book

Hacking For Dummies, 7th Edition

Name: Hacking For Dummies, 7th Edition
Author: Kevin Beaver
ISBN: 9781119872191

by Kevin Beaver

April 2022

Beginner

416 pages

10h 10m

English

For Dummies

Read now

Unlock full access

Cover
Title Page
Copyright
Introduction
About This BookFoolish AssumptionsIcons Used in This BookBeyond the BookWhere to Go from Here
Part 1: Building the Foundation for Security Testing
Chapter 1: Introduction to Vulnerability and Penetration Testing
Straightening Out the TerminologyRecognizing How Malicious Attackers Beget Ethical HackersUnderstanding the Need to Hack Your Own SystemsUnderstanding the Dangers Your Systems FaceFollowing the Security Assessment PrinciplesUsing the Vulnerability and Penetration Testing Process
Chapter 2: Cracking the Hacker Mindset
What You’re Up AgainstWho Breaks into Computer SystemsWhy They Do ItPlanning and Performing AttacksMaintaining Anonymity
Chapter 3: Developing Your Security Testing Plan
Establishing Your GoalsDetermining Which Systems to TestCreating Testing StandardsSelecting Security Assessment Tools
Chapter 4: Hacking Methodology
Setting the Stage for TestingSeeing What Others SeeScanning SystemsDetermining What’s Running on Open PortsAssessing VulnerabilitiesPenetrating the System
Part 2: Putting Security Testing in Motion
Chapter 5: Information Gathering
Gathering Public InformationMapping the Network

Chapter 6: Social Engineering
Introducing Social EngineeringStarting Your Social Engineering TestsKnowing Why Attackers Use Social EngineeringUnderstanding the ImplicationsPerforming Social Engineering AttacksSocial Engineering Countermeasures
Chapter 7: Physical Security
Identifying Basic Physical Security VulnerabilitiesPinpointing Physical Vulnerabilities in Your Office
Chapter 8: Passwords
Understanding Password VulnerabilitiesCracking PasswordsGeneral Password Cracking CountermeasuresSecuring Operating Systems
Part 3: Hacking Network Hosts
Chapter 9: Network Infrastructure Systems
Understanding Network Infrastructure VulnerabilitiesChoosing ToolsScanning, Poking, and Prodding the NetworkDetecting Common Router, Switch, and Firewall WeaknessesPutting Up General Network Defenses
Chapter 10: Wireless Networks
Understanding the Implications of Wireless Network VulnerabilitiesChoosing Your ToolsDiscovering Wireless NetworksDiscovering Wireless Network Attacks and Taking Countermeasures
Chapter 11: Mobile Devices
Sizing Up Mobile VulnerabilitiesCracking Laptop PasswordsCracking Phones and Tablets
Part 4: Hacking Operating Systems
Chapter 12: Windows
Introducing Windows VulnerabilitiesChoosing ToolsGathering Information About Your Windows VulnerabilitiesDetecting Null SessionsChecking Share PermissionsExploiting Missing PatchesRunning Authenticated Scans
Chapter 13: Linux and macOS
Understanding Linux VulnerabilitiesChoosing ToolsGathering Information About Your System VulnerabilitiesFinding Unneeded and Unsecured ServicesSecuring the .rhosts and hosts.equiv FilesAssessing the Security of NFSChecking File PermissionsFinding Buffer Overflow VulnerabilitiesChecking Physical SecurityPerforming General Security TestsPatching
Part 5: Hacking Applications
Chapter 14: Communication and Messaging Systems
Introducing Messaging System VulnerabilitiesRecognizing and Countering Email AttacksUnderstanding VoIP
Chapter 15: Web Applications and Mobile Apps
Choosing Your Web Security Testing ToolsSeeking Out Web VulnerabilitiesMinimizing Web Security RisksUncovering Mobile App Flaws
Chapter 16: Databases and Storage Systems
Diving Into DatabasesFollowing Best Practices for Minimizing Database Security RisksOpening Up About Storage SystemsFollowing Best Practices for Minimizing Storage Security Risks
Part 6: Security Testing Aftermath
Chapter 17: Reporting Your Results
Pulling the Results TogetherPrioritizing VulnerabilitiesCreating Reports
Chapter 18: Plugging Your Security Holes
Turning Your Reports into ActionPatching for PerfectionHardening Your SystemsAssessing Your Security Infrastructure
Chapter 19: Managing Security Processes
Automating the Security Assessment ProcessMonitoring Malicious UseOutsourcing Security AssessmentsInstilling a Security-Aware MindsetKeeping Up with Other Security Efforts
Part 7: The Part of Tens
Chapter 20: Ten Tips for Getting Security Buy-In
Cultivate an Ally and a SponsorDon’t Be a FUDdy-DuddyDemonstrate That the Organization Can’t Afford to Be HackedOutline the General Benefits of Security TestingShow How Security Testing Specifically Helps the OrganizationGet Involved in the BusinessEstablish Your CredibilitySpeak on Management’s LevelShow Value in Your EffortsBe Flexible and Adaptable
Chapter 21: Ten Reasons Hacking Is the Only Effective Way to Test
The Bad Guys Think Bad Thoughts, Use Good Tools, and Develop New MethodsIT Governance and Compliance Are More Than High-Level AuditsVulnerability and Penetration Testing Complements Audits and Security EvaluationsCustomers and Partners Will Ask How Secure Your Systems AreThe Law of Averages Works Against BusinessesSecurity Assessments Improve Understanding of Business ThreatsIf a Breach Occurs, You Have Something to Fall Back OnIn-Depth Testing Brings Out the Worst in Your SystemsCombined Vulnerability and Penetration Testing Is What You NeedProper Testing Can Uncover Overlooked Weaknesses
Chapter 22: Ten Deadly Mistakes
Not Getting ApprovalAssuming That You Can Find All VulnerabilitiesAssuming That You Can Eliminate All VulnerabilitiesPerforming Tests Only OnceThinking That You Know It AllRunning Your Tests Without Looking at Things from a Hacker’s ViewpointNot Testing the Right SystemsNot Using the Right ToolsPounding Production Systems at the Wrong TimeOutsourcing Testing and Not Staying Involved
Appendix: Tools and Resources
BluetoothCertificationsDatabasesDenial of Service (DoS) ProtectionExploitsFirewall Rulebase AnalyzersGeneral Research and OSINT ToolsHacker and Security Testing PublicationsInternet of ThingsKeyloggersLaws and RegulationsLinuxLive ToolkitsLog AnalysisMessagingMiscellaneousMobileNetworksPassword CrackingPatch ManagementSecurity Education and Learning ResourcesSecurity FrameworksSecurity Reports and StatisticsSocial Engineering and PhishingSource Code AnalysisStorageUser Awareness and TrainingVoice over Internet ProtocolVulnerability DatabasesWebsites and ApplicationsWindowsWireless Networks
Index
About the Author
Advertisement Page
Connect with Dummies
End User License Agreement

Content preview from Hacking For Dummies, 7th Edition

Chapter 22

Ten Deadly Mistakes

Making the wrong choices in your security testing can wreak havoc on your work and possibly even your career. In this chapter, I discuss ten potential pitfalls to be keenly aware of when performing your security assessment work.

Not Getting Approval

Getting documented approval in advance, such as an email, an internal memo, or a formal contract for your security testing efforts — whether it’s from management or your client — is a must. Outside of laws on the books that might affect your testing, it’s your “Get Out of Jail Free” card.

Allow no exceptions — especially when you’re doing work for clients. Make sure to get a signed copy of this document for your files to ensure that you’re protected.

Assuming That You Can Find All Vulnerabilities

So many security vulnerabilities exist — known and unknown — that you won’t find them all during your testing. Don’t make any guarantees that you’ll find all the security vulnerabilities in a system. You’ll be starting something that you can’t finish.

Stick to the following tenets:

Be realistic.
Use good tools.
Get to know your systems and practice honing your techniques.
Improve over time.

I cover these rules in various ways in chapters 5 through 16.

Assuming That You Can Eliminate All Vulnerabilities

When it comes to networks, computers, and applications, ironclad security isn’t attainable. You can’t ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Ethical Hacking: Techniques, Tools, and Countermeasures, 4th Edition

Publisher Resources

ISBN: 9781119872191Purchase Link

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business