Building Virtual Pentesting Labs for Advanced Penetration Testing (Anglais) Broché – 20 juin 2014
|Neuf à partir de||Occasion à partir de|
- Choisissez parmi 17 000 points de collecte en France
- Les membres du programme Amazon Premium bénéficient de livraison gratuites illimitées
- Trouvez votre point de collecte et ajoutez-le à votre carnet d’adresses
- Sélectionnez cette adresse lors de votre commande
Les clients ayant acheté cet article ont également acheté
Descriptions du produit
Présentation de l'éditeur
About This Book
- Build and enhance your existing pentesting methods and skills
- Get a solid methodology and approach to testing
- Step-by-step tutorial helping you build complex virtual architecture
Who This Book Is For
If you are a penetration tester, security consultant, security test engineer, or analyst who wants to practice and perfect penetration testing skills by building virtual pentesting labs in varying industry scenarios, this is the book for you. This book is ideal if you want to build and enhance your existing pentesting methods and skills. Basic knowledge of network security features is expected along with web application testing experience.
What You Will Learn
- Build routers, firewalls, and web servers to hone your pentesting skills
- Deploy and then find the weaknesses in a firewall architecture
- Construct a layered architecture and perform a systematic process and methodology to use for conducting an external test
- Get introduced to several of the different security testing methodologies
- Design monitored environments and evade them
- Create complex architecture
- Bypass antivirus and other protection
- Practice methods of evasion against today's top defenses
- Leverage the client configuration
A penetration test, also known as pentest, is a method of assessing computer and network security by replicating an attack on a computer system or network from the outside world and internal threats. With the increase of advanced hackers and threats to our virtual world, pentesting is an absolute necessity.
Building Virtual Pentesting Labs for Advanced Penetration Testing will teach you how to build your own labs and give you a proven process to test these labs; a process that is currently used in industry by global pentesting teams. You will also learn a systematic approach to professional security testing, building routers, firewalls, and web servers to hone your pentesting skills.
Biographie de l'auteur
Kevin Cardwell currently works as a freelance consultant and provides consulting services for companies all over the world. He developed the Strategy and Training Development Plan for the first Government CERT in the country of Oman and developed the team to man the first Commercial Security Operations Center there. He has worked extensively with banks and financial institutions throughout the Middle East, Africa, Europe, and the UK. He currently provides consultancy services to commercial companies, governments, major banks, and financial institutions across the globe. He is the author of the book Backtrack – Testing Wireless Network Security, Packt Publishing.
Aucun appareil Kindle n'est requis. Téléchargez l'une des applis Kindle gratuites et commencez à lire les livres Kindle sur votre smartphone, tablette ou ordinateur.
Pour obtenir l'appli gratuite, saisissez votre numéro de téléphone mobile.
Détails sur le produit
Commentaires en ligne
Commentaires client les plus utiles sur Amazon.com (beta)
The book reviews what security testing is (I totally agree with the author's statement) and how to develop it (ch.1). A few common standard pentesting methodologies, including OSSTMM and NIST (ch.5), are also discussed with enough detail to understand how to approach the building of a virtual pentesting lab.
The author deals with virtual software products available, from no cost solutions (open source and free) to commercial ones. He also discusses image conversion, even physical-2-virtual, making the chapter 2 the most complete up-to-date description of virtualization types and products available.
How to define our virtual lab components and connections, and design it accordingly is masterfully approached (ch.3&4). It provides helpful links to resourceful sites, and develops a base architecture that is then extended as we further advance though the rest of the book. All along the book, the author provides shares his experience with many hints, which is so great!
From chapter 6 to 8, networking is extensively reviewed and different ways to introduce several network components to our virtual architecture are presented (including firewalls and IDS). Those chapters again are excellent as the aim of the book is to build a virtual lab similar to a real-world environment we could find during a pentest.
Web servers, web applications and web application firewalls (WAF) are also discussed in the book. But remember it's not a book about how-to-pentesting, so do not expect long descriptions of web attacks (you should already know how to pentest a web app, shouldn't you?). The good news are that instructions on how to deploy (and test with nmap and wafw00f) WAF in your lab are given, so you can have a better understanding on how to approach real scenarios.
Next three chapters review vuln scanning, host protection, server attacking and client-side vectors. Though they are not covered in detail (that's not a how-to-pentest book), it's good to read the experienced author's point-of-view.
The final chapter puts all above components together. Being the goal of building such a virtual pentesting lab to practice our skills, I feel the book covers building the lab so masterfully, and reveals some hints in attacking it, so the author accomplishes the book's title.
Experienced guidance, clear descriptions, plenty of hints. A must read for security and security-concerned professionals. Thanks Mr.Cardwell for such a great book and inspiration!
Publisher Link: http://bit.ly/1p9Wgtl
I really appreciate the use of Open Source Software, I've read quite a few pentesting books and this book goes right to the top of the list. Setting up the environments can be challenging at first, but I'd recommend building a few ISO images of the entire workbench you create so you can recover and damage it as many times as you like. Metasploit was probably one of my favorite exploitation software packages, building the payload is pretty cool but once you learn what the meanings of everything are, you get a false sense of security and then realize just how insecure you're information (data) is.
The range of attacks in this book are pretty good, and each is covered even though I'd love to have an entire book on each of the topics this book did a wonderful job of covering each topic. One of the most important things you'll take away from this book is not only what types of attacks exists, but how to avoid them and "UPDATE your system often." I appreciate how everything is categorized and laid out in an easily digestible format. I highly recommend this book if you're wanting to learn about security in the IT world, even if you're a home user it's important to protect your family from cyber crimes and attacks. This book delivered!