What is Penetration Testing?
The Basics of Hacking and Penetration Testing serves as an introduction to the steps
required to complete a penetration test or perform an ethical hack. You learn how to properly
utilize and interpret the results of modern day hacking tools; which are required to complete
a penetration test. Tool coverage will include, Backtrack Linux, Google, Whois, Nmap, Nessus,
Metasploit, Netcat, Netbus, and more.
A simple and clean explanation of how to utilize these tools will allow you to gain a
solid understanding of each of the four phases and prepare them to take on more in-depth texts
and topics. This book includes the use of a single example (pen test target) all the way
through the book which allows you to clearly see how the tools and phases relate.
o Each chapter contains hands-on examples and exercises that are designed to teach you
how to interpret the results and utilize those results in later phases.
o Writen by an author who works in the field as a Penetration Tester and who teaches
Offensive Security, Penetration Testing, and Ethical Hacking, and Exploitation classes at
Dakota State University.
o Utilizes the Backtrack Linus distribution and focuses on the seminal tools required to
complete a penetration test.
Reader Ken R. Pence of Nashville, TN says,"This is an excellent starter book for white-hat
hackers. It is a good "how-to" intro into using Backtrack linux and the freeware and open source
tools for penetration testing that come with it. Discusses how to set up your own sandbox for
practice and how to avoid a lot of legal entanglements. This should be required reading for
anyone getting into penetration testing - it does not show you how to avoid detection (except
peripherally). Buy it."
Penetration testing can be defined as a legal and authorized attempt to locate and successfully
exploit computer systems for the purpose of making those systems more secure. The process includes
probing for vulnerabilities as well as providing proof of concept (POC) attacks to demonstrate
the vulnerabilities are real. Proper penetration testing always ends with specific recommendations
for addressing and fixing the issues that were discovered during the test. On the whole, this
process is used to help secure computers and networks against future attackers.
Penetration testing is also known as:
o Pen Testing
o Ethical Hacking
o White Hat Hacking
It is important to spend a few moments discussing the difference between penetration
testing and vulnerability assessment. Many people (and vendors) in the security community
incorrectly use these terms interchangeably. A vulnerability assessment is the process of
reviewing services and systems for potential security issues, whereas a penetration
test performs exploitation and POC attacks to prove that a security issue exists. Penetration
tests go a step beyond vulnerability assessments by simulating hacker activity and delivering
live payloads. In this book, we will cover the process of vulnerability assessment as one of
the steps utilized to complete a penetration test.