Penetration testing : protecting networks and systems /

This book is a preparation guide for the CPTE examination, yet is also a general reference for experienced penetration testers, ethical hackers, auditors, security personnel and anyone else involved in the security of an organization's computer systems.

Detalles Bibliográficos
Clasificación:Libro Electrónico
Autor principal: Henry, Kevin M. (Autor)
Formato: Electrónico eBook
Idioma:Inglés
Publicado: Ely, Cambridgeshire, U.K. : IT Governance Pub., 2012.
Temas:
Penetration testing (Computer security)
Computer networks > Security measures.
Computer security > Evaluation.
Tests d'intrusion.
Réseaux d'ordinateurs > Sécurité > Mesures.
Sécurité informatique > Évaluation.
COMPUTERS > Internet > Security.
COMPUTERS > Networking > Security.
COMPUTERS > Security > General.
Computer networks > Security measures
Computer security > Evaluation
Acceso en línea:Texto completo
Tabla de Contenidos:
  • Introduction; Chapter 1: Introduction to Penetration Testing; Case study; Security basics; Risk management; The threat environment; Overview of the steps to penetration testing; Penetration testing versus hacking; Benefits of penetration testing; Summary; Key learning points; Questions; Chapter 2: Preparing to Conduct a Penetration Test; Approval and scope; Planning; Summary; Questions; Chapter 3: Reconnaissance; The start of the test; Physical information gathering; Other data sources; Avoiding footprinting; Key learning points; Questions; Chapter 4: Active Reconnaissance and Enumeration.
  • Port scanningCountermeasures to active reconnaissance; Key learning points; Questions; Chapter 5: Vulnerability Assessments; The attack vectors; References and sources of vulnerabilities; Using vulnerability assessment tools; PCI DSS requirements; Malicious code; Reporting on the vulnerability assessment; Key learning points; Questions; Chapter 6: Hacking Windows® and Unix; Having fun; Common hacking initiatives; Defeating data theft; Protecting against unauthorized access; Access controls; Actions of the attacker; Focus on UNIX/Linux; Advanced attacks; Source code review.
  • Case study: Attack on a Chinese bankKey learning points; Questions; Chapter 7: Launching the Attack; Steps to an exploit; Attacking wireless networks; Pen testing wireless; Network sniffing; Firewalls; Intrusion detection and prevention systems (IDS/IPS); Key learning points; Questions; Chapter 8: Attacking Web Applications; The steps in attacking a web application; Questions; Chapter 9: Preparing the Report; Determining risk levels; Risk response; Report confidentiality; Delivering the report; Key learning points; Questions; Appendix 1: Linux; Appendix 2: Encryption; Concepts of cryptography.
  • Appendix 3: Regulations and LegislationExamples of regulations and legislation; Protection of intellectual property; Appendix 4: Incident Management; Concepts of incident management; Additional Questions and Answers; Answers; References; ITG Resources.

Ejemplares similares