The Pentester BluePrint
John Wiley & Sons Inc (Verlag)
978-1-119-68430-5 (ISBN)
The Pentester BluePrint: Your Guide to Being a Pentester offers readers a chance to delve deeply into the world of the ethical, or "white-hat" hacker. Accomplished pentester and author Phillip L. Wylie and cybersecurity researcher Kim Crawley walk you through the basic and advanced topics necessary to understand how to make a career out of finding vulnerabilities in systems, networks, and applications.
You'll learn about the role of a penetration tester, what a pentest involves, and the prerequisite knowledge you'll need to start the educational journey of becoming a pentester. Discover how to develop a plan by assessing your current skillset and finding a starting place to begin growing your knowledge and skills. Finally, find out how to become employed as a pentester by using social media, networking strategies, and community involvement.
Perfect for IT workers and entry-level information security professionals, The Pentester BluePrint also belongs on the bookshelves of anyone seeking to transition to the exciting and in-demand field of penetration testing.
Written in a highly approachable and accessible style, The Pentester BluePrint avoids unnecessarily technical lingo in favor of concrete advice and practical strategies to help you get your start in pentesting. This book will teach you:
The foundations of pentesting, including basic IT skills like operating systems, networking, and security systems
The development of hacking skills and a hacker mindset
Where to find educational options, including college and university classes, security training providers, volunteer work, and self-study
Which certifications and degrees are most useful for gaining employment as a pentester
How to get experience in the pentesting field, including labs, CTFs, and bug bounties
PHILLIP L. WYLIE has over two decades of experience working in IT and information security. In addition to working as a penetration tester he has founded and runs The Pwn School Project, teaching ethical hacking. He holds the CISSP, OSCP, and GWAPT certifications. He is a highly sought-after public speaker who frequently presents at conferences about pentesting. He was interviewed for the Tribe of Hackers Red Team book. KIM CRAWLEY is dedicated to researching and writing about a plethora of cybersecurity issues. Some of the companies Kim has worked for over the years include Sophos, AT&T Cybersecurity, BlackBerry Cylance, Tripwire, and Venafi. All matters red team, blue team, and purple team fascinate her. But she's especially fascinated by malware, social engineering, and advanced persistent threats. Kim's extracurricular activities include running an online cybersecurity event called DisInfoSec, and autistic self-advocacy.
Foreword xvi
Introduction xviii
1 What is a Pentester? 1
Synonymous Terms and Types of Hackers 2
Pentests Described 3
Benefits and Reasons 3
Legality and Permission 5
Pentest Methodology 5
Pre-engagement Interactions 7
Intelligence Gathering 7
Threat Modeling 7
Vulnerability Analysis 7
Exploitation 8
Post Exploitation 8
Reporting 8
Pentest Types 9
Vulnerability Scanning 10
Vulnerability Assessments 10
Pentest Targets and Specializations 11
Generalist Pentesting 11
Application Pentesting 11
Internet of Things (IoT) 12
Industrial Control Systems (ICS) 12
Hardware and Medical Devices 13
Social Engineering 13
Physical Pentesting 13
Transportation Pentesting 14
Red Team Pentesting 14
Career Outlook 14
Summary 16
2 Prerequisite Skills 17
Skills Required for Learning Pentesting 18
Operating Systems 18
Networking 19
Information Security 19
Prerequisites Learning 19
Information Security Basics 20
What is Information Security? 21
The CIA Triad 22
Security Controls 24
Access Control 26
Incident Response 28
Malware 30
Advanced Persistent Threats 34
The Cyber Kill Chain 35
Common Vulnerabilities and Exposures 36
Phishing and Other Social Engineering 37
Airgapped Machines 38
The Dark Web 39
Summary 40
3 Education of a Hacker 43
Hacking Skills 43
Hacker Mindset 44
The Pentester Blueprint Formula 45
Ethical Hacking Areas 45
Operating Systems and Applications 46
Networks 46
Social Engineering 47
Physical Security 48
Types of Pentesting 48
Black Box Testing 49
White Box Testing 49
Gray Box Testing 50
A Brief History of Pentesting 50
The Early Days of Pentesting 51
Improving the Security of Your Site by Breaking into It 51
Pentesting Today 52
Summary 53
4 Education Resources 55
Pentesting Courses 55
Pentesting Books 56
Pentesting Labs 60
Web Resources 60
Summary 64
5 Building a Pentesting Lab 65
Pentesting Lab Options 65
Minimalist Lab 66
Dedicated Lab 66
Advanced Lab 67
Hacking Systems 67
Popular Pentesting Tools 68
Kali Linux 68
Nmap 69
Wireshark 69
Vulnerability Scanning Applications 69
Hak5 70
Hacking Targets 70
PentestBox 70
VulnHub 71
Proving Grounds 71
How Pentesters Build Their Labs 71
Summary 81
6 Certifications and Degrees 83
Pentesting Certifications 83
Entry-Level Certifications 84
Intermediate-Level Certifications 85
Advanced-Level Certifications 87
Specialization Web Application Pentesting Certifications 88
Wireless Pentesting Certifications 90
Mobile Pentesting Certifications 91
Pentesting Training and Coursework 91
Acquiring Pentesting Credentials 92
Certification Study Resources 99
CEH v10 Certified Ethical Hacker Study Guide 100
EC-Council 100
Quizlet CEH v10 Study Flashcards 100
Hacking Wireless Networks for Dummies 100
CompTIA PenTest+ Study Guide 101
CompTIA PenTest+ Website 101
Cybrary’s Advanced Penetration Testing 101
Linux Server Security: Hack and Defend 101
Advanced Penetration Testing: Hacking the World’s Most Secure Networks 102
The Web Application Hacker’s Handbook: Finding and Exploiting Security Flaws 102
Summary 102
7 Developing a Plan 105
Skills Inventory 105
Skill Gaps 111
Action Plan 112
Summary 113
8 Gaining Experience 115
Capture the Flag 115
Bug Bounties 123
A Brief History of Bug Bounty Programs 124
Pro Bono and Volunteer Work 125
Internships 126
Labs 126
Pentesters on Experience 126
Summary 135
9 Getting Employed as a Pentester 137
Job Descriptions 137
Professional Networking 138
Social Media 139
Résumé and Interview Tips 139
Summary 148
Appendix: The Pentester Blueprint 149
Glossary 155
Index 167
Erscheinungsdatum | 29.01.2021 |
---|---|
Verlagsort | New York |
Sprache | englisch |
Maße | 147 x 224 mm |
Gewicht | 227 g |
Themenwelt | Informatik ► Netzwerke ► Sicherheit / Firewall |
ISBN-10 | 1-119-68430-7 / 1119684307 |
ISBN-13 | 978-1-119-68430-5 / 9781119684305 |
Zustand | Neuware |
Haben Sie eine Frage zum Produkt? |
aus dem Bereich