Book Review: Hacking for Dummies 3rd Ed

| April 1, 2010

Review by Chris Jenks

Hacking for Dummies, an introduction to Ethical Hacking, is shallow enough for anyone first stepping into the field, but with tricks, tips and real-world experiences even the veteran penetration tester will find enlightening.

The book is considered to be a good introduction to the world of Ethical Hacking. Like all “for Dummies” books, the subject matter is explained in plain English instead of being filled with jargon and buzz words. That doesn’t mean a reader can walk in cold and learn to be an Ethical Hacker (a hacker who is hacking with prior written permission of the owner of the systems). In order to get a deeper understanding, the reader has to have a basic understanding of Networking, System Administration, and Applications. The reader doesn’t need to be an expert but really should have a firm grip on the basic concepts.

The current version of Hacking for Dummies is divided into 7 parts. If the reader is familiar with the subject the book doesn’t need to be read in order and can be used mostly as reference. However, if the reader is new to information security the best approach would be to read it in the order the book is laid out. Each chapter has a tendency to either refer back to something that was covered before, or refers forward to something covered in more detail ahead.

Active Image
Active Image del.icio.us

Discuss in Forums {mos_smf_discuss:Book Reviews}

After finishing Hacking for Dummies, I did feel like Mr. Beaver accomplished his goal of giving a foundation for Ethical Hacking. There were parts that felt slightly rushed or glossed over at times, but at 408 pages, the page count would have to have been tripled to cover everything in great depth. One of the beneficial things in the book was his tendency to give pointers of where to get more information.

I think the strengths of the book include the following. It delivers what it promises. That is it gives the reader a base understanding to start in Ethical Hacking. The book doesn’t claim to make you a superstar penetration tester over night. It points out that your job is to find the problems, confirm that they are problems, and then offer some pointers on how to fix the problems. Several times Mr. Beaver reminds the reader, even though you’re told how to exploit the problems you find, exploitation is not the goal.

Another strength is that Hacking for Dummies is mostly about theory and giving the reader an exposure to the tools of the trade. It’s up to the reader to continue his practice to gain skills in the field if she so chooses. Not all the software worked as advertised. There were times where things wouldn’t work, and time had to be spent researching why. While it took time away from reading the book, it helped to hone the research abilities, and caused what was learned to stick in the mind more. For example I couldn’t get John the Ripper to work on most of my Gnu/Linux boxes’ shadow password files, because most of them were in encryption formats that JTR can’t brute force in yet.

Lastly, the appendix, being a collection of the tools and resources, has to be the strongest feature of all. It takes almost every tool and resource sprinkled throughout the book and puts them in to one easy to digest section, which most readers will probably end up ear marking in some way for quick reference.

Of the weaknesses, I think the book spends to much time focused on commercial software. I felt that open source pentesting tools were overshadowed by having more time spent on commercial tools with bells and whistles. Not every person reading the book will have the money to afford the commercial based tools, especially when they are first starting out. Some of the commercial vendors have provided stripped down free versions of their tools, but I didn’t have much luck running them. After all, I’m pretty sure my copy of BackTrack Linux isn’t running Exchange Server, like one of the trial softwares said.

Another problem I see is that the book will become outdated once again in a couple of years. While it has a strength in theory, it spends a lot of time looking at a small subset of tools without explaining how to find replacement tools as needed. A third problem was the book covered some outdated technologies. While they’re still in use, and a person needs to know how to test them, a common comment when co-workers looked at the back cover was “NetWare? Really?”

With all that being said, I do think that the book does what it set out to do: namely starting the reader on the path to Ethical Hacking, if they so desire. The previous editions have earned the right to have the book used as a starting point, and the third edition carries on that tradition. I think the book will see an increase in readership based on current trends within companies and governments looking into securing their systems more.

I think the types of readers who would find the book most useful are systems and network people who are interested in learning to find out if their systems really are secure. IT managers looking to help protect the company’s reputation and bottom line would also benefit. It’ll give them an idea of what a professional Penetration Test should provide them. Lastly, developers would get a better idea of what their components face in the section on web apps and databases. From my experiences, the programmers don’t think along the lines of security when writing the code.

My final words on this are to read the book if you want to learn. But before you do, build some kind of a lab, so you can follow along through the book, not just read what is being said, but learn by doing. My favorite parts were when things didn’t work, and I had to go find out why. I would have liked to have seen more tools treated like Metasploit and Cain & Able with in-depth walk through. But as I said earlier, if Mr. Beaver had done that, the book would have been a lot longer; this would have been at the expense of who the book was written for – people looking for introductory information on hacking.


Chris Jenks is currently the Senior Network Engineer for a publishing company specializing in educational materials. Most of his time at work is spent on maintaining the Linux systems, the multi-site network, and firewalls. Chris’ interest in ethical hacking started when the former Senior Engineer told him to start looking at the security logs, and suggested the CEH might be a good cert to go after (3 years later, and still need to start that). Mostly his interest is more along the network security and forensic sides then in penetration testing. When not at work, Chris prefers to spend his time reading, playing with his parrot, messing around with his motorcycle, trying to learn hobby electronics (must build beer serving robot) and studying the Korean martial art Tang Soo Do.

Category: Book Reviews

Comments are closed.