In Stock.
Ships from and sold by Amazon.ca. Gift-wrap available.
Quantity:1
BackTrack 4: Assuring Sec... has been added to your Cart
+ CDN$ 6.49 shipping
Used: Very Good | Details
Condition: Used: Very Good
Comment: Ships from the USA. Please allow 2 to 3 weeks for delivery. Book has appearance of light use with no easily noticeable wear. Millions of satisfied customers and climbing. Thriftbooks is the name you can trust, guaranteed. Spend Less. Read More.
Have one to sell?
Flip to back Flip to front
Listen Playing... Paused   You're listening to a sample of the Audible audio edition.
Learn more
See all 2 images

BackTrack 4: Assuring Security by Penetration Testing Paperback – Apr 14 2011

4.6 out of 5 stars 5 customer reviews

See all 3 formats and editions Hide other formats and editions
Amazon Price
New from Used from
Kindle Edition
"Please retry"
Paperback
"Please retry"
CDN$ 64.86
CDN$ 57.30 CDN$ 2.88

There is a newer edition of this item:


Harry Potter and the Cursed Child
click to open popover

Special Offers and Product Promotions

  • You'll save an extra 5% on Books purchased from Amazon.ca, now through July 29th. No code necessary, discount applied at checkout. Here's how (restrictions apply)

No Kindle device required. Download one of the Free Kindle apps to start reading Kindle books on your smartphone, tablet, and computer.
Getting the download link through email is temporarily not available. Please check back later.

  • Apple
  • Android
  • Windows Phone
  • Android

To get the free app, enter your mobile phone number.




Product Details

  • Paperback: 392 pages
  • Publisher: Packt Publishing (April 14 2011)
  • Language: English
  • ISBN-10: 1849513945
  • ISBN-13: 978-1849513944
  • Product Dimensions: 21.6 x 2.3 x 27.9 cm
  • Shipping Weight: 1.1 Kg
  • Average Customer Review: 4.6 out of 5 stars 5 customer reviews
  • Amazon Bestsellers Rank: #453,417 in Books (See Top 100 in Books)
  •  Would you like to update product info, give feedback on images, or tell us about a lower price?

Product Description

About the Author

Shakeel Ali is a main founder and CTO of Cipher Storm Ltd, UK. His expertise in the security industry markedly exceeds the standard number of security assessments, compliance, governance, and forensic projects that he carries in day-to-day operations. As a senior security evangelist and having spent endless nights without taking a nap, he provides constant security support to various businesses and government institutions globally. He is an active independent researcher who writes various articles, whitepapers, and manages a blog at Ethical-Hacker.net. He regularly participates in BugCon Security Conferences, Mexico, to highlight the best-of-breed cyber security threats and their solutions from practically driven countermeasures.

Customer Reviews

4.6 out of 5 stars
5 star
3
4 star
2
3 star
0
2 star
0
1 star
0
See all 5 customer reviews
Share your thoughts with other customers

Top Customer Reviews

Format: Paperback
This book is not just about learning a bunch of command line tools for p0wning a few poorly-maintained systems. In this book, the authors do a good job exposing the reader to the many facets of pen testing, and present the readers with the opportunity to try a few new things along the way, including virtualization, Linux, and BackTrack itself.

The authors introduce the idea that pen testing is not about randomly using a collection of tools to plink around a network. Instead, a structured, procedural methodology should be used to achieve timely, thorough, and reportable results. The authors also provide a detailed description of a security testing methodology to be used with BackTrack itself.

Each step in this methodology represents an element in the penetration testing life cycle management performed for each customer. The authors describe how this organized progression allows pen testers to determine their course of action, plan for needed resources, and not waste time and resources by duplicating effort. My only complaint is that this section is too small, and deserves expanding using actual case studies.

A considerable number of pen testing tools for each step in the methodology are covered with examples and instruction. Popular tools covered include Metasploit (Meterpreter), Maltego, NMap, NetXpose, and Nessus. Tools for exploiting (uh, testing) Web servers, databases, applications, and even Cisco devices are also covered.

I was very happy to see a chapter on Social Engineering. Experienced pen testers often remark that the most penetrable area of any system are the people who use and control it.
Read more ›
One person found this helpful. Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again.
Report abuse
Format: Paperback
I suppose these tools are going to be in the public domain anyway, so we might as well educate white hats as well as the black hats that may know them already. This book is a complete guide to penetration testing, aimed at potential security consultants. (That's the good part.) The bad part is that this book in the wrong hands can wreak all kinds of havoc-- it makes hacking way too easy. The authors do a good job of providing the right level of detail in all sorts of IT disciplines (networking, protocols, remote access, etc.), not spending too much time because there's just too many tools to introduce.

Frightening, yet useful in the right hands. If you are a security testing professional, you really need a copy of this book.
One person found this helpful. Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again.
Report abuse
Format: Paperback
The authors tackle a persistent danger to many websites and networks that hang off the Internet, where often the complexity of the operating systems and applications and the interactions between these can open doors to attackers. So the basic idea of penetration testing is to preemptively probe ('attack') your system. Find the weaknesses first, before others do so.

In part, the text offers a good overview of the field, separate from the usages of BackTrack. So you get a summary of several common security testing methodologies. Including the Open Source Security Testing Methodology Manual. If you have a background in science experiments, you'll see clear parallels in how this OSSTMM approach investigates an unknown system.

As far as BackTrack is concerned, its capabilities are explored in depth through most of the text. It does seem to have covered all the bases. Like checking/scanning for open TCP and UDP ports on target machines. Or looking for live machines on a network. One thing that becomes clear is that you can treat BackTrack as a repertoire of free tools. And you can pick just a subset of these tools to initially use against your network, if you have specific needs or suspicions,

To be sure, the recommended usage is a top down one, where you treat BackTrack as an integrated whole and you systematically first plan out your entire testing. No argument from me. You should do this, if you decide to use BackTrack in the first place. But a pragmatic incremental approach might still have some merit. Where you can just choose a tool and look up its usage in the text and run it. Easy to get some experience and confidence.
One person found this helpful. Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again.
Report abuse
Format: Paperback
It is one of the best penetration testing guides that helps you to understand and plan the security assessments in accordance with BackTrack testing process. It also provides powerful and practical insights of various security standards such as OWASP, OSSTMM, WASC-TC, and ISSAF. The book also allows an open alignment for test execution with any of the chosen methodological approach. This brings "BackTrack 4: Assuring Security By Penetration Testing" to be the best manual written so far. The chapters gradually covers each and every single piece of information that is must to know for professional penetration testers. I would highly recommend this book to industry professionals working either as a security consultant, architect or analyst. The book itself is an open call for BlackHat, GrayHat and WhiteHat pros to learn an extra mile.
Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again.
Report abuse
Format: Paperback Verified Purchase
Super...
Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again.
Report abuse


Feedback