FREE Delivery in the UK.
In stock.
Dispatched from and sold by Amazon. Gift-wrap available.
Coding for Penetration Te... has been added to your Basket
Have one to sell?
Flip to back Flip to front
Listen Playing... Paused   You're listening to a sample of the Audible audio edition.
Learn more
See all 3 images

Coding for Penetration Testers: Building Better Tools Paperback – 23 Sep 2011

4.0 out of 5 stars 1 customer review

See all formats and editions Hide other formats and editions
Amazon Price
New from Used from
Kindle Edition
"Please retry"
"Please retry"
£12.17 £17.02
Promotion Message 10% Bulk Discount 1 Promotion(s)

Note: This item is eligible for click and collect. Details
Pick up your parcel at a time and place that suits you.
  • Choose from over 13,000 locations across the UK
  • Prime members get unlimited deliveries at no additional cost
How to order to an Amazon Pickup Location?
  1. Find your preferred location and add it to your address book
  2. Dispatch to this address when you check out
Learn more
£24.99 FREE Delivery in the UK. In stock. Dispatched from and sold by Amazon. Gift-wrap available.
click to open popover

Special Offers and Product Promotions

  • Save 10% on Books for Schools offered by Amazon.co.uk when you purchase 10 or more of the same book. Here's how (terms and conditions apply) Enter code SCHOOLS2016 at checkout. Here's how (terms and conditions apply)

Frequently Bought Together

  • Coding for Penetration Testers: Building Better Tools
  • +
  • Rtfm: Red Team Field Manual
Total price: £28.45
Buy the selected items together

Enter your mobile number or email address below and we'll send you a link to download the free Kindle App. Then you can start reading Kindle books on your smartphone, tablet, or computer - no Kindle device required.

  • Apple
  • Android
  • Windows Phone

To get the free app, enter your mobile phone number.

Product details

  • Paperback: 320 pages
  • Publisher: Syngress (23 Sept. 2011)
  • Language: English
  • ISBN-10: 1597497290
  • ISBN-13: 978-1597497299
  • Product Dimensions: 19 x 1.9 x 23.5 cm
  • Average Customer Review: 4.0 out of 5 stars  See all reviews (1 customer review)
  • Amazon Bestsellers Rank: 960,443 in Books (See Top 100 in Books)
  • See Complete Table of Contents

Product Description


"This book is definitely not for rookie coders, but rather a good starting point for people with a medium level of programming experience. It is also not suited well as a reference to quickly look things up in. But if what you’re looking for is a very practical guide with tons of pointers to further (and recommended) reading material and exercises Coding for Penetration Testers delivers what it promises."--Computers and Security

"Penetration testing is a profession that requires the mastery of dozens of tools; every job poses challenges that require these tools to be mixed, matched, and automated. The master penetration tester not only excels at using his or her toolbox, but also expands it with custom scripts and unique programs to solve the challenge of the day. This book provides a solid introduction to custom scripting and tool development, using multiple languages, with a penetration tester's goals in mind. This background can transform penetration testing from a manual, often repetitive task, to an efficient process that is not just faster, but also more accurate and consistent across large engagements."--HD Moore, Metasploit Founder and CSO of Rapid7

"Penetration testing requires that the tester understand the target as much as possible, and know how to perform various attacks while being as efficient as possible. Having the skill set to create and use a variety of scripts increases the penetration tester's efficiency and elevates him or her from the script kiddie to the professional realm. Ryan Linn and Jason Andress have created a guide that explores and introduces the techniques that are necessary to build the scripts used during a test. No matter the platform, this book provides the information required to learn scripting and become a world-class penetration tester. This is definitely a book that will remain close at hand for every test I perform!"--Kevin Johnson, Senior Consultant, Secure Ideas

"At 175 pages, the book does not kill many trees, but does give the reader an overview of all of the key principles around information security…For those looking to get their feet wet in the deep waters of information security, The Basics of Information Security: Understanding the Fundamentals of InfoSec in Theory and Practice is a great place to start."--RSAConference.com

"Overall this is an excellent book, which offers some clear and effective tutorials on the different languages and on efficient and effective penetration testing. It’s highly recommended for any testers who want to broaden their skills and move to the next level."--BCS.org

About the Author

Jason Andress (ISSAP, CISSP, GPEN, CEH) is a seasoned security professional with a depth of experience in both the academic and business worlds. Presently he carries out information security oversight duties, performing penetration testing, risk assessment, and compliance functions to ensure that critical assets are protected. Jason has taught undergraduate and graduate security courses since 2005 and holds a doctorate in computer science, researching in the area of data protection. He has authored several publications and books, writing on topics including data security, network security, penetration testing, and digital forensics.

Customer Reviews

4.0 out of 5 stars
5 star
4 star
3 star
2 star
1 star
See the customer review
Share your thoughts with other customers

Top Customer Reviews

Format: Paperback
Overall a good introduction to the topic. The authors lay the foundation so as the reader can sculpt tools to better protect and test both Unix and Windows operating systems from attack. Several scripting languages; Perl, Powershell, Ruby etc, were introduced as well as how competent scripts were created. This book will not replace a standard textbook on each language but it provides a taster for the strengths and weaknesses of each in the area of testing. The major quibble it does not really reach beyond a beginner stage to address more complex topics.
Comment One person found this helpful. Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse

Most Helpful Customer Reviews on Amazon.com (beta)

Amazon.com: 3.9 out of 5 stars 9 reviews
23 of 25 people found the following review helpful
2.0 out of 5 stars Huge disappointment 1 Dec. 2011
By Jirka Vejrazka - Published on Amazon.com
Format: Paperback
I have to say this has been the biggest disappointment of all security-related books that I ever purchased (there were dozens). It should be named "A quick glance at a few scripting languages".

To give an example, Python is mentioned on 33 pages (that includes a few pages for scapy) where you'll be shown how to (hold your breath) send an ICMP packet. (I will not talk about PEP8 here).

To drill a bit further, the chapter about Python lists is about (wait for it) - bitwise operations. Lists are only mentioned as a way of storing data for the given example which shows how you can use Python to calculate net & broadcast address from a CIDR notation (why would you want to use lists for that?). There is no meaningful mention of list indexing or slicing.

The chapter about Python exceptions is just appaling.

There is no explanation of "why" anywhere, just "what" and a little bit of "how". Also, no hint on where to look for further information.

Real beginners might find this book interesting for getting a basic idea of how are scripting languages used (bash, Python, Perl, Ruby and PowerShell all get a really quick intro). But then they would get really confused towards the end of the book when they suddenly find authors throwing shellcode at vulnerable FTP server and using some terms that are mentioned very briefly: "EIP is called the Instruction pointer", "ESP points to stack area where you can see the stack", "as you can see, the EIP is now overwritten with 41414141 so the server is vulnerable". Is any beginner expected to understand this?

I'm really struggling to see who is the intended audience. It does not give any explanation to beginners and is way too shallow for any penetration tester.
3 of 3 people found the following review helpful
1.0 out of 5 stars Very Poorly Written and Edited 14 Mar. 2014
By John M - Published on Amazon.com
Format: Paperback Verified Purchase
Let me start by saying that this book is good IN THEORY. Each section starts out with an introduction/overview, then leads into deeper explanation and hands-on practice. However the book is too greatly flawed to deserve a purchase. The reasons being:

1) It is plagued with technical errors. Try the exercises in the Python section for example. One such exercise glaringly fails to use the string function when adding a string and an integer, forcing the reader to scratch their head as errors get thrown until they realize after googling and researching that you cannot add a string and an integer without proper usage of the syntax. For a beginner (the target of a book that is filled with beginner's exercises and explanations), this is unacceptable. I gave up on using it as an intro to scripting and purchased better books for each language.

2) The exercises and topics are horribly designed. Obviously space is an issue and the authors wanted to get through each language quickly. However, you don't accomplish this by cramming everything into a couple scripts, so the reader can barely decipher the subtle changes in the output. Also, for example, the section on bash scripts barely covers anything at all. I found an online guide withe more information on bash scripting in a single section than the whole treatment available in this book.

3) The book really doesn't cover much even when you consider how many topics they try to cover.

4) Kind of going off 2, this is a very poor intro to scripting. It is actually counter-productive as it neither provides a strong foundation nor builds on existing knowledge to do something different. I have decided not to really look too much deeper into the book as the previous issues seem endemic

As another review has said, who is the audience? It's not a good beginner's book and it's not a good intermediate source. I really am losing my respect for Syngress. They're churning out books like cheap romance novels with about the same level of writing. Avoid this book and get books for the separate codes instead.
3.0 out of 5 stars If you are looking to begin pen-testing and have a solid understanding of tcp/ip this is a great book. 6 Mar. 2016
By Amazon Customer - Published on Amazon.com
Format: Paperback Verified Purchase
I expected a bit more depth. High level overviews of a few scripting languages with examples that are pen-test/information gathering focused. Touches on exploit code. If you are looking to begin pen-testing and have a solid understanding of tcp/ip this is a great book.
5.0 out of 5 stars Great book! 23 Oct. 2012
By LexLuthor - Published on Amazon.com
Format: Paperback
This has been a really helpful book to me in learning to make some use of new scripting tools in more useful directions. I have a bit of python right now, but having examples of how these languages can be used across several different languages is really useful. Some of the book is still a bit over my head, but I sure feel like I'm starting to get there. Great read and some good excercises to make the examples even better. I'm hoping they'll do a second book and keep going with other languages.
5.0 out of 5 stars Boreing But Good 13 Feb. 2015
By TheBusDriver - Published on Amazon.com
Format: Paperback Verified Purchase
You can't write a book like this and have it be interesting, but it had good examples and easy to follow steps.
Were these reviews helpful? Let us know