hacking, web application security

Review: The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy


Note: I have not finished the entire book, I have one more chapter to go (last chapter), so I will probably have to modify this post.

I found this book to be very informative. I learned a lot of information, about penetration testing and hacking that I did not know before. This book gives a very high level overview of penetration testing, and leaves a section at each chapter that tells readers where to go if they want to research a topic further.

While I liked the book, I felt that it was incomplete. The author did a good job of explaning the concepts, but I felt that there should be a more practical lab that goes along with the teachings. In the book, the authors uses a basic lab set-up from Backtrack (I will discuss this further in another post), and have users follow along with very short examples. I also was bogged down with the different tools that the author used. It seemed that some tools could have been left out.

How the book is laid out:

Chapter 1: What is Penetration Testing? This chapter talks about what is penetration testing, the difference between a black and white hacker, the four phases of penetration testing* (Reconnaissance, Scanning port and vulnerability, Exploitation, and Maintaining Access), and how to set up a hacking lab using Backtrack and a virtual machine.

Chapter 2: Reconnaissance, this is by far the meat and potatoes of the entire book. The author goes into great detail in this chapter, since this is the most important. Reconnaissance is the information gathering of your target. This chapter gives different tools that can be used to gather information. I will list some of the tools that I found interesting

Google directives: Google directives lets you drastically narrow your search of your target. I found this tool to be rather cool because it gives you for the most part pertinent information on your target.