.

[Article]-Book Review: Professional Penetration Testing

<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Fri Sep 25, 2009 3:11 pm

[Article]-Book Review: Professional Penetration Testing

Here's another grand experiemnt. Ask a member who is actively involved in a discussion on a new book to continue that debate with a review of the book itself. IMHO, it turned out quite well. We may just have to try it again. Thanks Andrew.

Permanent link: [Article]-Book Review: Professional Penetration Testing


EH-Net Exclusive - Free Download of Chapter 4: Setting Up Your Lab 

Review by Andrew Waite, EH-Net Member, InfoSanity.co.uk

When I first heard about Thomas Wilhelm's new book in my Twitter feed, the title immediately caught my attention, 'Professional Penetration Testing: Creating and Operating a Formal Hacking Lab.' As I'm currently trying to build up my own training and testing environment, this tome promised to provide answers to all my questions. A quick Google search to learn more and a useful discussion right here in the EH-Net Forums left me surprised that the release of the book had managed to slip underneath my radar. So when offered a chance to get my hands on the material and provide a review for those that had similarly managed to miss the release, I jumped at the chance.

The unique selling point of this resource over potential alternatives if best highlighted by the author's own foreword, “This book is a divergence from most books as it discusses professional penetration testing from conception to completion. Rather than focusing solely on information system vulnerability identification and exploitation, by the end of this book we will have examined all aspects of a professional penetration test, including project management, organizational structures, team building, career development, metrics, reporting, test-data archival methods, risk management, and training...in addition to... information gathering, vulnerability identification, vulnerability exploitation, privilege escalation, maintaining access, and covering our tracks.”

OK... now I'm totally hooked. Let's see if Mr. Wilhelm can reel me in.



Let us know what you think of the review and also your thoughts on the book itself.

Don
CISSP, MCSE, CSTA, Security+ SME
<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Fri Sep 25, 2009 5:49 pm

Re: [Article]-Book Review: Professional Penetration Testing

BTW - Thomas Wilhelm will be on PaulDotCom tonight:

http://www.pauldotcom.com/wiki/index.php/Episode169

Don
CISSP, MCSE, CSTA, Security+ SME
<<

Ketchup

User avatar

Hero Member
Hero Member

Posts: 1021

Joined: Fri Jul 04, 2008 7:44 pm

Location: Philadelphia, PA

Post Fri Sep 25, 2009 11:30 pm

Re: [Article]-Book Review: Professional Penetration Testing

Very nice!  I may have to pick up a copy of the book, although I am very behind in my reading.
~~~~~~~~~~~~~~
Ketchup
<<

ethicalhack3r

Full Member
Full Member

Posts: 139

Joined: Fri Nov 28, 2008 11:29 am

Post Sat Sep 26, 2009 5:57 am

Re: [Article]-Book Review: Professional Penetration Testing

Great review Andrew. Will have to add this one to my 'to buy' list.  :)
<<

RoleReversal

User avatar

Hero Member
Hero Member

Posts: 928

Joined: Fri Jan 04, 2008 8:54 am

Location: UK

Post Sat Sep 26, 2009 7:46 am

Re: [Article]-Book Review: Professional Penetration Testing

Hope you all like the review.

This is my first book review, feedback (good & bad) would be appreciated.
<<

rvs

Jr. Member
Jr. Member

Posts: 94

Joined: Wed Jan 28, 2009 9:40 pm

Post Sat Sep 26, 2009 7:06 pm

Re: [Article]-Book Review: Professional Penetration Testing

guys, where is chapter 4 free download ??? :p
<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Sat Sep 26, 2009 7:55 pm

Re: [Article]-Book Review: Professional Penetration Testing

Click on the permanent link to the review article, and you can't miss it.  :o

Our little way of getting people to at least look at the review. Small price to pay for the free chapter.  ;)

Don
CISSP, MCSE, CSTA, Security+ SME
<<

UNIX

User avatar

Hero Member
Hero Member

Posts: 1244

Joined: Mon Apr 28, 2008 9:20 am

Post Sun Sep 27, 2009 2:38 pm

Re: [Article]-Book Review: Professional Penetration Testing

Thanks for the review. Will probably order a copy of it as well.
<<

dalepearson

Sr. Member
Sr. Member

Posts: 357

Joined: Thu Nov 09, 2006 10:03 am

Post Mon Sep 28, 2009 4:02 am

Re: [Article]-Book Review: Professional Penetration Testing

Andrew nice review and thanks for taking the time.
I guess what I am wondering, and not sure if its clear from the review is the following: Alot of the content you mention is available on the interubes, opensource goodness. Granted the book pulls it together but it is worth it for the security professional? I am kinda thinking not?

I guess as you hint to, this book is for someone new coming to the field.

Good review, not sure if I will be buying (perhaps I can borrow your copy, lol)
<<

RoleReversal

User avatar

Hero Member
Hero Member

Posts: 928

Joined: Fri Jan 04, 2008 8:54 am

Location: UK

Post Mon Sep 28, 2009 4:42 am

Re: [Article]-Book Review: Professional Penetration Testing

Good question, and one I was hoping wouldn't be asked.

I think the book could easily become the de-facto standard for those entering the field and wantin to get their hands dirty. Not only does it do a good job of explaining the basics, the courseware videos help drive the topics home and the focus of a hands on approach with exercises in a virtual lab will help anyone get hands experience with the tools.

But as you state, most of the tools and resources are freely available, with some good levels of documentation and tutorials available. On a technical side you may be able to cover all the material without additional expense, but if you learn like me you'll be able to pick the material up quicker and with more focus with a good resource to help guide you. You need to weigh up the cost of the book against the value of the additional time you may need to go it alone.

The project management and professional aspect (IMHO) is what really helps the book stand out from the crowd. Depending what you want out of the material the book could be useful to professionals at any stage providing you have a good understanding of what the book is and isn't. False (self perpetuated) expectations are what lead to my initial disappointment, hopefully the review will help avoid others having the same experience.

Bottom line though, I think the book is a good addition to my bookcase.
<<

jason

User avatar

Hero Member
Hero Member

Posts: 1013

Joined: Sat Jun 21, 2008 6:23 pm

Location: USA

Post Mon Oct 12, 2009 10:48 am

Re: [Article]-Book Review: Professional Penetration Testing

Cool to see this getting some attention. Thom is in my local ISSA chapter :)
<<

timmedin

User avatar

Sr. Member
Sr. Member

Posts: 469

Joined: Thu Feb 05, 2009 11:18 pm

Post Wed Oct 14, 2009 10:36 pm

Re: [Article]-Book Review: Professional Penetration Testing

don wrote:BTW - Thomas Wilhelm will be on PaulDotCom tonight:

http://www.pauldotcom.com/wiki/index.php/Episode169

Don


The book didn't sound that interesting but the interview on PaulDotCom really piqued my interest. I've got it on my to-buy list.

Don, can you provide a link to Amazon or wherever that will give affiliate credit to EH.net?
twitter.com/timmedin | http://blog.securitywhole.com
<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Thu Oct 15, 2009 10:06 am

Re: [Article]-Book Review: Professional Penetration Testing

Sure thing. Use THIS LINK.

BTW - All book reviews have that picture of the book with the price, author, etc. It is linked to my affiliate account, so click away. And thanks for asking. Every little bit helps. Now if we could just get everyone to also use the other links for things like SANS training & CBT Nuggets.  ;)

Don
CISSP, MCSE, CSTA, Security+ SME
<<

Kev

Sr. Member
Sr. Member

Posts: 428

Joined: Sat Sep 29, 2007 12:26 pm

Post Thu Oct 22, 2009 6:01 pm

Re: [Article]-Book Review: Professional Penetration Testing

dalepearson wrote:Andrew nice review and thanks for taking the time.
I guess what I am wondering, and not sure if its clear from the review is the following: Alot of the content you mention is available on the interubes, opensource goodness. Granted the book pulls it together but it is worth it for the security professional? I am kinda thinking not?

I guess as you hint to, this book is for someone new coming to the field.

Good review, not sure if I will be buying (perhaps I can borrow your copy, lol)

What training program out there doesn't include lots of open source  tools,etc... that you find easily on the net?  Its really about how the material is presented and made accessible to those new to the subject.  Good job on the review and thanks for the effort.
<<

impelse

Hero Member
Hero Member

Posts: 585

Joined: Mon Feb 16, 2009 3:40 pm

Post Thu Oct 22, 2009 10:12 pm

Re: [Article]-Book Review: Professional Penetration Testing

It's a good book, it help you to see the penetration testing from the business perspective like the project manager and from the penentration tester. I like one part when said about how the engineer conentrate to much in one part that forget that he has limited time to complete the job, jajajaja. Remember, most of the time the charge by time.
CCNA, Security+, 70-290, 70-291
CCNA Security
Taking Hackingdojo training

Website: http://blog.thehost1.com/
Next

Return to Book Reviews

Who is online

Users browsing this forum: No registered users and 0 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software