|
Title: [Article]-Book Review: Professional Penetration Testing Post by: don on September 25, 2009, 03:11:59 PM Here's another grand experiemnt. Ask a member who is actively involved in a discussion on a new book to continue that debate with a review of the book itself. IMHO, it turned out quite well. We may just have to try it again. Thanks Andrew.
Permanent link: [Article]-Book Review: Professional Penetration Testing (http://www.ethicalhacker.net/content/view/277/2/) Quote EH-Net Exclusive - Free Download of Chapter 4: Setting Up Your Lab Review by Andrew Waite, EH-Net Member, InfoSanity.co.uk (http://www.infosanity.co.uk/) When I first heard about Thomas Wilhelm's new book in my Twitter feed, the title immediately caught my attention, 'Professional Penetration Testing: Creating and Operating a Formal Hacking Lab (http://www.amazon.com/dp/1597494259?tag=thedigitalcon-20&camp=14573&creative=327641&linkCode=as1&creativeASIN=1597494259&adid=0146GHM3FER1CFNJHBXA&).' As I'm currently trying to build up my own training and testing environment, this tome promised to provide answers to all my questions. A quick Google search to learn more and a useful discussion right here in the EH-Net Forums (http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,4514.0/) left me surprised that the release of the book had managed to slip underneath my radar. So when offered a chance to get my hands on the material and provide a review for those that had similarly managed to miss the release, I jumped at the chance. The unique selling point of this resource over potential alternatives if best highlighted by the author's own foreword, “This book is a divergence from most books as it discusses professional penetration testing from conception to completion. Rather than focusing solely on information system vulnerability identification and exploitation, by the end of this book we will have examined all aspects of a professional penetration test, including project management, organizational structures, team building, career development, metrics, reporting, test-data archival methods, risk management, and training...in addition to... information gathering, vulnerability identification, vulnerability exploitation, privilege escalation, maintaining access, and covering our tracks.” OK... now I'm totally hooked. Let's see if Mr. Wilhelm can reel me in. Let us know what you think of the review and also your thoughts on the book itself. Don Title: Re: [Article]-Book Review: Professional Penetration Testing Post by: don on September 25, 2009, 05:49:15 PM BTW - Thomas Wilhelm will be on PaulDotCom tonight:
http://www.pauldotcom.com/wiki/index.php/Episode169 Don Title: Re: [Article]-Book Review: Professional Penetration Testing Post by: Ketchup on September 25, 2009, 11:30:44 PM Very nice! I may have to pick up a copy of the book, although I am very behind in my reading.
Title: Re: [Article]-Book Review: Professional Penetration Testing Post by: ethicalhack3r on September 26, 2009, 05:57:38 AM Great review Andrew. Will have to add this one to my 'to buy' list. :)
Title: Re: [Article]-Book Review: Professional Penetration Testing Post by: Andrew Waite on September 26, 2009, 07:46:57 AM Hope you all like the review.
This is my first book review, feedback (good & bad) would be appreciated. Title: Re: [Article]-Book Review: Professional Penetration Testing Post by: rvs on September 26, 2009, 07:06:02 PM guys, where is chapter 4 free download ??? :p
Title: Re: [Article]-Book Review: Professional Penetration Testing Post by: don on September 26, 2009, 07:55:04 PM Click on the permanent link to the review article, and you can't miss it. :o
Our little way of getting people to at least look at the review. Small price to pay for the free chapter. ;) Don Title: Re: [Article]-Book Review: Professional Penetration Testing Post by: UNIX on September 27, 2009, 02:38:54 PM Thanks for the review. Will probably order a copy of it as well.
Title: Re: [Article]-Book Review: Professional Penetration Testing Post by: dalepearson on September 28, 2009, 04:02:08 AM Andrew nice review and thanks for taking the time.
I guess what I am wondering, and not sure if its clear from the review is the following: Alot of the content you mention is available on the interubes, opensource goodness. Granted the book pulls it together but it is worth it for the security professional? I am kinda thinking not? I guess as you hint to, this book is for someone new coming to the field. Good review, not sure if I will be buying (perhaps I can borrow your copy, lol) Title: Re: [Article]-Book Review: Professional Penetration Testing Post by: Andrew Waite on September 28, 2009, 04:42:01 AM Good question, and one I was hoping wouldn't be asked.
I think the book could easily become the de-facto standard for those entering the field and wantin to get their hands dirty. Not only does it do a good job of explaining the basics, the courseware videos help drive the topics home and the focus of a hands on approach with exercises in a virtual lab will help anyone get hands experience with the tools. But as you state, most of the tools and resources are freely available, with some good levels of documentation and tutorials available. On a technical side you may be able to cover all the material without additional expense, but if you learn like me you'll be able to pick the material up quicker and with more focus with a good resource to help guide you. You need to weigh up the cost of the book against the value of the additional time you may need to go it alone. The project management and professional aspect (IMHO) is what really helps the book stand out from the crowd. Depending what you want out of the material the book could be useful to professionals at any stage providing you have a good understanding of what the book is and isn't. False (self perpetuated) expectations are what lead to my initial disappointment, hopefully the review will help avoid others having the same experience. Bottom line though, I think the book is a good addition to my bookcase. Title: Re: [Article]-Book Review: Professional Penetration Testing Post by: jason on October 12, 2009, 10:48:10 AM Cool to see this getting some attention. Thom is in my local ISSA chapter :)
Title: Re: [Article]-Book Review: Professional Penetration Testing Post by: timmedin on October 14, 2009, 10:36:10 PM BTW - Thomas Wilhelm will be on PaulDotCom tonight: http://www.pauldotcom.com/wiki/index.php/Episode169 Don The book didn't sound that interesting but the interview on PaulDotCom really piqued my interest. I've got it on my to-buy list. Don, can you provide a link to Amazon or wherever that will give affiliate credit to EH.net? Title: Re: [Article]-Book Review: Professional Penetration Testing Post by: don on October 15, 2009, 10:06:46 AM Sure thing. Use THIS LINK (http://www.amazon.com/dp/1597494259?tag=thedigitalcon-20&camp=14573&creative=327641&linkCode=as1&creativeASIN=1597494259&adid=15GT71TAS05KDZE9DWW8&).
BTW - All book reviews have that picture of the book with the price, author, etc. It is linked to my affiliate account, so click away. And thanks for asking. Every little bit helps. Now if we could just get everyone to also use the other links for things like SANS training & CBT Nuggets. ;) Don Title: Re: [Article]-Book Review: Professional Penetration Testing Post by: Kev on October 22, 2009, 06:01:08 PM Andrew nice review and thanks for taking the time. What training program out there doesn't include lots of open source tools,etc... that you find easily on the net? Its really about how the material is presented and made accessible to those new to the subject. Good job on the review and thanks for the effort. I guess what I am wondering, and not sure if its clear from the review is the following: Alot of the content you mention is available on the interubes, opensource goodness. Granted the book pulls it together but it is worth it for the security professional? I am kinda thinking not? I guess as you hint to, this book is for someone new coming to the field. Good review, not sure if I will be buying (perhaps I can borrow your copy, lol) Title: Re: [Article]-Book Review: Professional Penetration Testing Post by: impelse on October 22, 2009, 10:12:43 PM It's a good book, it help you to see the penetration testing from the business perspective like the project manager and from the penentration tester. I like one part when said about how the engineer conentrate to much in one part that forget that he has limited time to complete the job, jajajaja. Remember, most of the time the charge by time.
Title: Re: [Article]-Book Review: Professional Penetration Testing Post by: kennut on January 15, 2010, 08:35:10 AM brought this book last month, now I'm on chapter 4. haven't play with the DVD that comes with it, but the whole book is interesting to read. ;D
Title: Re: [Article]-Book Review: Professional Penetration Testing Post by: impelse on January 15, 2010, 08:51:08 AM It's a good book, the DVD has two training they are great.
Title: Re: [Article]-Book Review: Professional Penetration Testing Post by: don on February 09, 2010, 11:29:31 AM Submitted to Digg:
http://digg.com/security/Book_Review_Professional_Penetration_Testing Don Title: Re: [Article]-Book Review: Professional Penetration Testing Post by: hayabusa on February 09, 2010, 12:02:48 PM Yeah I got my copy, and am enjoying it, as well. Haven't finished... (darn work time gets in the way... :P ) But Thomas wrote a good one, from what I've read so far!
Powered by SMF 1.1.18 |
SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com |