Gandhiprima.info|Astaga.com lifestyle on the net | Best Ebook Hacking | Best Blogging Tips | Making Money Online | Best Affiliates | Internet Marketing

I have been a system administrator for several companies and needed a good way to mirror the networks that I am using to find the security holes in them. The virtualization that is explained and the methodology is wonderful for this. As the author explains, a lot of times you don’t or can’t test things out on a “live” network, this is one of the better ways to find out where many of the flaws are and correct them. The CD that comes with the book is more than worth the price of the book. It has many of the scenarios and exercises that will help you to understand more about pen testing.
Rating: 5 / 5

I’m a Systems Administrator that has been in the business for a little over 10 years. I’ve been looking for a change of pace and realized that I am married to IT. So I decided to research the Information Systems Security field a bit more. One of the things I wanted to learn more about was how hackers make there way into a network. Found this book on the Ethical Hacker website and the author was nice enough to allow them to host a chapter of the book. I’m about half way through the book and finding it an enjoyable read. The author spends more time focusing on the project cycle of a penetration test rather than how to use the tools. This is great because learning to use the tools can be done with a few google searches. I would highly recommend this book for seasoned IT pros that are thinking about getting into the ISS field.
Rating: 5 / 5

I had fairly high hopes for Professional Penetration Testing (PPT). The book looks very well organized, and it is published in the new Syngress style that is a big improvement over previous years. Unfortunately, PPT should be called “Professional Pen Testing Project Management.” The vast majority of this book is about non-technical aspects of pen testing, with the remainder being the briefest overview of a few tools and techniques. You might find this book useful if you either 1) know nothing about the field or 2) are a pen testing project manager who wants to better understand how to manage projects. Those looking for technical content would clearly enjoy a book like Professional Pen Testing for Web Applications by Andres Andreu, even though that book is 3 years older and focused on Web apps.

PPT offers 18 chapters, with 12 chapters on project management and non-technical issues, and 6 ostensibly covering technical issues. The technical material is limited to the basics of conducting reconnaissance, running Nmap, Nessus, CORE IMPACT, Ettercap, Aircrack-ng, Netcat for “maintaining access,” SSH for an “encrypted tunnel,” and trivial file and script changes to “cover tracks.” Seriously. I’m sure some review readers are saying “sometimes it’s just that easy.” That’s true, but we don’t need a 528 page book with an outrageous price tag to read about these well-known methods. If your experience with pen testing is limited to this book, take a look at Andres Andreu’s title to see the sort of material you should expect in a book on pen testing.

I didn’t find the project management parts all that helpful, either. Some of it just repeats material published in various guides like the Open Source Security Testing Methodology Manual. Other sections repeat certification descriptions found on vendor Web sites. It is clear the author really cares about project management, so maybe he should have just written a book on project management for security managers?

I gave the book three stars because I didn’t find the book to be technically or managerially incorrect. (If that had been the case, I would have rated it two stars.) If you want much better coverage on technical matters not found in Andreu’s book, try the core Hacking Exposed titles. They address the same topics that PPT barely introduces.
Rating: 3 / 5