BackTrack 4: Assuring Security by Penetration Testing and over one million other books are available for Amazon Kindle. Learn more

Vous voulez voir cette page en français ? Cliquez ici.


or
Sign in to turn on 1-Click ordering.
More Buying Choices
Have one to sell? Sell yours here
Start reading BackTrack 4: Assuring Security by Penetration Testing on your Kindle in under a minute.

Don't have a Kindle? Get your Kindle here, or download a FREE Kindle Reading App.

Backtrack 4: Assuring Security by Penetration Testing [Paperback]

Shakeel Ali , Heriyanto Tedi
4.5 out of 5 stars  See all reviews (4 customer reviews)
Price: CDN$ 54.59 & FREE Shipping. Details
o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o
Usually ships within 2 to 5 weeks.
Ships from and sold by Amazon.ca. Gift-wrap available.

Formats

Amazon Price New from Used from
Kindle Edition CDN $16.49  
Paperback CDN $54.59  
Join Amazon Student in Canada


Book Description

March 1 2011 Community Experience Distilled

Master the art of penetration testing with BackTrack

  • Learn the black-art of penetration testing with in-depth coverage of BackTrack Linux distribution
  • Explore the insights and importance of testing your corporate network systems before hackers strike it
  • Understand the practical spectrum of security tools by their exemplary usage, configuration, and benefits
  • Fully illustrated with practical examples, step-by-step instructions, and useful tips to cover the best-of-breed security assessment tools

In Detail

BackTrack is a penetration testing and security auditing platform with advanced tools to identify, detect, and exploit any vulnerabilities uncovered in the target network environment. Applying appropriate testing methodology with defined business objectives and a scheduled test plan will result in robust penetration testing of your network.

BackTrack 4: Assuring Security by Penetration Testing is a fully focused, structured book providing guidance on developing practical penetration testing skills by demonstrating the cutting-edge hacker tools and techniques in a coherent step-by-step strategy. It offers all the essential lab preparation and testing procedures to reflect real-world attack scenarios from your business perspective in today's digital age.

The authors experience and expertise enables them to reveal the industry's best approach for logical and systematic penetration testing.

The first and so far only book on BackTrack OS starts with lab preparation and testing procedures, explaining the basic installation and configuration set up, discussing types of penetration testing (black-box and white-box), uncovering open security testing methodologies, and proposing the BackTrack specific testing process. The authors discuss a number of security assessment tools necessary to conduct penetration testing in their respective categories (target scoping, information gathering, discovery, enumeration, vulnerability mapping, social engineering, exploitation, privilege escalation, maintaining access, and reporting), following the formal testing methodology. Each of these tools is illustrated with real-world examples to highlight their practical usage and proven configuration techniques. The authors also provide extra weaponry treasures and cite key resources that may be crucial to any professional penetration tester.

This book serves as a single professional, practical, and expert guide to developing hardcore penetration testing skills from scratch. You will be trained to make the best use of BackTrack OS either in a commercial environment or an experimental test bed.

A tactical example-driven guide for mastering the penetration testing skills with BackTrack to identify, detect, and exploit vulnerabilities at your digital doorstep.

What you will learn from this book

  • Initiate the BackTrack OS environment in your test lab by installing, configuring, running, and updating its core system components
  • Draw a formal BackTrack testing methodology
  • Scope your target with definitive test requirements, limitations, and business objectives, and schedule the test plan
  • Gain practical experience with a number of security tools from BackTrack logically divided into sub-categories of testing methodology
  • Practice the process of reconnaissance, discovery, enumeration, vulnerability mapping, social engineering, exploitation, privilege escalation, and maintaining access to your target for evaluation purposes
  • Document, report, and present your verified test results to the relevant authorities in a formal reporting structure
  • Assess the various technologies comprising your target information system's environment, such as web applications, network administration servers, workstations, Cisco devices, firewalls, load balancers, routers, switches, intrusion detection and prevention devices, and many more
  • Examine and research the vulnerability in greater detail before attempting to exploit it by taking control of the target, thus reducing any false positives
  • Exploit human vulnerability by wrapping yourself with the art of deception to acquire the target

Approach

Written as an interactive tutorial, this book covers the core of BackTrack with real-world examples and step-by-step instructions to provide professional guidelines and recommendations to you. The book is designed in a simple and intuitive manner, which allows you to explore the whole BackTrack testing process or study parts of it individually.

Who this book is written for

If you are an IT security professional or network administrator who has a basic knowledge of Unix/Linux operating systems including awareness of information security factors, and you want to use BackTrack for penetration testing, then this book is for you.


Frequently Bought Together

Backtrack 4: Assuring Security by Penetration Testing + Metasploit: The Penetration Tester's Guide
Price For Both: CDN$ 87.51

One of these items ships sooner than the other.


Customers Who Bought This Item Also Bought


Product Details


Inside This Book (Learn More)
Browse Sample Pages
Front Cover | Copyright | Table of Contents | Excerpt | Back Cover
Search inside this book:

What Other Items Do Customers Buy After Viewing This Item?


Customer Reviews

3 star
0
2 star
0
1 star
0
4.5 out of 5 stars
4.5 out of 5 stars
Most helpful customer reviews
1 of 1 people found the following review helpful
Format:Paperback
This book is not just about learning a bunch of command line tools for p0wning a few poorly-maintained systems. In this book, the authors do a good job exposing the reader to the many facets of pen testing, and present the readers with the opportunity to try a few new things along the way, including virtualization, Linux, and BackTrack itself.

The authors introduce the idea that pen testing is not about randomly using a collection of tools to plink around a network. Instead, a structured, procedural methodology should be used to achieve timely, thorough, and reportable results. The authors also provide a detailed description of a security testing methodology to be used with BackTrack itself.

Each step in this methodology represents an element in the penetration testing life cycle management performed for each customer. The authors describe how this organized progression allows pen testers to determine their course of action, plan for needed resources, and not waste time and resources by duplicating effort. My only complaint is that this section is too small, and deserves expanding using actual case studies.

A considerable number of pen testing tools for each step in the methodology are covered with examples and instruction. Popular tools covered include Metasploit (Meterpreter), Maltego, NMap, NetXpose, and Nessus. Tools for exploiting (uh, testing) Web servers, databases, applications, and even Cisco devices are also covered.

I was very happy to see a chapter on Social Engineering. Experienced pen testers often remark that the most penetrable area of any system are the people who use and control it.
Read more ›
Was this review helpful to you?
1 of 1 people found the following review helpful
4.0 out of 5 stars Methodical, lists many tools of the trade May 11 2011
Format:Paperback
I suppose these tools are going to be in the public domain anyway, so we might as well educate white hats as well as the black hats that may know them already. This book is a complete guide to penetration testing, aimed at potential security consultants. (That's the good part.) The bad part is that this book in the wrong hands can wreak all kinds of havoc-- it makes hacking way too easy. The authors do a good job of providing the right level of detail in all sorts of IT disciplines (networking, protocols, remote access, etc.), not spending too much time because there's just too many tools to introduce.

Frightening, yet useful in the right hands. If you are a security testing professional, you really need a copy of this book.
Was this review helpful to you?
1 of 1 people found the following review helpful
4.0 out of 5 stars you can try an incremental approach April 27 2011
Format:Paperback
The authors tackle a persistent danger to many websites and networks that hang off the Internet, where often the complexity of the operating systems and applications and the interactions between these can open doors to attackers. So the basic idea of penetration testing is to preemptively probe ('attack') your system. Find the weaknesses first, before others do so.

In part, the text offers a good overview of the field, separate from the usages of BackTrack. So you get a summary of several common security testing methodologies. Including the Open Source Security Testing Methodology Manual. If you have a background in science experiments, you'll see clear parallels in how this OSSTMM approach investigates an unknown system.

As far as BackTrack is concerned, its capabilities are explored in depth through most of the text. It does seem to have covered all the bases. Like checking/scanning for open TCP and UDP ports on target machines. Or looking for live machines on a network. One thing that becomes clear is that you can treat BackTrack as a repertoire of free tools. And you can pick just a subset of these tools to initially use against your network, if you have specific needs or suspicions,

To be sure, the recommended usage is a top down one, where you treat BackTrack as an integrated whole and you systematically first plan out your entire testing. No argument from me. You should do this, if you decide to use BackTrack in the first place. But a pragmatic incremental approach might still have some merit. Where you can just choose a tool and look up its usage in the text and run it. Easy to get some experience and confidence.
Was this review helpful to you?
Format:Paperback
It is one of the best penetration testing guides that helps you to understand and plan the security assessments in accordance with BackTrack testing process. It also provides powerful and practical insights of various security standards such as OWASP, OSSTMM, WASC-TC, and ISSAF. The book also allows an open alignment for test execution with any of the chosen methodological approach. This brings "BackTrack 4: Assuring Security By Penetration Testing" to be the best manual written so far. The chapters gradually covers each and every single piece of information that is must to know for professional penetration testers. I would highly recommend this book to industry professionals working either as a security consultant, architect or analyst. The book itself is an open call for BlackHat, GrayHat and WhiteHat pros to learn an extra mile.
Was this review helpful to you?
Most Helpful Customer Reviews on Amazon.com (beta)
Amazon.com: 4.6 out of 5 stars  58 reviews
64 of 67 people found the following review helpful
5.0 out of 5 stars For people who want to know what it's like to be a pen tester June 18 2011
By JAMES D MURRAY - Published on Amazon.com
Format:Paperback
This book is not just about learning a bunch of command line tools for p0wning a few poorly-maintained systems. In this book, the authors do a good job exposing the reader to the many facets of pen testing, and present the readers with the opportunity to try a few new things along the way, including virtualization, Linux, and BackTrack itself.

The authors introduce the idea that pen testing is not about randomly using a collection of tools to plink around a network. Instead, a structured, procedural methodology should be used to achieve timely, thorough, and reportable results. The author's also provide a detailed description of a security testing methodology to be used with BackTrack itself.

Each step in this methodology represents an element in the penetration testing life cycle management performed for each customer. The authors describe how this organized progression allows pen testers to determine their course of action, plan for needed resources, and not waste time and resources by duplicating effort. My only complaint is that this section is too small, and deserves expanding using actual case studies.

A considerable number of pen testing tools for each step in the methodology are covered with examples and instruction. Popular tools covered include Metasploit (Meterpreter), Maltego, NMap, NetXpose, and Nessus. Tools for exploiting (uh, testing) Web servers, databases, applications, and even Cisco devices are also covered.

I was very happy to see a chapter on Social Engineering. Experienced pen testers often remark that the most penetrable area of any system are the people who use and control it. The authors provide a detailed description of the psychology, tactics, and objectives of social engineering and how it is used to penetrate the "fleshy" parts of information systems.

This book is intended to educate both novice and experienced pen testers on how to successfully use BackTrack 4. I am sure not every professional pen testing will agree with everything in this book, as it represents the personal experience of only a few people in the profession. However, novices will find a tremendous amount of hands-on practice and enlightening information related to the pen testing profession in clear and readable instructions. Pros should a few things about becoming an even more efficient and versatile pen tester too.
44 of 45 people found the following review helpful
4.0 out of 5 stars Good stuff! June 11 2011
By L. Fesenden - Published on Amazon.com
Format:Paperback
Right after I got this book, Backtrack 5 was released. My intention was to go through the book and compare/contrast things to Backtrack 5. Well, we all know the saying about the best layed plans...
That being said, I believe the information in this book to be directly applicable to Backtrack 5 and a good reference for it!

The book is a great tutorial and walk-through on how to use Backtrack for security and penetration testing, but, more than that, it offers good information about the field in general. You will go through software installations, software overviews, methodologies, tests / testing, and my favorite part, reporting and deliverables, a MUST for professional computer people.

I think this is an excellent book to add to your knowledge arsenal and you may be surprised at just how much you didn't know. I know I was. This really is an important subject for computer professionals and I cant think of a better way to brush up than by grabbing a copy today. Thumbs up!
50 of 52 people found the following review helpful
4.0 out of 5 stars Very Good For Backtrack Beginners June 12 2011
By Mathew R Burnett - Published on Amazon.com
Format:Paperback|Verified Purchase
This book was written very well for any BackTrack Beginners. Note going into this book though that BackTrack 5 is now available for free download. The chapters go over a lot of the tools, and you delve into Metasploit and some other Vulnerability Tools as well, though it sometimes seems rushed (which is why I am giving it a 4star instead of 5star rating). I think this book would have been amazing if it had a DVD with extra stuff, or even with the Backtrack ISO on it.

I would recommend this to anyone who doesn't know very much about BackTrack, or anyone who just wants a reference for it. This is also a great book for beginner Pen Testers.
53 of 56 people found the following review helpful
5.0 out of 5 stars BackTrack 4: Assuring Security by Penetration Testing July 11 2011
By Mat - Published on Amazon.com
Format:Paperback
I've always had an interest in BackTrack since version 4, however it seemed to be the one distribution that you couldn't find a recent (or decent) book for. There are a few out there, but both several versions old leaving tidbits and tutorials from assorted websites and youTube as the sole source of information on the distribution and the toolset contained within. I was fortunate to come across this book from Packt Publishing. BackTrack 4: Assuring Security Testing by Penetration Testing was the book I've been looking for.

This book did wonders for me. Not only did it begin talking about the process and procedures for for planning and mapping out your testing, but also goes in-depth detailing and demonstrating the tools following that process. Those are: Target Scoping, Information Gathering, Target Discovery, Enumerating Target, Vulnerability Mapping, Social Engineering, Target Exploitation, Privilege Escalation, and Maintaining Access.

I went through this book with the latest distribution, BackTrack 5. Although majority of the information was applicable, i still had to pop over to a BackTrack 4 virtual for some of the exercises. Overall, I found this book extremely useful and would definitely recommend it to anyone wanting to learn about penetration and network security or test their home defenses. While not a complete or definitive volume by any means, it is a great foundation for those wanting to start down the path of penetration testing.
43 of 45 people found the following review helpful
5.0 out of 5 stars Very useful manual for security consultants July 20 2011
By D A Hutson - Published on Amazon.com
Format:Paperback
I am one of those security consultants who deal with number of Fortune 500 companies and government agencies. While engaging in security assessment and auditing projects, the book like "BackTrack 4: Assuring Security by Penetration Testing" values more than just a handful key to recall and play with number of pen-testing tools. It is a great resource for penetration testers as a reference manual. It has also highlighted all the basic and advanced features of how the pen-testing should be conducted logically. I wish the new version of this book should come out soon to reflect changes within Backtrack v5.
Search Customer Reviews
Only search this product's reviews

Look for similar items by category


Feedback