What do you think?
Rate this book
Penetration Testing Fundamentals: A Hands-On Guide to Reliable Security Audits (Pearson IT Cybersecurity Curriculum
The perfect introduction to pen testing for all IT professionals and students
· Clearly explains key concepts, terminology, challenges, tools, and skills
· Covers the latest penetration testing standards from NSA, PCI, and NIST
Welcome to today’s most useful and practical introduction to penetration testing. Chuck Easttom brings together up-to-the-minute coverage of all the concepts, terminology, challenges, and skills you’ll need to be effective.
Drawing on decades of experience in cybersecurity and related IT fields, Easttom integrates theory and practice, covering the entire penetration testing life cycle from planning to reporting.
You’ll gain practical experience through a start-to-finish sample project relying on free open source tools. Throughout, quizzes, projects, and review sections deepen your understanding and help you apply what you’ve learned.
Including essential pen testing standards from NSA, PCI, and NIST, Penetration Testing Fundamentals will help you protect your assets–and expand your career options.
LEARN HOW TO
· Understand what pen testing is and how it’s used
· Meet modern standards for comprehensive and effective testing
· Review cryptography essentials every pen tester must know
· Perform reconnaissance with Nmap, Google searches, and ShodanHq
· Use malware as part of your pen testing toolkit
· Test for vulnerabilities in Windows shares, scripts, WMI, and the Registry
· Pen test websites and web communication
· Recognize SQL injection and cross-site scripting attacks
· Scan for vulnerabilities with OWASP ZAP, Vega, Nessus, and MBSA
· Identify Linux vulnerabilities and password cracks
· Use Kali Linux for advanced pen testing
· Apply general hacking technique ssuch as fake Wi-Fi hotspots and social engineering
· Systematically test your environment with Metasploit
· Write or customize sophisticated Metasploit exploits
· Clearly explains key concepts, terminology, challenges, tools, and skills
· Covers the latest penetration testing standards from NSA, PCI, and NIST
Welcome to today’s most useful and practical introduction to penetration testing. Chuck Easttom brings together up-to-the-minute coverage of all the concepts, terminology, challenges, and skills you’ll need to be effective.
Drawing on decades of experience in cybersecurity and related IT fields, Easttom integrates theory and practice, covering the entire penetration testing life cycle from planning to reporting.
You’ll gain practical experience through a start-to-finish sample project relying on free open source tools. Throughout, quizzes, projects, and review sections deepen your understanding and help you apply what you’ve learned.
Including essential pen testing standards from NSA, PCI, and NIST, Penetration Testing Fundamentals will help you protect your assets–and expand your career options.
LEARN HOW TO
· Understand what pen testing is and how it’s used
· Meet modern standards for comprehensive and effective testing
· Review cryptography essentials every pen tester must know
· Perform reconnaissance with Nmap, Google searches, and ShodanHq
· Use malware as part of your pen testing toolkit
· Test for vulnerabilities in Windows shares, scripts, WMI, and the Registry
· Pen test websites and web communication
· Recognize SQL injection and cross-site scripting attacks
· Scan for vulnerabilities with OWASP ZAP, Vega, Nessus, and MBSA
· Identify Linux vulnerabilities and password cracks
· Use Kali Linux for advanced pen testing
· Apply general hacking technique ssuch as fake Wi-Fi hotspots and social engineering
· Systematically test your environment with Metasploit
· Write or customize sophisticated Metasploit exploits
448 pages, Kindle Edition
Published March 6, 2018
9 people are currently reading
5 people want to read
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 of 1 review
June 13, 2023
As an experienced IT professional starting a full-time position in cybersecurity and working on a Master's degree in Cybersecurity Management, I was looking forward to the course that used this as the textbook.
I was very disappointed in this book because of technical inaccuracies that could have easily been avoided.
First, when talking about the development of Linux, the book states that back in the early 1990's, computer science students worked with UNIX because DOS and Windows did not exist. While I agree UNIX was very popular in such areas, PC-DOS and MS-DOS were released in 1981 and many compilers were developed for DOS, with those from Borland being extremely popular in the late 1980's and 1990's.
Windows also existed in the early 1990's, with an initial release date in 1985. While the first versions of Windows looked nothing like what it became, the first widely used version of Windows, 3.0, was released in 1990. So, clearly, DOS and Windows were available at the time, even if they were not the primary systems used in academic computer science programs.
I will say, however, that I was working on learning programming in the late 1980's and early 1990's on DOS, working with compilers for BASIC, FORTRAN, COBOL, C, and Pascal.
Furthermore, when discussing important folders in Linux, the book refers to /etc/passwd and /etc/shadow as folders, not the text files they really are. Yes, they are important, but they are specifically files, not folders.
Because of these glaring factual errors, I had a hard time accepting the book overall as being very useful.
I was very disappointed in this book because of technical inaccuracies that could have easily been avoided.
First, when talking about the development of Linux, the book states that back in the early 1990's, computer science students worked with UNIX because DOS and Windows did not exist. While I agree UNIX was very popular in such areas, PC-DOS and MS-DOS were released in 1981 and many compilers were developed for DOS, with those from Borland being extremely popular in the late 1980's and 1990's.
Windows also existed in the early 1990's, with an initial release date in 1985. While the first versions of Windows looked nothing like what it became, the first widely used version of Windows, 3.0, was released in 1990. So, clearly, DOS and Windows were available at the time, even if they were not the primary systems used in academic computer science programs.
I will say, however, that I was working on learning programming in the late 1980's and early 1990's on DOS, working with compilers for BASIC, FORTRAN, COBOL, C, and Pascal.
Furthermore, when discussing important folders in Linux, the book refers to /etc/passwd and /etc/shadow as folders, not the text files they really are. Yes, they are important, but they are specifically files, not folders.
Because of these glaring factual errors, I had a hard time accepting the book overall as being very useful.
Displaying 1 of 1 review