[Article]-Book Review: Coding for Penetration Testers

[don]

Here's a look into a book by 2 long-time friends & now both of them are EH-Net Columnists. How lucky am I?

The guy doing the review ain't no slouch either!

Let us know what you think of the reviews, the book itself if you've read it and any of the participants in this book review.

Permanent link:[Article]-Book Review: Coding for Penetration Testers

Review by Andrew Johnson CISSP, GPEN, eCPPT, OSWP et al

With a title as ambitious as Coding for Penetration Testers, it's important to set expectations properly at the onset. In this context, coding is synonymous with scripting, and the content primarily focuses on Bash Scripting, Python, PERL, Ruby, PHP, SQL, PowerShell, and scripting related to various scanners such as Nmap and Nessus. Compiled languages such as Assembly, Java, and the C variants are not within the content’s scope.

This Syngress published book by EH-Net Columnists Jason Andress and Ryan Linn strives to remove the mystery surrounding the development of security tools and scripts by presenting dozens of easy-to-follow examples. The ultimate goal is to alleviate the reliance on pre-built security tools and create more versatile and effective penetration testers. With this resource, readers will gain the knowledge to start such a journey that will likely have numerous, “That’s all there is to it!?” epiphanies as they progress through the book.

Don

[jason]

Thanks to Andrew and Don for the great review. Doing a coding book was a first for Ryan and I and it's definitely a different sort of animal. I really hope you all enjoy it and find it useful.

We're aware of the case problems in some of the code and there are definitely a couple places where this causes issues. These were introduced at the last minute by the person formatting the book (grrrrr). I'll get with Ryan and see if we can cook up an errata doc and get it online.

For anyone here that wants a soft copy of the code, let me know and we'll get a package put together and send it out. I'll put that up online also, but folks here will get the first crack at it.   

[chrisj]

I've still got to read that. I'm a little disappointed there was no C/C++ or Assembler primer. Since I need help on those for the ElearnSec class. But still happy I have a copy. Maybe I'll get to read it soon, like around October.

[apollo]

I've still got to read that. I'm a little disappointed there was no C/C++ or Assembler primer. Since I need help on those for the ElearnSec class. But still happy I have a copy. Maybe I'll get to read it soon, like around October.

What sort of things would you like to see with c/c++/asm ?  I'm pretty sure we can build a whole 'nother book out of that.  The only things that I've been using c/c++ for lately are for network tools that require serious speed (ettercap/skipfish).  For asm, I can see some of that for exploit dev and for some minor speed enhancements, but would be curious how deep for something like that you'd like to see.  Assembly is one that we'd have to really have targeted, as what you want to do with it is kind of important.  Especially if it's exploit dev, there would have to be coverage of ROP and some of the other more complex aspects. 

Hopefully when you get some time you can give the scripting a go, and let us know if theres other stuff that people would like to see in there.

Thanks,
Ryan

[sil]

What sort of things would you like to see with c/c++/asm ?  I'm pretty sure we can build a whole 'nother book out of that.  The only things that I've been using c/c++ for lately are for network tools that require serious speed (ettercap/skipfish). 

Skipfish is a brute if I ever saw one. As for the book, haven't read it yet so I can't comment but judging from the review, I may pick it up some time. Now as for what I would want to see in these types of books, differs from what many would want to see.

Assembly as a whole is a huge monster to cover let alone getting into the dissection, disassembly and debugging of it. I would want a book that goes more in depth on the frameworking of exploitation. Not: "look at the cool NOP sledding!" Something that blankets protections (ASLR/DEP/SEH/etc) which again, would likely be three books.

Have you guys thought about doing something like an interactive eBook online? Think about that. Chapter based book, where via subscription, one learns and performs samples via the web. Perhaps with audio/video walkthroughs. Would be akin to a challenge in the sense that in order for someone to get to the next chapter, they'd have to finish and fully understand the chapter they're on. You could price it the cost of a book for 6mos of access while the reader not only goes through walkthroughs, but can watch a video/hear an audio description of what you're talking about. Something like this has not been done from all I have seen. Would be cool for ADHD/ADD driven security slackers such as myself.

[jason]

Interesting idea sil. I'll have to cogitate on that...

[Cyber.spirit]

Thanks its interesting i put it to my books list