Penetration Testing for Dummies
Target, test, analyze, and report on security vulnerabilities with pen testing Pen Testing is necessary for companies looking to target, test, analyze, and patch the security vulnerabilities from hackers attempting to break into and compromise their organizations data. It takes a person with hacking...
Clasificación: | Libro Electrónico |
---|---|
Autor principal: | |
Formato: | Electrónico eBook |
Idioma: | Inglés |
Publicado: |
Newark :
John Wiley & Sons, Incorporated,
2020.
|
Colección: | --For dummies.
|
Temas: | |
Acceso en línea: | Texto completo |
Tabla de Contenidos:
- Intro
- Title Page
- Copyright Page
- Table of Contents
- Introduction
- About This Book
- Foolish Assumptions
- Icons Used in This Book
- What You're Not to Read
- Where to Go from Here
- Part 1 Getting Started with Pen Testing
- Chapter 1 Understanding the Role Pen Testers Play in Security
- Looking at Pen Testing Roles
- Crowdsourced pen testers
- In-house security pro
- Security consultant
- Getting Certified
- Gaining the Basic Skills to Pen Test
- Basic networking
- General security technology
- Systems infrastructure and applications
- Mobile and cloud
- Introducing Cybercrime
- What You Need to Get Started
- Deciding How and When to Pen Test
- Taking Your First Steps
- Chapter 2 An Overview Look at Pen Testing
- The Goals of Pen Testing
- Protecting assets
- Identifying risk
- Finding vulnerabilities
- Scanning and assessing
- Securing operations
- Responding to incidents
- Scanning Maintenance
- Exclusions and ping sweeps
- Patching
- Antivirus and other technologies
- Compliance
- Hacker Agenda
- Hackivist
- Script kiddie to elite
- White hat
- Grey hat
- Black hat
- Doing Active Reconnaissance: How Hackers Gather Intelligence
- Chapter 3 Gathering Your Tools
- Considerations for Your Toolkit
- Nessus
- Wireshark
- Kali Linux
- Nmap
- Part 2 Understanding the Different Types of Pen Testing
- Chapter 4 Penetrate and Exploit
- Understanding Vectors and the Art of Hacking
- Examining Types of Penetration Attacks
- Social engineering
- Client-side and server-side attacks
- Password cracking
- Cryptology and Encryption
- SSL/TLS
- SSH
- IPsec
- Using Metasploit Framework and Pro
- Chapter 5 Assumption (Man in the Middle)
- Toolkit Fundamentals
- Burp Suite
- Wireshark
- Listening In to Collect Data
- Address spoofing
- Eavesdropping
- Packet capture and analysis
- Key loggers
- Card skimmers
- USB drives
- Chapter 6 Overwhelm and Disrupt (DoS/DDoS)
- Toolkit Fundamentals
- Kali
- Kali T50 Mixed Packet Injector tool
- Understanding Denial of Service (DoS) Attacks
- Buffer Overflow Attacks
- Fragmentation Attacks
- Smurf Attacks
- Tiny Packet Attacks
- Xmas Tree Attacks
- Chapter 7 Destroy (Malware)
- Toolkit Fundamentals
- Antivirus software and other tools
- Nessus
- Malware
- Ransomware
- Other Types of Destroy Attacks
- Chapter 8 Subvert (Controls Bypass)
- Toolkit Fundamentals
- Antivirus software and other tools
- Nmap
- Attack Vectors
- Phishing
- Spoofing
- Malware
- Using malware to find a way in
- Bypassing AV software
- Part 3 Diving In: Preparations and Testing
- Chapter 9 Preparing for the Pen Test
- Handling the Preliminary Logistics
- Holding an initial meeting
- Gaining permission
- Following change control
- Keeping backups
- Having documentation
- Gathering Requirements
- Reviewing past test results
- Consulting the risk register