Acheter d'occasion
EUR 4,25
+ EUR 2,99 (livraison)
D'occasion: Très bon | Détails
Vendu par worldofbooksfr
État: D'occasion: Très bon
Commentaire: The book has been read, but is in excellent condition. Pages are intact and not marred by notes or highlighting. The spine remains undamaged.
Vous l'avez déjà ?
Repliez vers l'arrière Repliez vers l'avant
Ecoutez Lecture en cours... Interrompu   Vous écoutez un extrait de l'édition audio Audible
En savoir plus
Voir cette image

Penetration Tester's Open Source Toolkit (Anglais) Broché – 11 janvier 2006


Voir les formats et éditions Masquer les autres formats et éditions
Prix Amazon Neuf à partir de Occasion à partir de
Broché
"Veuillez réessayer"
EUR 50,65 EUR 4,25

Il y a une édition plus récente de cet article:

Penetration Tester's Open Source Toolkit
EUR 57,85
Bientôt disponible.

Offres spéciales et liens associés


Descriptions du produit

Biographie de l'auteur

Jeremy Faircloth (Security+, CCNA, MCSE, MCP+I, A+) is a Senior Principal IT Technologist for Medtronic, Inc., where he and his team architect and maintain enterprise-wide client/server and Web-based technologies. He is a member of the Society for Technical Communication and frequently acts as a technical resource for other IT professionals through teaching and writing, using his expertise to help others expand their knowledge. As a systems engineer with over 19 years of real-world IT experience, he has become an expert in many areas including Web development, database administration, enterprise security, network design, large enterprise applications and project management. Jeremy is also a contributing author to over a dozen technical books covering a variety of topics.



Détails sur le produit


En savoir plus sur les auteurs

Découvrez des livres, informez-vous sur les écrivains, lisez des blogs d'auteurs et bien plus encore.

Dans ce livre

(En savoir plus)
En découvrir plus
Concordance
Parcourir les pages échantillon
Couverture | Copyright | Table des matières | Extrait | Index
Rechercher dans ce livre:

Commentaires en ligne

Il n'y a pas encore de commentaires clients sur Amazon.fr
5 étoiles
4 étoiles
3 étoiles
2 étoiles
1 étoiles

Commentaires client les plus utiles sur Amazon.com (beta)

Amazon.com: 13 commentaires
28 internautes sur 30 ont trouvé ce commentaire utile 
Four stars if you don't have any other security assessment books 16 mars 2006
Par Richard Bejtlich - Publié sur Amazon.com
Format: Broché
I am not sure why Penetration Tester's Open Source Toolkit (PTOST) was published. If you have no other security assessment books, you may find PTOST helpful. Otherwise, I don't believe this book offers enough value to justify purchasing it. Other books -- some published by Syngress -- cover some of the same ideas, and 5 of PTOST's chapters are published in other books anyway.

I was somewhat confused by PTOST's approach. The book features the logo of the Auditor live CD, along with a foreword by Auditor developer Max Moser. A version of Auditor is included with the book. However, PTOST isn't exactly a guide to Auditor. In fact, only on the back cover do we see a listing of the "CD contents." This list is odd since it does not distinguish between categories of tools (e.g., "Forensics") and the tools themselves (e.g., "Autopsy"). At the very least the book should have included an appendix listing the Auditor tools and a summary of their purpose.

PTOST does not feature enough original content to warrant buying the book. I think Osborne's Hacking Exposed, 5th Ed (HE5E) (or even the 4th Ed) addresses the phases of compromise in a more coherent and valuable manner. This is especially true for Ch 1 (Reconnaissance) and Ch 2 (Enumeration and Scanning); is there really anything original left to say on those subjects? I admit that coverage of certain SensePost tools was helpful, and SpiderFoot was cool.

Those looking to learn about database assessment (Ch 3) or Web hacking (Ch 4) would be better served by Syngress' own Special Ops: Host and Network Security for Microsoft, Unix, and Oracle. HE5E has a good chapter on Web hacking, and there's even a Hacking Exposed: Web Applications (HEWA) book. (A second edition of HEWA arrives this year, as does Syngress' new Web Application Security: A Guide for Developers and Penetration Testers.) However, I did like hearing about OScanner, SQLAT, and OAT in Ch 3.

Ch 5 (Wireless Penetration Testing Using Auditor), was one of my favorite chapters. It covered the material well enough, and it covered tools included with Auditor. The case studies were also helpful. Ch 6 (Network Devices) resembled Chs 1 and 2; it didn't contain anything really new. I could not understand why Ch 7 (Writing Open Source Security Tools) appeared in a book more or less about using a penetration testing live CD. The audiences for those using live CDs and those writing their own tools seem very different.

I also liked Ch 8 (Running Nessus from Auditor). Like Ch 5, it looked at the unique problems one encounters using a live CD for security work. For example, author Johnny Long offers multiple ways to update the Nessus plugins to a USB drive. This is exactly the sort of knowledge not found in other Nessus books. He also takes a look behind the scenes of the Nessus startup script on Auditor. Bravo.

I stopped reading PTOST after Ch 8. Why? Chs 9, 12, and 13 are published in Syngress' Writing Security Tools and Exploits (as Chs 9, 10, and 11). Chs 10 and 11 from PTOST are the same as Chs 3 and 4 from Syngress' Nessus, Snort, and Ethereal Power Tools. This tendency to reprint chapters from other books is worrisome.

I believe a second edition of PTOST would be more helpful if it focused strictly on tools found on a future assessment live CD, namely BackTrack. (BackTrack is a new live CD uniting the Auditor and Whax projects.) In fact, the authors might consider taking a case-based approach for the whole book. I thought the case studies in PTOST were some of the best material. For those looking for a comprehensive guide to security assessment, I recommend waiting for a second edition of Special Ops. Those who want a wide-ranging guide to security tools will like the recently published third edition of Osborne's Anti-Hacker Toolkit.
6 internautes sur 7 ont trouvé ce commentaire utile 
Good introduction to tools you might not have used before 23 février 2006
Par Kyle Maxwell - Publié sur Amazon.com
Format: Broché Achat vérifié
The Penetration Tester's Open Source Toolkit is a new offering from Syngress that primarily focuses on using the Auditor live CD. The 200605-02-ipw2100 version comes included with the book; if you have an IPW2200 wireless interface in your laptop, though, the 802.11x tools won't work as it doesn't include the proper driver.

The book walks through using a number of Open Source or free tools for overall reconnaissance, enumeration, and scanning (most of which everyone's seen before), but then it delves into database, web application, and wireless testing as well as network devices. There's a chapter on "Writing Open Source Security Tools", but it's a little misleading as it's a quick guide to writing security tools without any real discussion of open source development or what it means other than an appendix that briefly includes and talks about the GPL and why it's good.

There are four chapters on Nessus, most of which focus on using NASL and other ways of extending the venerable vulnerability scanner. The final two chapters discuss the Metasploit Project; the first of these is also misleading as it's not so much about "Extending Metasploit" as it is an (admittedly good) introduction to the Framework. The second does a decent walkthrough of developing an exploit with Metasploit, including other offerings from the project like the Opcode Database and such.

It's a very useful book; much of it you'll already know, but there's a lot of discussion about tools that I hadn't seen before. A few of the tools are mostly out-dated, and not all of them are on the Auditor CD, but this goes beyond simple discussions of nmap and whois; even some Google tools from Sensepost are examined. The database chapter features a lot of great information about Oracle but is cursory in its discussion of SQL Server (though I'll be reviewing another book focusing on database testing in the near future). The other topic areas receive decent coverage, if somewhat fast-paced from time to time.

I'm not an expert in NASL, so all I can say about the Nessus chapters is that they appear fairly in-depth and should be useful to me in the future; if you don't know much about scripting for Nessus, at a minimum they'll be a good introduction. The Metasploit Framework was something I'd never used before, but with the help of this book and a few other resources on the Net, it's immediately become a staple in my toolbox along with venerable testing resources like nmap and Nessus - the software is that good, and the text here is clear enough that you should be able to get started with it right away.

Overall, I'm pretty pleased with this book, but it's not as in-depth as I had expected when it arrived. Even though the book is 678 pages long, not including the GPL or the index, the type face is fairly large and there are a lot of examples and sidebars. I'd like a little wider margins and a little smaller point size so that I could make better notes. There are a number of typos, few of which have any technical signifance (those that do are mostly incorrect acronym explications). The technical level feels just right to me for a mid-level security consultant: this is deeper than Hacking Exposed but it's not quite as technical as Hacking: The Art of Exploitation. It won't hold your hand, but you don't need to understand assembly and the intricacies of buffer overflows for all but a few portions of the book (it would be a good idea for you to learn them, though!) Also note that the book focuses on vulnerability assessment; further exploitation of a compromised system is not really discussed. That is, tools and techniques to demonstrate vulnerabilities are shown, but once you're in, you're on your own.

I'd recommend this to anyone involved in vulnerability assessment or penetration testing, whether as a consultant, system administrator, security engineer, etc., if for no other reason than it may introduce you to some tools you haven't seen before.
16 internautes sur 23 ont trouvé ce commentaire utile 
Save your money and wait for an improved edition. 5 janvier 2006
Par The White Rabbit - Publié sur Amazon.com
Format: Broché
What a disappointment.

Although this book tries to be a comprehensive source of information on pen-testing, it's so riddled with technical errors as to be useless on its own.

Experienced x86 Assembly programmers will surely enjoy the discussion of buffer overflows, where the author reveals that a POP instruction is actually an acronym for 'Point of Presence' (among other gems).

Overall, I'd say that 10% of the info is usable, and the remainder is suspect.

Definitely wasn't worth the wait or the $$. Future editions might end up being worthwhile if they do some severe editing, otherwise there are many other far more useful books available on this topic.
3 internautes sur 4 ont trouvé ce commentaire utile 
great intro on how to use many tools used for pen-testing 17 janvier 2006
Par Joseph P. Bowling - Publié sur Amazon.com
Format: Broché
I found this book to be a great way to learn how to use many of the tools used in vulnerability assements/pen-testing as well as some methodology. In particular i found the chapters 1 and 2 on recon/scanning to be preatty through (150 pages to the topic). Alot of the ideas covered in these tow chapters can be read elsewhere but not to this level of complete throughness. The book goes preatty deep into not just using Nessus but how to use NASL. It also covers at an "intro-level" on testing databases (MSSQL, Oracle), Web apps, and starting to code in Perl and C#. Outside of that the rest of the book is mainly devoted to using tools with lots of screenshots which i found helpful.

My personal favorite chapter was 13. It is a very well done discussion of how buffer overflows are exploited and how to build exploits and payloads using the Metaspolit framework. The topic can be very complex yet the author managed to make it very readable. I was so impressed i decided that i will read another book by the author (James Foster) on the topic.

Overall i found this book is great for folks who already have an idea in mind what they want to accomplish. This book just tells you how to use the right tool for the job.
Good review of currently available software 25 septembre 2006
Par Harold McFarland - Publié sur Amazon.com
Format: Broché
Title: Penetration Tester's Open Source Toolkit

Author: Johnny Long, Aaron Bayles, James Foster, Chris Hurley, Mike Petruzzi Noam Rathaus, Mark Wolfgang

Publisher: Syngress Publishing, Inc.

800 Hingham Street

Rockland, MA 02370

Copyright: 2006

ISBN: 1597490210

Pages: 678 plus appendix and index

This book not only covers what tools are available for penetration testing but also details how to use them to effectively test the system. Some of the tools, such as whois and ping, will be very familiar to the Linux user and most power users of other operating systems. Other tools are less familiar but very powerful and a real insight into what can be done to gather information on a system before attempting to penetrate it. Part of what makes this book really interesting is the way the authors approach this subject. They don't walk the reader through all the details of a handful of tools but instead they take a task-oriented approach. For example they go first through enumerating and scanning a system, then testing databases, web server testing, web application testing, wireless penetration and network devices. They then end this section with information about writing open source security tools. Chapter 8 starts a section on the Open Source vulnerability scanner Nessus. It automatically finds many problems in the system by trying to penetrate it using various scripts. The results are captured and the generated reports detail the information it was able to obtain. This is a very powerful testing product and one of the most common ones you will find in the marketplace.

The authors detail how to set up a Nessus client and server, scan the system and understand the results. Although almost three hundred pages are dedicated to Nessus it is a very powerful and highly configurable program that can consume a full book by itself to use its full potential. Penetration Tester's Open Source Toolkit is highly recommended, insightful, and very interesting to read and experiment with.
Ces commentaires ont-ils été utiles ? Dites-le-nous


Commentaires

Souhaitez-vous compléter ou améliorer les informations sur ce produit ? Ou faire modifier les images?