- English
- ePUB (mobile friendly)
- Available on iOS & Android
eBook - ePub
Penetration Testing For Dummies
About this book
Target, test, analyze, and report on security vulnerabilities with pen testing
Pen Testing is necessary for companies looking to target, test, analyze, and patch the security vulnerabilities from hackers attempting to break into and compromise their organizations data. It takes a person with hacking skills to look for the weaknesses that make an organization susceptible to hacking.
Pen Testing For Dummies aims to equip IT enthusiasts at various levels with the basic knowledge of pen testing. It is the go-to book for those who have some IT experience but desire more knowledge of how to gather intelligence on a target, learn the steps for mapping out a test, and discover best practices for analyzing, solving, and reporting on vulnerabilities.
- The different phases of a pen test from pre-engagement to completion
- Threat modeling and understanding risk
- When to apply vulnerability management vs penetration testing
- Ways to keep your pen testing skills sharp, relevant, and at the top of the game
Get ready to gather intelligence, discover the steps for mapping out tests, and analyze and report results!
Frequently asked questions
Yes, you can cancel anytime from the Subscription tab in your account settings on the Perlego website. Your subscription will stay active until the end of your current billing period. Learn how to cancel your subscription.
No, books cannot be downloaded as external files, such as PDFs, for use outside of Perlego. However, you can download books within the Perlego app for offline reading on mobile or tablet. Learn more here.
Perlego offers two plans: Essential and Complete
- Essential is ideal for learners and professionals who enjoy exploring a wide range of subjects. Access the Essential Library with 800,000+ trusted titles and best-sellers across business, personal growth, and the humanities. Includes unlimited reading time and Standard Read Aloud voice.
- Complete: Perfect for advanced learners and researchers needing full, unrestricted access. Unlock 1.4M+ books across hundreds of subjects, including academic and specialized titles. The Complete Plan also includes advanced features like Premium Read Aloud and Research Assistant.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, weâve got you covered! Learn more here.
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Yes! You can use the Perlego app on both iOS or Android devices to read anytime, anywhere â even offline. Perfect for commutes or when youâre on the go.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app.
Yes, you can access Penetration Testing For Dummies by Robert Shimonski in PDF and/or ePUB format, as well as other popular books in Computer Science & Cyber Security. We have over one million books available in our catalogue for you to explore.
Information
Part 1
Getting Started with Pen Testing
IN THIS PART âŚ
Dive into the world of pen testing by exploring the skills and certifications necessary to get started.
Learn what kind of hackers there are, what goals youâll have as a pen tester, and the basics of scan maintenance.
Build your pen testing toolkit.
Chapter 1
Understanding the Role Pen Testers Play in Security
IN THIS CHAPTER
Penetration (or pen, for short) testing is one of the hottest up and coming skills any IT professional needs to have. As more and more technology takes over our world, the need to ensure itâs safe and secure is at the forefront. Companies are actively looking for professionals with a background in IT security and the ability to do penetration testing.
As a pen tester, you need a solid understanding of how an attacker can access your systems and how they can conduct attacks. Not to fear, I walk you through these attacks and the mind of the hacker. You have to truly think like a hacker to be a good pen tester, which is why pen testers are called white hats, grey hats, or ethical hackers, which I explain in more depth in Chapter 2.
I also lay out everything you need to know about security vulnerabilities and introduce you to the tools, techniques, and skills that todayâs most elite pen testers use on a daily basis to conduct penetration tests that keep their companyâs assets safe.
I get to all that and more throughout the book, but in this chapter, I cover the basics, starting with what roles a pen tester can hold in a company. I move from there into the importance of getting certified and what skills are required. I end the chapter with a couple sections that can set you on the path to becoming a competent and sought-after pen tester.
Looking at Pen Testing Roles
The security arena has myriad names applied to anyone who does good or bad security stuff. If youâre new to pen testing, all that can be highly confusing. To clear up any and all confusion on the matter, I dedicate this section to describing the good guys who do pen testing and what roles you might have as a pen tester. (See Chapter 2 for a breakdown of the baddies.)
The pen testerâs role is to penetrate and to ethically hack to find weaknesses within a companyâs IT security program. Securing the weaknesses might be someone elseâs responsibility. You may or may not be responsible for making recommendations based on the weaknesses you uncover, but I discuss that task in Chapter 12.
Crowdsourced pen testers
As big data grows as a concept and more and more systems grow in complexity and size, especially as companies move into cloud architecture and outsourced solutions, there is a need to leverage additional resources to stay on top of all the latest risks, issues, and threats. As more and more systems join massive compute models and virtualized systems are used in new architectural models, the global community of good guys (white hat hackers) can bring a wide array of benefits to the table.
Crowdsourcing is a form of security where pen testing is done via group-based team efforts of enthusiasts (who can also be experts) for the purpose of testing systems managed by enterprises much the same way a constant group may. For example, a crowdsource pen test group may be contacted to run the same types of attacks against you that a consultant may and report on their findings.
Crowdsourced pen testing is no different than any other crowdsourced solution. Youâre using multiple resources to conduct your tasks to get a better outcome by leveraging a large pool of resources, knowledge, and abilities. But if youâre concerned about privacy and legal exposure, go with a consultant.
You can find crowdsourcers at sites such as
www.hackerone.com. Join and offer your services or find pen testers to help you out with a project.In-house security pro
In-house security operations versus consulting services for hire (which I discuss in the next section) are generally how pen testers work in the field. Large companies and government agencies generally employ in-house operations engineers who conduct pen tests for the business they work for.
Smaller organizations canât always afford to keep staff of this kind, and they often donât have enough work to keep them busy. Sometimes conducting pen tests isnât a dedicated position but is a task given to a systems administrator, a network engineer, or other IT professional in the organization.
An in-house employee whoâs dedicated to securing the organizationâs interests, assets, and reputation is often called a security analyst. This is someone employed full-time by a company, firm, or business (public, private, non-profit, government, military, or otherwise) who is responsible for providing security services. Thatâs a broad term for what can be a very detailed role requiring a variety of security functions, the skills needed, and the tools that are used.
Depending on the organization and the exact role, security analysts might have many other names, such as these (not a complete list):
- Chief Information Security Officer (CISO)
- Security architect
- Security engineer
- Security operations staff
- Risk analyst
- Forensics technician
- Security practitioner
These are obviously more detailed roles within security, but they all work with security, and they all analyze security at some level of degree.
Generally, to become a good security analyst you need to absorb, learn, or train in many other areas so you have a holistic view of the enterprise you are charged with securing. I discuss what you need to know in the later section, âGaining the Basic Skills to Pen Test.â
Security consultant
You can hire a consultant to conduct a pen test for you or your firm. Consultants are for hire either as independent contractors or as part of firms you can hire. This may save you time and money in the future.
Consultants at times work for firms that specialize in security or provide security services under a contract. This means that they can scan remotely (externally) or come onsite and scan internally and do more ...
Table of contents
- Cover
- Table of Contents
- Introduction
- Part 1: Getting Started with Pen Testing
- Part 2: Understanding the Different Types of Pen Testing
- Part 3: Diving In: Preparations and Testing
- Part 4: Creating a Pen Test Report
- Part 5: The Part of Tens
- Index
- About the Author
- Advertisement Page
- Connect with Dummies
- End User License Agreement