I have been looking for a book to offer a general framework and pathway for identifying the basic fundamentals of pen testing. Admittedly, the length of the book (180 pages) made me question whether it would be possible to condense the material in a concise enough way to provide optimal value, or if it would prove to be skimming material that was a waste of money and time. I am overly satisfied with the book as it thoroughly explains the foundations of pen testing in a very enjoyable format. The author spent adequate time on all of the chapters, and reminds the reader to be sure to spend time on each of the topics in order to gain a true understanding of the topic. The tools mentioned in the book are vendor agnostic and should be a part of any pen testers arsenal. The SDLC of the pen test framework in this book is broken into four steps: Reconnaissance, Scanning Exploitation, & Maintaining Access. The author breaks down each phase with an explanation as to the importance of each phase, as well as specific tools and examples to use during each phase. He does a good job of emphasizing that penetration testing is more than just exploitation and using automated, script kiddie techniques. He accentuates that the recon & scanning phases provide great value to a pen tester breaking into the industry, explaining that good pen testers do more than push buttons in a pre-built tool. Though constantly overlooked, the final chapter focuses on the importance of customer service and reporting structures. A solid outline is given on how to identify customer needs and explain the remedy for their current findings. I am giving this title a 5-5 stars as it delivers exactly what is expected from the title.

I think the (short) length of it really made it accommodating as well as covering topics in just the right level of depth for a "back to basics" approach.

I'm reading through it right now. Splitting my time between it and  2 others. I'm still in the information gathering section and keep thinking how useless this is for what I bought it for. Just that section. Not the book as a whole.

I bought it to get a better idea of what kinds of attacks to use in a CTF, and things to look for. As for the info gathering section, I like the one in Hacking the Next Generation more. But for what the book is supposed to be (to get your feet wet), the section is ok.

I'm also not above admitting that I pulled the book out the other day to help a buddy. we were looking for a contact number for the hosting provider (Dream Host). While the book itself wasn't useful in that, it did give me an idea to do something that helped some. I found a large list of email and contact numbers.

I agree with the good reviews of this book. As a rookie to this security / pentesting game, it was a good book to point me in multiple new directions to expand my knowledge on my own. It was just enough to explain what it's all about without overloading on how. It's a good starting point.