"This book shows how to simulate penetration testing projects from beginning to end by introducing a new concept called Penetration Testing Life Cycle (PTLC). It walks the penetration tester through the details of every phase to ensure that they are successful in discovering and addressing potential vulnerabilities. It is accompanied by software to help learners practice the concepts in the book so they can be "job-ready". The content is mapped to certification exams content (CompTIA PenTest and EC-Council Certified Ethical Hacker [ CEH]). It is also designed to consider IT governance and legal aspects (HIPAA, PCI-DSS, Sarbanes Oxley...etc.). This aspect provides the reader with a unique ability to have a good understanding of IT governance while exploiting vulnerabilities."--
Pen Testing from Contractto Report Protect your system or web application with this accessible guide
Penetration tests, also known as ‘pen tests’, are a means of assessing the security of a computer system by simulating a cyber-attack. These tests can be an essential tool in detecting exploitable vulnerabilities in a computer system or web application, averting potential user data breaches, privacy violations, losses of system function, and more. With system security an increasingly fundamental part of a connected world, it has never been more important that cyber professionals understand the pen test and its potential applications.
Pen Testing from Contract to Report offers a step-by-step overview of the subject. Built around a new concept called the Penetration Testing Life Cycle, it breaks the process into phases, guiding the reader through each phase and its potential to expose and address system vulnerabilities. The result is an essential tool in the ongoing fight against harmful system intrusions.
In Pen Testing from Contract to Report readers will also find:
- Content mapped to certification exams such as the CompTIA PenTest+
- Detailed techniques for evading intrusion detection systems, firewalls, honeypots, and more
- Accompanying software designed to enable the reader to practice the concepts outlined, as well as end-of-chapter questions and case studies
Pen Testing from Contract to Report is ideal for any cyber security professional or advanced student of cyber security.
Preface
Acknowledgement
Companion website
Chapter 1: Introduction to Penetration Testing
Chapter 2: The Contract
Chapter 3: Law & Legislation
Chapter 4: Footprinting and Reconnaissance
Chapter 5: Scanning Networks
Chapter 6: Enumeration
Chapter 7: Vulnerability Analysis
Chapter 8: System Hacking
Chapter 9 : Malware Threats
Chapter 10: Sniffing
Chapter 11: Social Engineering
Chapter 12: Denial of Service
Chapter 13: Session Hijacking
Chapter 14: Evading IDS, Firewalls, And Honeypots
Chapter 15: Web Servers
Chapter 16: Web Application Hacking
Chapter 17: SQL Injection
Chapter 18 Hacking Wireless Networks
Chapter 19: Mobile Platforms
Chapter 20: Internet of Things (IoT)
Chapter 21: Cloud Computing
Chapter 22: The Report
Index
Alfred Basta, PhD, CCP (CMMC), CISM, CPENT, LPT, OSCP, PMP, CRTO, CHPSE, CRISC, CISA, CGEIT, CASP+, CYSA+, is a professor of mathematics, cryptography, and information security as well as a professional speaker on internet security, networking, and cryptography. He is a member of many associations, including ISACA, ECE, and the Mathematical Association of America. Dr. Bastas other publications include Computer Security and Penetration Testing, Mathematics for Information Technology, Linux Operations and Administration, and Database Security. In addition, Dr. Basta is the chair of EC-Councils CPENT Scheme Committee. He has worked as a faculty member and curriculum advisor for programming and cyber security programs at numerous colleges and universities.
Nadine Basta, MSc., CEH, is a professor of computer science, cybersecurity, mathematics, and information technology. Her numerous certifications include CEH, MCSE, MSDBA, CCDP, NCSE, NCTE, and CCA. A security consultant and auditor, she combines strong "in the field" experience with her academic background. She is also the author of Computer Security and Penetration Testing, Mathematics for Information Technology, and Linux Operations and Administration. Nadine has extensive teaching and research experience in computer science and cybersecurity.
Waqar Anwar is a Cybersecurity Curriculum Specialist with over 10 years of experience in the field. He also develops and delivers training to faculty and staff on cybersecurity topics and conducts research on cybersecurity topics. Mr. Anwar is a frequent speaker at industry conferences. He is also a member of several cybersecurity organizations including SysAdmin, Audit, Network and Security SANS, CYBRARY, and Information Systems Security Association International ISSA.
