Penetration testing : protecting networks and systems /
Henry, Kevin M.,
Penetration testing : protecting networks and systems / Kevin M. Henry. - Ely, Cambridgeshire, U.K. : IT Governance Pub., 2012. - 1 online resource
Includes bibliographical references.
Introduction; Chapter 1: Introduction to Penetration Testing; Case study; Security basics; Risk management; The threat environment; Overview of the steps to penetration testing; Penetration testing versus hacking; Benefits of penetration testing; Summary; Key learning points; Questions; Chapter 2: Preparing to Conduct a Penetration Test; Approval and scope; Planning; Summary; Questions; Chapter 3: Reconnaissance; The start of the test; Physical information gathering; Other data sources; Avoiding footprinting; Key learning points; Questions; Chapter 4: Active Reconnaissance and Enumeration. Port scanningCountermeasures to active reconnaissance; Key learning points; Questions; Chapter 5: Vulnerability Assessments; The attack vectors; References and sources of vulnerabilities; Using vulnerability assessment tools; PCI DSS requirements; Malicious code; Reporting on the vulnerability assessment; Key learning points; Questions; Chapter 6: Hacking Windows® and Unix; Having fun; Common hacking initiatives; Defeating data theft; Protecting against unauthorized access; Access controls; Actions of the attacker; Focus on UNIX/Linux; Advanced attacks; Source code review. Case study: Attack on a Chinese bankKey learning points; Questions; Chapter 7: Launching the Attack; Steps to an exploit; Attacking wireless networks; Pen testing wireless; Network sniffing; Firewalls; Intrusion detection and prevention systems (IDS/IPS); Key learning points; Questions; Chapter 8: Attacking Web Applications; The steps in attacking a web application; Questions; Chapter 9: Preparing the Report; Determining risk levels; Risk response; Report confidentiality; Delivering the report; Key learning points; Questions; Appendix 1: Linux; Appendix 2: Encryption; Concepts of cryptography. Appendix 3: Regulations and LegislationExamples of regulations and legislation; Protection of intellectual property; Appendix 4: Incident Management; Concepts of incident management; Additional Questions and Answers; Answers; References; ITG Resources.
This book is a preparation guide for the CPTE examination, yet is also a general reference for experienced penetration testers, ethical hackers, auditors, security personnel and anyone else involved in the security of an organization's computer systems.
9781849283724 (electronic bk.) 1849283729 (electronic bk.) 9781849283731 1849283737
CL0500000268 Safari Books Online 22573/ctt4k5k9s JSTOR
Penetration testing (Computer security)
Computer networks--Security measures.
Computer security--Evaluation.
Tests d'intrusion.
Réseaux d'ordinateurs--Sécurité--Mesures.
Sécurité informatique--Évaluation.
COMPUTERS--Internet--Security.
COMPUTERS--Networking--Security.
COMPUTERS--Security--General.
Computer networks--Security measures.
Computer security--Evaluation.
Penetration testing (Computer security)
Electronic books.
Electronic books.
TK5105.59 / .H46 2012eb
005.8
Penetration testing : protecting networks and systems / Kevin M. Henry. - Ely, Cambridgeshire, U.K. : IT Governance Pub., 2012. - 1 online resource
Includes bibliographical references.
Introduction; Chapter 1: Introduction to Penetration Testing; Case study; Security basics; Risk management; The threat environment; Overview of the steps to penetration testing; Penetration testing versus hacking; Benefits of penetration testing; Summary; Key learning points; Questions; Chapter 2: Preparing to Conduct a Penetration Test; Approval and scope; Planning; Summary; Questions; Chapter 3: Reconnaissance; The start of the test; Physical information gathering; Other data sources; Avoiding footprinting; Key learning points; Questions; Chapter 4: Active Reconnaissance and Enumeration. Port scanningCountermeasures to active reconnaissance; Key learning points; Questions; Chapter 5: Vulnerability Assessments; The attack vectors; References and sources of vulnerabilities; Using vulnerability assessment tools; PCI DSS requirements; Malicious code; Reporting on the vulnerability assessment; Key learning points; Questions; Chapter 6: Hacking Windows® and Unix; Having fun; Common hacking initiatives; Defeating data theft; Protecting against unauthorized access; Access controls; Actions of the attacker; Focus on UNIX/Linux; Advanced attacks; Source code review. Case study: Attack on a Chinese bankKey learning points; Questions; Chapter 7: Launching the Attack; Steps to an exploit; Attacking wireless networks; Pen testing wireless; Network sniffing; Firewalls; Intrusion detection and prevention systems (IDS/IPS); Key learning points; Questions; Chapter 8: Attacking Web Applications; The steps in attacking a web application; Questions; Chapter 9: Preparing the Report; Determining risk levels; Risk response; Report confidentiality; Delivering the report; Key learning points; Questions; Appendix 1: Linux; Appendix 2: Encryption; Concepts of cryptography. Appendix 3: Regulations and LegislationExamples of regulations and legislation; Protection of intellectual property; Appendix 4: Incident Management; Concepts of incident management; Additional Questions and Answers; Answers; References; ITG Resources.
This book is a preparation guide for the CPTE examination, yet is also a general reference for experienced penetration testers, ethical hackers, auditors, security personnel and anyone else involved in the security of an organization's computer systems.
9781849283724 (electronic bk.) 1849283729 (electronic bk.) 9781849283731 1849283737
CL0500000268 Safari Books Online 22573/ctt4k5k9s JSTOR
Penetration testing (Computer security)
Computer networks--Security measures.
Computer security--Evaluation.
Tests d'intrusion.
Réseaux d'ordinateurs--Sécurité--Mesures.
Sécurité informatique--Évaluation.
COMPUTERS--Internet--Security.
COMPUTERS--Networking--Security.
COMPUTERS--Security--General.
Computer networks--Security measures.
Computer security--Evaluation.
Penetration testing (Computer security)
Electronic books.
Electronic books.
TK5105.59 / .H46 2012eb
005.8