Muutke küpsiste eelistusi

E-raamat: From Hacking to Report Writing: An Introduction to Security and Penetration Testing

4.00/5 (8 hinnangut Goodreads-ist)
  • Formaat: PDF+DRM
  • Ilmumisaeg: 04-Nov-2016
  • Kirjastus: APress
  • Keel: eng
  • ISBN-13: 9781484222836
Teised raamatud teemal:
  • Formaat - PDF+DRM
  • Hind: 61,74 €*
  • * hind on lõplik, st. muud allahindlused enam ei rakendu
  • Lisa ostukorvi
  • Lisa soovinimekirja
  • See e-raamat on mõeldud ainult isiklikuks kasutamiseks. E-raamatuid ei saa tagastada.
From Hacking to Report Writing: An Introduction to Security and Penetration TestingSuurem pilt
  • Formaat: PDF+DRM
  • Ilmumisaeg: 04-Nov-2016
  • Kirjastus: APress
  • Keel: eng
  • ISBN-13: 9781484222836
Teised raamatud teemal:

DRM piirangud

  • Kopeerimine (copy/paste):

    ei ole lubatud

  • Printimine:

    ei ole lubatud

  • Kasutamine:

    Digitaalõiguste kaitse (DRM)
    Kirjastus on väljastanud selle e-raamatu krüpteeritud kujul, mis tähendab, et selle lugemiseks peate installeerima spetsiaalse tarkvara. Samuti peate looma endale  Adobe ID Rohkem infot siin. E-raamatut saab lugeda 1 kasutaja ning alla laadida kuni 6'de seadmesse (kõik autoriseeritud sama Adobe ID-ga).

    Vajalik tarkvara
    Mobiilsetes seadmetes (telefon või tahvelarvuti) lugemiseks peate installeerima selle tasuta rakenduse: PocketBook Reader (iOS / Android)

    PC või Mac seadmes lugemiseks peate installima Adobe Digital Editionsi (Seeon tasuta rakendus spetsiaalselt e-raamatute lugemiseks. Seda ei tohi segamini ajada Adober Reader'iga, mis tõenäoliselt on juba teie arvutisse installeeritud )

    Seda e-raamatut ei saa lugeda Amazon Kindle's. 

Learn everything you need to know to become a professional security and penetration tester. It simplifies hands-on security and penetration testing by breaking down each step of the process so that finding vulnerabilities and misconfigurations becomes easy. The book explains how to methodically locate, exploit, and professionally report security weaknesses using techniques such as SQL-injection, denial-of-service attacks, and password hacking.





Although From Hacking to Report Writing will give you the technical know-how needed to carry out advanced security tests, it also offers insight into crafting professional looking reports describing your work and how your customers can benefit from it. The book will give you the tools you need to clearly communicate the benefits of high-quality security and penetration testing to IT-management, executives and other stakeholders.





Embedded in the book are a number of on-the-job stories that will give you a good understandingof how you can apply what you have learned to real-world situations.





We live in a time where computer security is more important than ever. Staying one step ahead of hackers has never been a bigger challenge. From Hacking to Report Writing clarifies how you can sleep better at night knowing that your network has been thoroughly tested.





What youll learn













Clearly understand why security and penetration testing is important

Find vulnerabilities in any system using the same techniques as hackers do

Write professional looking reports

Know which security and penetration testing method to apply for any given situation

Successfully hold together a security and penetration test project











































Who This Book Is For





Aspiring security and penetration testers, security consultants, security and penetration testers, IT managers, andsecurity researchers.
About the Author xv
About the Technical Reviewer xvii
Acknowledgments xix
Preface xxi
Chapter 1 Introduction 1(10)
Why Security Testing Is Important
1(1)
Vulnerabilities Are Everywhere
2(1)
Not Only Hackers Exploit Vulnerabilities
2(1)
What Is a Security Test?
2(1)
The Inevitable Weakness of Any Security Test
3(1)
What's In a Name?
3(1)
The World's First Security Test
3(1)
Who Are These Hackers Anyway?
4(5)
State-Sponsored Actors
4(1)
Computer Criminals
5(1)
Hacktivists
5(1)
Insider
6(1)
Script Kiddies
7(1)
What Is a Threat?
8(1)
Threats and Threat Agents
8(1)
Summary
9(2)
Chapter 2 Security Testing Basics 11(14)
Types of Security Tests
11(3)
The Knowledge Factor vs. The Guesswork Factor
12(2)
Social Engineering
14(1)
What Is a Vulnerability?
14(2)
Uncovering Vulnerabilities
16(1)
The Vulnerability Wheel and the Heartbleed Bug
17(1)
The Vulnerability Wheel by Example
17(1)
Zero Day Exploits
18(1)
How Vulnerabilities Are Scored and Rated
18(1)
A Real-World Example Using CVSS
18(1)
Software Development Life Cycle and Security Testing
19(1)
How Security Testing Can Be Applied to the SDLC
20(1)
Security Metrics
20(1)
What Is Important Data?
21(1)
Client-Side vs. Server-Side Testing
22(1)
Summary
22(3)
Chapter 3 The Security Testing Process 25(6)
The Process of a Security Test
25(1)
The Initialization Phase
26(1)
Setting the Scope
26(2)
Setting the Scope Using Old Reports
27(1)
Helping the Client to Set a Good Scope
28(1)
Pre Security Test System Q&A
28(1)
Statement of Work
29(1)
Statement of Work Example: Organization XYZ
29(1)
Get Out of Jail Free Card
29(1)
Security Test Execution
30(1)
Security Test Report
30(1)
Summary
30(1)
Chapter 4 Technical Preparations 31(18)
Collecting Network Traffic
31(2)
Software Based
31(2)
Hardware Based
33(1)
Inform The CSIRT
33(1)
Keep Track of Things
33(2)
A Note on Notes
34(1)
Software Versioning and Revision Control Systems
34(1)
Use a Jump Server
34(1)
Screen
35(1)
Know Which System You're Testing
35(1)
The Habit of Saving Complex Commands
36(1)
Be Verifiable
36(1)
Visually Recording Your Work
36(1)
Tools of the Trade
37(1)
The Worst Tools One Can Possibly Imagine
37(1)
Bash Lovely Bash
38(1)
Keep a Command Log
38(1)
The Security Tester's Software Setup
39(1)
Virtual Machines for Security Testing
39(1)
When to Use Hacker Distributions
39(1)
Metasploit
40(1)
Don't Be Volatile
40(1)
End-of-the-Day Checklists
41(1)
Keep Secrets Safe
41(3)
Keep Your Backups Secure
42(2)
Get Liability Insurance
44(1)
Automated Vulnerability Scanners (and When to Use Them)
45(1)
The Google Proxy Avoidance Service
45(2)
When to Connect Via VPN
47(1)
Summary
48(1)
Chapter 5 Security Test Execution 49(10)
Security Test Execution
49(1)
The Technical Security Test Process
49(4)
The Layered Approach
49(4)
The Circular Approach
53(1)
When to Use What Approach
53(1)
The Layered Approach
54(1)
The Circular Approach
54(1)
Expecting the Unexpected
54(1)
The Pre-Security Test System Q&A Taken with a Grain of Salt
54(1)
To Test Production Systems or to Not Test Productions
Systems - That Is the Question
55(1)
Production Systems versus Pre-Production Systems
55(1)
The Goal Is to Eventually Fail
56(1)
Legal Considerations
56(1)
The Report
57(1)
Summary
57(2)
Chapter 6 Identifying Vulnerabilities 59(30)
Footprinting
59(1)
When to Footprint
59(1)
Footprinting Examples
60(1)
Scanning
60(1)
What a Network Scanner Is
61(1)
A Very Short Brush-Up on Ports
61(8)
Using NMAP
62(1)
Ping Sweep
63(1)
Scanning for TCP Services
64(1)
Scanning for UDP Services
65(1)
Operating System Detection
66(1)
Common TCP and UDP-Based Services
67(1)
NMAP Scripting Engine
68(1)
Unknown Networks Ports
69(1)
On the Job: On Poor Documentation
70(1)
DNS Zone Transfers
71(1)
DNS Brute Forcing
71(1)
Server Debug Information
72(2)
Nslookup
74(1)
Looping Nslookup
74(1)
Getting Geographical IP Info Using Pollock
75(2)
Harvesting E-Mail Addresses with the Harvester
77(1)
Enumeration
77(2)
Enumeration Example
78(1)
Enumerating Web Presence Using Netcraft
79(1)
American Registry for Internet Numbers (AKIN)
80(2)
Searching for IP Addresses
82(1)
The Downside of Manual Domain Name and IP Address Searching
83(1)
Data from Hacked Sites
83(2)
Where to Find Raw Data from Hacked Websites
84(1)
The Ashley Madison Hack
84(1)
Have I Been PWNED
85(1)
Shodan
86(1)
Checking Password Reset Functionality
87(1)
Summary
87(2)
Chapter 7 Exploiting Vulnerabilities 89(64)
System Compromise
89(1)
Password Attacks
90(25)
The Password Is Dead — Long Live the Password
90(1)
Brute Force Password Guessing
90(1)
Online vs. Offline Password Attacks
91(1)
Build Password Lists
91(1)
And be smart about it
92(13)
Medusa Usage
105(1)
The Most Common Reason Why Online Password Attacks Fail
106(3)
Salt and Passwords
109(1)
Proper Salt Usage
110(1)
Rainbow Tables
110(1)
Too Much Salt Can Make Any Rainbow Fade
111(1)
Crack Hashes Online
112(1)
Creating a Custom Online Cracking Platform
113(1)
Default Accounts and Their Passwords
114(1)
OWASP Top Ten
115(23)
OWASP Top Ten Training Ground
138(1)
SQL Injection
139(13)
SQL Injection Example
142(4)
A Very Short Brush-Up on Fuzzing
146(2)
Blind SQL Injection
148(2)
SQL Is SQL
150(1)
All the Hacker Needs Is a Web Browser
150(2)
Summary
152(1)
Chapter 8 Reporting Vulnerabilities 153(12)
Why the Final Report Is So Important
153(1)
The Executive Summary
153(1)
Report Everything or Just the Bad Stuff
154(1)
Deliver the Final Report Securely
154(1)
The Cost of Security
155(1)
SLE Calculation
155(1)
ARO Calculation
155(1)
Putting It All Together with ALE
155(1)
Why the ALE Value Is Important
156(1)
The Importance of an Understandable Presentation
156(2)
The WAPITI Model
156(2)
Risk Choices
158(1)
Risk Acceptance
159(1)
Risk Mitigation
159(1)
Risk Transfer
159(1)
Risk Avoidance
159(1)
Risk Choices Applied to the Heartbleed Bug
159(1)
Be Constructive When Presenting Your Findings
159(1)
(Almost) Always Suggest Patching
160(1)
Learn to Argue over the Seriousness of Your Findings
160(1)
Put Lengthy Raw Data in an Appendix
161(1)
Make a Slide Presentation
162(1)
On the Job: Password Cracking
162(1)
Practice Your Presentation
162(1)
Post-Security Test Cleanup
163(1)
Summary
163(2)
Chapter 9 Example Reports 165(16)
Security Test Report ZUKUNFT GMBH
165(9)
Security Test Scope
165(1)
Statement of Work
165(1)
Executive Summary
166(1)
Report Structure
166(1)
The Testing Process
166(1)
Netad min
167(2)
Webgateway
169(2)
FILESERVER
171(3)
Summary
174(1)
Appendix
175(1)
Website Sample Report
175(5)
Executive Summary
176(1)
Security Test Scope
176(1)
Score Matrix
176(1)
SQL Injection Vulnerabilities
176(1)
Persistent Code Injection
177(1)
Insecure Direct Object References
178(2)
Summary
180(1)
Chapter 10 Ten Tips to Become a Better Security Tester 181(6)
Learn How to Program
181(1)
It's Elementary, Watson
182(1)
Read the Boy Who Cried Wolf
183(1)
Read Read Read Write Write Write
183(1)
Learn to Spot the Shape that Breaks the Pattern
183(1)
Put Your Money where Your Mouth is (Most of the Time)
184(1)
Tap Into the Noise
184(1)
Watch the Movie Wargames
185(1)
Know that Old Vulnerabilities Never Get Old
185(1)
Have Fun
185(1)
Summary
186(1)
Index 187
Robert Svensson has had pretty much every IT job one can imagine: hes been yelled at over the phone taking support calls, hes done IT security incident management for multi-nationals, hes worked with startups, hes programmed and so on but over the last ten years or so IT security has been his sole focus. In his case, that means hes done countless penetration tests, written numerous reports and somehow managed to get rehired to do it all over again. And yeah, he fell in love with computers the second he unwrapped the commodore 64 he got for Christmas about a million years agoit all started there.





One of Roberts goals in writing this book is to put out the book he wish he had read when he first started doing penetration testsa book that also clearly explains why security testing is important, not just how its done. However, the number one reason why hes writing this book is simple: passion. He loves security and learning as much about it as he possibly can. And havingworked as a teacher, he knows no better way to learn than to teach.
Lisainfo e-raamatute kohta Lisainfo e-raamatute kohta
Püsilink: https://www.kriso.ee/db/97814842228362e.html
Märksõnad: