Penetration testing protecting networks and systems

This book is a preparation guide for the CPTE examination, yet is also a general reference for experienced penetration testers, ethical hackers, auditors, security personnel and anyone else involved in the security of an organization's computer systems.

Detalles Bibliográficos
Autor principal: Henry, Kevin M. (-)
Formato: Libro electrónico
Idioma:Inglés
Publicado: Ely, Cambridgeshire : IT Governance Publishing 2012.
Edición:1st edition
Materias:
Ver en Biblioteca Universitat Ramon Llull:https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009628647806719
Tabla de Contenidos:
  • Introduction; Chapter 1: Introduction to Penetration Testing; Case study; Security basics; Risk management; The threat environment; Overview of the steps to penetration testing; Penetration testing versus hacking; Benefits of penetration testing; Summary; Key learning points; Questions; Chapter 2: Preparing to Conduct a Penetration Test; Approval and scope; Planning; Summary; Questions; Chapter 3: Reconnaissance; The start of the test; Physical information gathering; Other data sources; Avoiding footprinting; Key learning points; Questions; Chapter 4: Active Reconnaissance and Enumeration
  • Port scanningCountermeasures to active reconnaissance; Key learning points; Questions; Chapter 5: Vulnerability Assessments; The attack vectors; References and sources of vulnerabilities; Using vulnerability assessment tools; PCI DSS requirements; Malicious code; Reporting on the vulnerability assessment; Key learning points; Questions; Chapter 6: Hacking Windows® and Unix; Having fun; Common hacking initiatives; Defeating data theft; Protecting against unauthorized access; Access controls; Actions of the attacker; Focus on UNIX/Linux; Advanced attacks; Source code review
  • Case study: Attack on a Chinese bankKey learning points; Questions; Chapter 7: Launching the Attack; Steps to an exploit; Attacking wireless networks; Pen testing wireless; Network sniffing; Firewalls; Intrusion detection and prevention systems (IDS/IPS); Key learning points; Questions; Chapter 8: Attacking Web Applications; The steps in attacking a web application; Questions; Chapter 9: Preparing the Report; Determining risk levels; Risk response; Report confidentiality; Delivering the report; Key learning points; Questions; Appendix 1: Linux; Appendix 2: Encryption; Concepts of cryptography
  • Appendix 3: Regulations and LegislationExamples of regulations and legislation; Protection of intellectual property; Appendix 4: Incident Management; Concepts of incident management; Additional Questions and Answers; Answers; References; ITG Resources