HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 48 guests and 1 member online
 
Free Business and Tech Magazines and eBooks

You are here: Home arrow Featuresarrow Book Reviewsarrow [Article]-Book Review: Professional Penetration Testing
EH-Net
May 22, 2013, 05:46:40 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Go back to The Ethical Hacker Network Online Magazine Home Page
 
   Home   Help Calendar Login Register  
Pages: [1] 2   Go Down
« previous next »
  Print  
Author Topic: [Article]-Book Review: Professional Penetration Testing  (Read 26607 times)
0 Members and 1 Guest are viewing this topic.
don
Editor-In-Chief
Administrator
Hero Member
*****
Offline Offline

Posts: 4165


Editor-In-Chief


View Profile WWW
« on: September 25, 2009, 03:11:59 PM »
Here's another grand experiemnt. Ask a member who is actively involved in a discussion on a new book to continue that debate with a review of the book itself. IMHO, it turned out quite well. We may just have to try it again. Thanks Andrew.

Permanent link: [Article]-Book Review: Professional Penetration Testing

Quote

EH-Net Exclusive - Free Download of Chapter 4: Setting Up Your Lab 

Review by Andrew Waite, EH-Net Member, InfoSanity.co.uk

When I first heard about Thomas Wilhelm's new book in my Twitter feed, the title immediately caught my attention, 'Professional Penetration Testing: Creating and Operating a Formal Hacking Lab.' As I'm currently trying to build up my own training and testing environment, this tome promised to provide answers to all my questions. A quick Google search to learn more and a useful discussion right here in the EH-Net Forums left me surprised that the release of the book had managed to slip underneath my radar. So when offered a chance to get my hands on the material and provide a review for those that had similarly managed to miss the release, I jumped at the chance.

The unique selling point of this resource over potential alternatives if best highlighted by the author's own foreword, “This book is a divergence from most books as it discusses professional penetration testing from conception to completion. Rather than focusing solely on information system vulnerability identification and exploitation, by the end of this book we will have examined all aspects of a professional penetration test, including project management, organizational structures, team building, career development, metrics, reporting, test-data archival methods, risk management, and training...in addition to... information gathering, vulnerability identification, vulnerability exploitation, privilege escalation, maintaining access, and covering our tracks.”
         
OK... now I'm totally hooked. Let's see if Mr. Wilhelm can reel me in.


Let us know what you think of the review and also your thoughts on the book itself.

Don
Logged
CISSP, MCSE, CSTA, Security+ SME
don
Editor-In-Chief
Administrator
Hero Member
*****
Offline Offline

Posts: 4165


Editor-In-Chief


View Profile WWW
« Reply #1 on: September 25, 2009, 05:49:15 PM »
BTW - Thomas Wilhelm will be on PaulDotCom tonight:

http://www.pauldotcom.com/wiki/index.php/Episode169

Don
Logged
CISSP, MCSE, CSTA, Security+ SME
Ketchup
Hero Member
*****
Offline Offline

Posts: 1021



View Profile
« Reply #2 on: September 25, 2009, 11:30:44 PM »
Very nice!  I may have to pick up a copy of the book, although I am very behind in my reading.
Logged
~~~~~~~~~~~~~~
Ketchup
ethicalhack3r
Full Member
***
Offline Offline

Posts: 139


View Profile WWW
« Reply #3 on: September 26, 2009, 05:57:38 AM »
Great review Andrew. Will have to add this one to my 'to buy' list.  Smiley
Logged
Andrew Waite
Hero Member
*****
Offline Offline

Posts: 928



View Profile WWW
« Reply #4 on: September 26, 2009, 07:46:57 AM »
Hope you all like the review.

This is my first book review, feedback (good & bad) would be appreciated.
Logged
-- http://www.infosanity.co.uk
-- http://blog.infosanity.co.uk
rvs
Jr. Member
**
Offline Offline

Posts: 94


View Profile
« Reply #5 on: September 26, 2009, 07:06:02 PM »
guys, where is chapter 4 free download Huh :p
Logged
don
Editor-In-Chief
Administrator
Hero Member
*****
Offline Offline

Posts: 4165


Editor-In-Chief


View Profile WWW
« Reply #6 on: September 26, 2009, 07:55:04 PM »
Click on the permanent link to the review article, and you can't miss it.  Shocked

Our little way of getting people to at least look at the review. Small price to pay for the free chapter.  Wink

Don
Logged
CISSP, MCSE, CSTA, Security+ SME
UNIX
Hero Member
*****
Offline Offline

Posts: 1235


View Profile
« Reply #7 on: September 27, 2009, 02:38:54 PM »
Thanks for the review. Will probably order a copy of it as well.
Logged
dalepearson
Sr. Member
****
Offline Offline

Posts: 357


View Profile WWW
« Reply #8 on: September 28, 2009, 04:02:08 AM »
Andrew nice review and thanks for taking the time.
I guess what I am wondering, and not sure if its clear from the review is the following: Alot of the content you mention is available on the interubes, opensource goodness. Granted the book pulls it together but it is worth it for the security professional? I am kinda thinking not?

I guess as you hint to, this book is for someone new coming to the field.

Good review, not sure if I will be buying (perhaps I can borrow your copy, lol)
Logged
:: Subliminal Hacking :: / :: Security Active Blog ::
Andrew Waite
Hero Member
*****
Offline Offline

Posts: 928



View Profile WWW
« Reply #9 on: September 28, 2009, 04:42:01 AM »
Good question, and one I was hoping wouldn't be asked.

I think the book could easily become the de-facto standard for those entering the field and wantin to get their hands dirty. Not only does it do a good job of explaining the basics, the courseware videos help drive the topics home and the focus of a hands on approach with exercises in a virtual lab will help anyone get hands experience with the tools.

But as you state, most of the tools and resources are freely available, with some good levels of documentation and tutorials available. On a technical side you may be able to cover all the material without additional expense, but if you learn like me you'll be able to pick the material up quicker and with more focus with a good resource to help guide you. You need to weigh up the cost of the book against the value of the additional time you may need to go it alone.

The project management and professional aspect (IMHO) is what really helps the book stand out from the crowd. Depending what you want out of the material the book could be useful to professionals at any stage providing you have a good understanding of what the book is and isn't. False (self perpetuated) expectations are what lead to my initial disappointment, hopefully the review will help avoid others having the same experience.

Bottom line though, I think the book is a good addition to my bookcase.
Logged
-- http://www.infosanity.co.uk
-- http://blog.infosanity.co.uk
jason
Hero Member
*****
Offline Offline

Posts: 1012



View Profile WWW
« Reply #10 on: October 12, 2009, 10:48:10 AM »
Cool to see this getting some attention. Thom is in my local ISSA chapter Smiley
Logged
timmedin
Sr. Member
****
Offline Offline

Posts: 469



View Profile WWW
« Reply #11 on: October 14, 2009, 10:36:10 PM »
Quote from: don on September 25, 2009, 05:49:15 PM
BTW - Thomas Wilhelm will be on PaulDotCom tonight:

http://www.pauldotcom.com/wiki/index.php/Episode169

Don

The book didn't sound that interesting but the interview on PaulDotCom really piqued my interest. I've got it on my to-buy list.

Don, can you provide a link to Amazon or wherever that will give affiliate credit to EH.net?
Logged
twitter.com/timmedin | http://blog.securitywhole.com
don
Editor-In-Chief
Administrator
Hero Member
*****
Offline Offline

Posts: 4165


Editor-In-Chief


View Profile WWW
« Reply #12 on: October 15, 2009, 10:06:46 AM »
Sure thing. Use THIS LINK.

BTW - All book reviews have that picture of the book with the price, author, etc. It is linked to my affiliate account, so click away. And thanks for asking. Every little bit helps. Now if we could just get everyone to also use the other links for things like SANS training & CBT Nuggets.  Wink

Don
Logged
CISSP, MCSE, CSTA, Security+ SME
Kev
Sr. Member
****
Offline Offline

Posts: 428


View Profile
« Reply #13 on: October 22, 2009, 06:01:08 PM »
Quote from: dalepearson on September 28, 2009, 04:02:08 AM
Andrew nice review and thanks for taking the time.
I guess what I am wondering, and not sure if its clear from the review is the following: Alot of the content you mention is available on the interubes, opensource goodness. Granted the book pulls it together but it is worth it for the security professional? I am kinda thinking not?

I guess as you hint to, this book is for someone new coming to the field.

Good review, not sure if I will be buying (perhaps I can borrow your copy, lol)
What training program out there doesn't include lots of open source  tools,etc... that you find easily on the net?  Its really about how the material is presented and made accessible to those new to the subject.  Good job on the review and thanks for the effort.
Logged
impelse
Hero Member
*****
Offline Offline

Posts: 565


View Profile WWW
« Reply #14 on: October 22, 2009, 10:12:43 PM »
It's a good book, it help you to see the penetration testing from the business perspective like the project manager and from the penentration tester. I like one part when said about how the engineer conentrate to much in one part that forget that he has limited time to complete the job, jajajaja. Remember, most of the time the charge by time.
Logged
CCNA, Security+, 70-290, 70-291
CCNA Security
Taking Hackingdojo training

Website: http://blog.thehost1.com/
Pages: [1] 2   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.089 seconds with 24 queries.
 
Exclusive Deal

sansfire13_245x90_cw90.jpg
SANSFIRE 2013
June 15 - 22

5% Off w/ Code: EHN_5

SANS Deals 4 EH-Netters
5% OFF Any SANS Course in Any Format!
Coupon Code: EHN_5 Including SANS Rocky Mountain 2013 & SANS Boston 2013
Polls
Compared to this year, 2013 will be:
 
Recent Forum Topics
EH-Net News Feeds
Latest Additions
 
         
Advertisement

© 2013 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.