Читать книгу Penetration Testing For Dummies - Robert Shimonski - Страница 3

1  Cover

2  Introduction About This Book Foolish Assumptions Icons Used in This Book What You’re Not to Read Where to Go from Here

3  Part 1: Getting Started with Pen Testing Chapter 1: Understanding the Role Pen Testers Play in Security Looking at Pen Testing Roles Getting Certified Gaining the Basic Skills to Pen Test Introducing Cybercrime What You Need to Get Started Deciding How and When to Pen Test Taking Your First Steps Chapter 2: An Overview Look at Pen Testing The Goals of Pen Testing Scanning Maintenance Hacker Agenda Doing Active Reconnaissance: How Hackers Gather Intelligence Chapter 3: Gathering Your Tools Considerations for Your Toolkit Nessus Wireshark Kali Linux Nmap

4  Part 2: Understanding the Different Types of Pen Testing Chapter 4: Penetrate and Exploit Understanding Vectors and the Art of Hacking Examining Types of Penetration Attacks Cryptology and Encryption Using Metasploit Framework and Pro Chapter 5: Assumption (Man in the Middle) Toolkit Fundamentals Listening In to Collect Data Chapter 6: Overwhelm and Disrupt (DoS/DDoS) Toolkit Fundamentals Understanding Denial of Service (DoS) Attacks Buffer Overflow Attacks Fragmentation Attacks Smurf Attacks Tiny Packet Attacks Xmas Tree Attacks Chapter 7: Destroy (Malware) Toolkit Fundamentals Malware Ransomware Other Types of Destroy Attacks Chapter 8: Subvert (Controls Bypass) Toolkit Fundamentals Attack Vectors Phishing Spoofing Malware

5  Part 3: Diving In: Preparations and Testing Chapter 9: Preparing for the Pen Test Handling the Preliminary Logistics Gathering Requirements Coming Up with a Plan Having a Backout Plan Chapter 10: Conducting a Penetration Test Attack! Looking at the Pen Test from Inside Documenting Your Every Move Other Capture Methods and Vectors Assessment Prevention

6  Part 4: Creating a Pen Test Report Chapter 11: Reporting Structuring the Pen Test Report Creating a Professional and Accurate Report Delivering the Report: Report Out Fundamentals Updating the Risk Register Chapter 12: Making Recommendations Understanding Why Recommendations Are Necessary Seeing How Assessments Fit into Recommendations Networks Systems General Security Recommendations: All Systems More Recommendations Chapter 13: Retesting Looking at the Benefits of Retesting Understanding the Reiterative Nature of Pen Testing and Retesting Determining When to Retest Choosing What to Retest Running a Pen Retest

7  Part 5: The Part of Tens Chapter 14: Top Ten Myths About Pen Testing All Forms of Ethical Hacking Are the Same We Can’t Afford a Pen Tester We Can’t Trust a Pen Tester We Don’t Trust the Tools Pen Tests Are Not Done Often Pen Tests Are Only for Technical Systems Contractors Can’t Make Great Pen Testers Pen Test Tool Kits Must Be Standardized Pen Testing Itself Is a Myth and Unneeded Pen Testers Know Enough and Don’t Need to Continue to Learn Chapter 15: Ten Tips to Refine Your Pen Testing Skills Continue Your Education Build Your Toolkit Think outside the Box Think Like a Hacker Get Involved Use a Lab Stay Informed Stay Ahead of New Technologies Build Your Reputation Learn about Physical Security Chapter 16: Ten Sites to Learn More About Pen Testing SANS Institute GIAC Certifications Software Engineering Institute (Assorted) Legal Penetration Sites Open Web Application Security Project Tenable Nmap Wireshark Dark Reading Offensive Security

8  Index

9  About the Author

10  Advertisement Page

11  Connect with Dummies

12  End User License Agreement