Penetration Testing For Dummies. Robert Shimonski
Читать онлайн книгу.security pros know about them (and can fix or monitor them) before the hackers do.
For this book, I use a Windows workstation and where I must, I use Linux tools run from a virtual machine. I have chosen this because this is where many beginners are likely to start their pen testing journey. For this book, you can use any current supported version of Windows (Windows 7 and above) on a device that has a network connection (wired and wireless).
A highly experienced pen tester will likely use a native Linux system like Ubuntu (as an example), but you do not need to use it now.
If you are using Linux or Apple, you can follow the same steps throughout the book with a few modifications here and there.
Foolish Assumptions
As I was writing this book, I assumed you work in IT and want to transition to security. It is the go-to book for those who have some IT experience but desire more knowledge of how to gather intelligence on a target, learn the steps for mapping out a test, and discover best practices for analyzing, solving, and reporting on vulnerabilities.
You might have an entry-level or junior position, or you might be a manager or director, with more experience but coming from a different area of expertise. Either way, you want to know more about how pen testing fits into the big picture. As such, you’ll find that I explain even simple concepts to clarify things in the context of penetration testing and overall security.
Icons Used in This Book
Throughout the book, I use various icons to draw your attention to specific information. Here’s a list of those icons and what they mean.
This icon highlights pointers where I provide an easier way of doing something or info that can save you time. This icon points to content you definitely don’t want to miss, so be sure to read whatever’s next to it.
When you see this icon, you know it’s next to information to keep in mind — or something I’ve discussed elsewhere, and I’m reminding you of it. It’s often advice to help keep you out of trouble.
Pay close attention to this icon, which I use to point out pitfalls to avoid or where doing something (or not doing something) could land you in legal trouble (like pen testing something you don’t have permission to test).
Sometimes I provide particularly sticky details about an issue, which can get technical and which may not be of interest (or help). You could ignore any text marked with this icon, and you won’t miss it a whit.
What You’re Not to Read
This book is written so you aren’t required to read it beginning to end. If you’re familiar with the basics of penetration testing, for example, you can probably skip the first part. You can skip Part 2 if you feel you have a pretty good handle on attack types and various pen testing tools. Technical Stuff icons are truly technical pieces of information that I file under “nice to know” — skip those, as well, if you’re looking for need-to-know content only.
Where to Go from Here
If you’re truly new to the world of penetration testing, I recommend you begin with Chapter 1 and read from there. Readers with a grasp on pen testing fundamentals — what it is, the role of the pen tester, types of hackers, types of attacks, and so on — but who want to hone their testing and/or reporting skills, for example, can go straight to Parts 3 and 4, respectively.
Looking for information about a particular tool or attack? Use the Table of Contents or Index to find where I cover that thing and go straight to that discussion. More advanced readers might want to read only those sections that cover any area they need to bone up on.
Of course, I recommend Chapters 15 and 16 for everyone because continual learning is so important to becoming and remaining an excellent pen tester.
You can also find more pen testing topics on the book’s cheat sheet, such as pen testing terminology and specific certifications you’ll find useful in your career. Go to dummies.com
and search for “Pen Testing For Dummies cheat sheet” to find it.
The more you study, read, and work in the field, the more you’ll learn as your journey continues. It can be something you eventually have a really good understanding of … but by that time, the technology will have changed many times! As a journey of lifelong learning and study that can be very rewarding and exciting as you progress, becoming a pen tester is a true commitment.
Part 1
Getting Started with Pen Testing
IN THIS PART …
Dive into the world of pen testing by exploring the skills and certifications necessary to get started.
Learn what kind of hackers there are, what goals you’ll have as a pen tester, and the basics of scan maintenance.
Build your pen testing toolkit.
Chapter 1
Understanding the Role Pen Testers Play in Security
IN THIS CHAPTER
Exploring pen testing positions
Discovering what tests and certs you need for pen testing
Understanding what skills are necessary for pen testing
Considering cybercrime
Doing your first pen test
Penetration (or pen, for short) testing is one of the hottest up and coming skills any IT professional needs to have. As more and more technology takes over our world, the need to ensure it’s safe and secure is at the forefront. Companies are actively looking for professionals with a background in IT security and the ability to do penetration testing.
As a pen tester, you need a solid understanding of how an attacker can access your systems and how they can conduct attacks. Not to fear, I walk you through these attacks and the mind of the hacker. You have to truly think like a hacker to be a good pen tester, which is why pen testers are called white