to have covered all the bases. Like checking/scanning for open TCP and UDP ports on target machines. Or looking for live machines on a network. One thing that becomes clear is that you can treat BackTrack as a repertoire of free tools. And you can pick just a subset of these tools to initially use against your network, if you have specific needs or suspicions,
To be sure, the recommended usage is a top down one, where you treat BackTrack as an integrated whole and you systematically first plan out your entire testing. No argument from me. You should do this, if you decide to use BackTrack in the first place. But a pragmatic incremental approach might still have some merit. Where you can just choose a tool and look up its usage in the text and run it. Easy to get some experience and confidence.
The authors introduce the idea that pen testing is not about randomly using a collection of tools to plink around a network. Instead, a structured, procedural methodology should be used to achieve timely, thorough, and reportable results. The author's also provide a detailed description of a security testing methodology to be used with BackTrack itself.
Each step in this methodology represents an element in the penetration testing life cycle management performed for each customer. The authors describe how this organized progression allows pen testers to determine their course of action, plan for needed resources, and not waste time and resources by duplicating effort. My only complaint is that this section is too small, and deserves expanding using actual case studies.
A considerable number of pen testing tools for each step in the methodology are covered with examples and instruction. Popular tools covered include Metasploit (Meterpreter), Maltego, NMap, NetXpose, and Nessus. Tools for exploiting (uh, testing) Web servers, databases, applications, and even Cisco devices are also covered.
I was very happy to see a chapter on Social Engineering. Experienced pen testers often remark that the most penetrable area of any system are the people who use and control it. The authors provide a detailed description of the psychology, tactics, and objectives of social engineering and how it is used to penetrate the "fleshy" parts of information systems.
This book is intended to educate both novice and experienced pen testers on how to successfully use BackTrack 4. I am sure not every professional pen testing will agree with everything in this book, as it represents the personal experience of only a few people in the profession. However, novices will find a tremendous amount of hands-on practice and enlightening information related to the pen testing profession in clear and readable instructions. Pros should a few things about becoming an even more efficient and versatile pen tester too.
That being said, I believe the information in this book to be directly applicable to Backtrack 5 and a good reference for it!
The book is a great tutorial and walk-through on how to use Backtrack for security and penetration testing, but, more than that, it offers good information about the field in general. You will go through software installations, software overviews, methodologies, tests / testing, and my favorite part, reporting and deliverables, a MUST for professional computer people.
I think this is an excellent book to add to your knowledge arsenal and you may be surprised at just how much you didn't know. I know I was. This really is an important subject for computer professionals and I cant think of a better way to brush up than by grabbing a copy today. Thumbs up!
Would you like to see more reviews about this item?
Most recent customer reviews
The style is simple, clear and it cuts out all the usual waffle.Read more