Overview

Penetration Testing: Protecting networks and systems is a preparation guide for the CPTE examination. It describes the range of techniques employed by professional pen testers, and also includes advice on the preparation and delivery of the test report. The author's in-the-field experiences, combined with other real-world examples, are used to illustrate common pitfalls that can be encountered during testing and reporting. 

Full Product Details

Author:   Kevin Henry ,  IT Governance Publishing
Publisher:   IT Governance Publishing
Imprint:   IT Governance Publishing
Dimensions:   Width: 14.00cm , Height: 1.30cm , Length: 21.60cm
Weight:   0.277kg
ISBN:  

9781849283717

ISBN 10:   1849283710
Pages:   234
Publication Date:   21 June 2012
Audience:   Professional and scholarly ,  Professional & Vocational
Format:   Paperback
Publisher's Status:   Active
Availability:   In Print  
This item will be ordered in for you from one of our suppliers. Upon receipt, we will promptly dispatch it out to you. For in store availability, please contact us.

Table of Contents

Introduction Chapter 1: Introduction to Penetration Testing Case study Security basics Risk management The threat environment Overview of the steps to penetration testing Penetration testing versus hacking Benefits of penetration testing Summary Key learning points Questions Chapter 2: Preparing to Conduct a Penetration Test Approval and scope Planning Summary Questions Chapter 3: Reconnaissance The start of the test Physical information gathering Other data sources Avoiding footprinting Key learning points Questions Chapter 4: Active Reconnaissance and Enumeration Port scanning Countermeasures to active reconnaissance Key learning points Questions Chapter 5: Vulnerability Assessments The attack vectors References and sources of vulnerabilities Using vulnerability assessment tools PCI DSS requirements Malicious code Reporting on the vulnerability assessment Key learning points Questions Chapter 6: Hacking Windows(R) and UNIX Having fun Common hacking initiatives Defeating data theft Protecting against unauthorized access Access controls Actions of the attacker Focus on UNIX/Linux Advanced attacks Source code review Case study: Attack on a Chinese bank Key learning points Questions Chapter 7: Launching the Attack Steps to an exploit Attacking wireless networks Pen testing wireless Network sniffing Firewalls Intrusion detection and prevention systems (IDS/IPS). Key learning points Questions Chapter 8: Attacking Web Applications The steps in attacking a web application Questions Chapter 9: Preparing the Report Determining risk levels Risk response Report confidentiality Delivering the report Key learning points Questions Appendix 1: Linux Appendix 2: Encryption Concepts of cryptography Appendix 3: Regulations and Legislation Examples of regulations and legislation Protection of intellectual property Appendix 4: Incident Management Concepts of incident management Additional Questions and Answers Answers References ITG Resources

Reviews

Author Information

Kevin Henry has 35 years’ experience working on computer systems, initially as an operator on the largest mini-computer installation in Canada, and then in various programmer and analyst roles before moving into computer audit and security. Kevin currently provides security auditing, training and educational programs for major clients and governments around the world and is a frequent speaker on the security conference circuit. 

Tab Content 6

Author Website:  

Customer Reviews

Recent Reviews

No review item found!

Add your own review!

Countries Available

All regions