Penetration testing [electronic resource] : protecting networks and systems / Kevin M. Henry.

ISBN:

9781849283724

9781849283731

Title:

Penetration testing [electronic resource] : protecting networks and systems / Kevin M. Henry.

Author:

Henry, Kevin M.

Personal Author:

Henry, Kevin M.

Publication Information:

Ely, Cambridgeshire, U.K. : IT Governance Pub., 2012.

Physical Description:

1 online resource.

General Note:

Title from title screen.

Contents:

Introduction; Chapter 1: Introduction to Penetration Testing; Case study; Security basics; Risk management; The threat environment; Overview of the steps to penetration testing; Penetration testing versus hacking; Benefits of penetration testing; Summary; Key learning points; Questions; Chapter 2: Preparing to Conduct a Penetration Test; Approval and scope; Planning; Summary; Questions; Chapter 3: Reconnaissance; The start of the test; Physical information gathering; Other data sources; Avoiding footprinting; Key learning points; Questions; Chapter 4: Active Reconnaissance and Enumeration.

Port scanningCountermeasures to active reconnaissance; Key learning points; Questions; Chapter 5: Vulnerability Assessments; The attack vectors; References and sources of vulnerabilities; Using vulnerability assessment tools; PCI DSS requirements; Malicious code; Reporting on the vulnerability assessment; Key learning points; Questions; Chapter 6: Hacking Windows® and Unix; Having fun; Common hacking initiatives; Defeating data theft; Protecting against unauthorized access; Access controls; Actions of the attacker; Focus on UNIX/Linux; Advanced attacks; Source code review.

Case study: Attack on a Chinese bankKey learning points; Questions; Chapter 7: Launching the Attack; Steps to an exploit; Attacking wireless networks; Pen testing wireless; Network sniffing; Firewalls; Intrusion detection and prevention systems (IDS/IPS); Key learning points; Questions; Chapter 8: Attacking Web Applications; The steps in attacking a web application; Questions; Chapter 9: Preparing the Report; Determining risk levels; Risk response; Report confidentiality; Delivering the report; Key learning points; Questions; Appendix 1: Linux; Appendix 2: Encryption; Concepts of cryptography.

Appendix 3: Regulations and LegislationExamples of regulations and legislation; Protection of intellectual property; Appendix 4: Incident Management; Concepts of incident management; Additional Questions and Answers; Answers; References; ITG Resources.

Local Note:

eBooks on EBSCOhost

Subject Term:

Penetration testing (Computer security)

Computer networks -- Security measures.

Computer security -- Evaluation.

Format:

Electronic Resources

Electronic Access:

Click here to view

Publication Date:

2012

Publication Information:

Ely, Cambridgeshire, U.K. : IT Governance Pub., 2012.

Available:*

Shelf Number	Material Type	Copy	Shelf Location	Status
005.8 23	1:E-BOOK	1	1:ONLINE	Searching... Unknown

Bound With These Titles

On Order

Summary

Preparation for the Certified Penetration Testing Engineer (CPTE) examination

Penetration testing is the simulation of an unethical attack of a computer system or other facility to prove how vulnerable that system would be in the event of a real attack. The Certified Penetration Testing Engineer (CPTE) examination provides a widely recognized certification for penetration testers.

The fundamentals of penetration testing

This book is a preparation guide for the CPTE examination, yet is also a general reference for experienced penetration testers, ethical hackers, auditors, security personnel and anyone else involved in the security of an organization's computer systems.

Key areas covered include:

The primary phases of pen testing - reconnaissance, enumeration, vulnerability assessment and the eventual launch of an attack. The preparation of the test report - what information to include in the report and how best to present it to the client. The introduction of new technology - how it can improve business operations (e.g. employee remote access, wireless communications, public-facing web applications), but, at the same time, create new vulnerabilities. Focusing on the techniques

This book avoids a detailed analysis of the tools currently used by today's pen testers, which often come in and out of fashion, and, instead, focuses on the range of techniques employed by professional pen testers around the world.

The author draws on his wealth of experience and provides real-world examples to illustrate the most common pitfalls that can be encountered during both the testing phase and also when delivering the final report.

A successful penetration test not only discovers the vulnerabilities of a system but also determines the level of risk that those vulnerabilities pose to the organization. Readers of this book will gain a better understanding of how to conduct a penetration test, and also how to deliver a client-focused report that assesses the security of the system and whether the level of risk to the organization is within acceptable levels.

Who should read this book?

This book should be read by many, including Penetration Testers, or those studying for the CPTE Exam and Ethical Hackers. Penetration testing is an essential component in any ISO27001 ISMS - so Auditors, Security Officers and Security Personnel should also read this book to understand the vital role Penetration Testing plays in protecting organisations from cyber attacks.

A business-aligned approach to penetration testing - Better defend your systems, intellectual property and values with this essential guide

Author Notes

Henry Kevin :

Kevin Henry has 35 years' experience working on computer systems, initially as an operator on the largest mini-computer installation in Canada, and then in various programmer and analyst roles before moving into computer audit and security.

Kevin currently provides security auditing, training and educational programs for major clients and governments around the world and is a frequent speaker on the security conference circuit.