Penetration Testing For Dummies

Book description

Target, test, analyze, and report on security vulnerabilities with pen testing

Pen Testing is necessary for companies looking to target, test, analyze, and patch the security vulnerabilities from hackers attempting to break into and compromise their organizations data. It takes a person with hacking skills to look for the weaknesses that make an organization susceptible to hacking. 

Pen Testing For Dummies aims to equip IT enthusiasts at various levels with the basic knowledge of pen testing. It is the go-to book for those who have some IT experience but desire more knowledge of how to gather intelligence on a target, learn the steps for mapping out a test, and discover best practices for analyzing, solving, and reporting on vulnerabilities.

  • The different phases of a pen test from pre-engagement to completion
  • Threat modeling and understanding risk
  • When to apply vulnerability management vs penetration testing
  • Ways to keep your pen testing skills sharp, relevant, and at the top of the game


Get ready to gather intelligence, discover the steps for mapping out tests, and analyze and report results!

Table of contents

  1. Cover
  2. Introduction
    1. About This Book
    2. Foolish Assumptions
    3. Icons Used in This Book
    4. What You’re Not to Read
    5. Where to Go from Here
  3. Part 1: Getting Started with Pen Testing
    1. Chapter 1: Understanding the Role Pen Testers Play in Security
      1. Looking at Pen Testing Roles
      2. Getting Certified
      3. Gaining the Basic Skills to Pen Test
      4. Introducing Cybercrime
      5. What You Need to Get Started
      6. Deciding How and When to Pen Test
      7. Taking Your First Steps
    2. Chapter 2: An Overview Look at Pen Testing
      1. The Goals of Pen Testing
      2. Scanning Maintenance
      3. Hacker Agenda
      4. Doing Active Reconnaissance: How Hackers Gather Intelligence
    3. Chapter 3: Gathering Your Tools
      1. Considerations for Your Toolkit
      2. Nessus
      3. Wireshark
      4. Kali Linux
      5. Nmap
  4. Part 2: Understanding the Different Types of Pen Testing
    1. Chapter 4: Penetrate and Exploit
      1. Understanding Vectors and the Art of Hacking
      2. Examining Types of Penetration Attacks
      3. Cryptology and Encryption
      4. Using Metasploit Framework and Pro
    2. Chapter 5: Assumption (Man in the Middle)
      1. Toolkit Fundamentals
      2. Listening In to Collect Data
    3. Chapter 6: Overwhelm and Disrupt (DoS/DDoS)
      1. Toolkit Fundamentals
      2. Understanding Denial of Service (DoS) Attacks
      3. Buffer Overflow Attacks
      4. Fragmentation Attacks
      5. Smurf Attacks
      6. Tiny Packet Attacks
      7. Xmas Tree Attacks
    4. Chapter 7: Destroy (Malware)
      1. Toolkit Fundamentals
      2. Malware
      3. Ransomware
      4. Other Types of Destroy Attacks
    5. Chapter 8: Subvert (Controls Bypass)
      1. Toolkit Fundamentals
      2. Attack Vectors
      3. Phishing
      4. Spoofing
      5. Malware
  5. Part 3: Diving In: Preparations and Testing
    1. Chapter 9: Preparing for the Pen Test
      1. Handling the Preliminary Logistics
      2. Gathering Requirements
      3. Coming Up with a Plan
      4. Having a Backout Plan
    2. Chapter 10: Conducting a Penetration Test
      1. Attack!
      2. Looking at the Pen Test from Inside
      3. Documenting Your Every Move
      4. Other Capture Methods and Vectors
      5. Assessment
      6. Prevention
  6. Part 4: Creating a Pen Test Report
    1. Chapter 11: Reporting
      1. Structuring the Pen Test Report
      2. Creating a Professional and Accurate Report
      3. Delivering the Report: Report Out Fundamentals
      4. Updating the Risk Register
    2. Chapter 12: Making Recommendations
      1. Understanding Why Recommendations Are Necessary
      2. Seeing How Assessments Fit into Recommendations
      3. Networks
      4. Systems
      5. General Security Recommendations: All Systems
      6. More Recommendations
    3. Chapter 13: Retesting
      1. Looking at the Benefits of Retesting
      2. Understanding the Reiterative Nature of Pen Testing and Retesting
      3. Determining When to Retest
      4. Choosing What to Retest
      5. Running a Pen Retest
  7. Part 5: The Part of Tens
    1. Chapter 14: Top Ten Myths About Pen Testing
      1. All Forms of Ethical Hacking Are the Same
      2. We Can’t Afford a Pen Tester
      3. We Can’t Trust a Pen Tester
      4. We Don’t Trust the Tools
      5. Pen Tests Are Not Done Often
      6. Pen Tests Are Only for Technical Systems
      7. Contractors Can’t Make Great Pen Testers
      8. Pen Test Tool Kits Must Be Standardized
      9. Pen Testing Itself Is a Myth and Unneeded
      10. Pen Testers Know Enough and Don’t Need to Continue to Learn
    2. Chapter 15: Ten Tips to Refine Your Pen Testing Skills
      1. Continue Your Education
      2. Build Your Toolkit
      3. Think outside the Box
      4. Think Like a Hacker
      5. Get Involved
      6. Use a Lab
      7. Stay Informed
      8. Stay Ahead of New Technologies
      9. Build Your Reputation
      10. Learn about Physical Security
    3. Chapter 16: Ten Sites to Learn More About Pen Testing
      1. SANS Institute
      2. GIAC Certifications
      3. Software Engineering Institute
      4. (Assorted) Legal Penetration Sites
      5. Open Web Application Security Project
      6. Tenable
      7. Nmap
      8. Wireshark
      9. Dark Reading
      10. Offensive Security
  8. Index
  9. About the Author
  10. Advertisement Page
  11. Connect with Dummies
  12. End User License Agreement

Product information

  • Title: Penetration Testing For Dummies
  • Author(s): Robert Shimonski
  • Release date: May 2020
  • Publisher(s): For Dummies
  • ISBN: 9781119577485