| Document Type
|
:
|
BL
|
| Record Number
|
:
|
602304
|
| Doc. No
|
:
|
b431523
|
| Main Entry
|
:
|
Svensson, Robert
|
| Title & Author
|
:
|
From hacking to report writing : : an introduction to security and penetration testing /\ Robert Svensson
|
| Page. NO
|
:
|
1 online resource (xxii, 190 pages) :: illustrations (some color)
|
| ISBN
|
:
|
9781484222836
|
|
|
:
|
: 1484222830
|
|
|
:
|
9781484222829
|
| Notes
|
:
|
Includes index
|
| Contents
|
:
|
At a Glance; Contents; About the Author; About the Technical Reviewer; Acknowledgments; Preface; Chapter 1: Introduction; Why Security Testing Is Important; Vulnerabilities Are Everywhere; Not Only Hackers Exploit Vulnerabilities; What Is a Security Test?; The Inevitable Weakness of Any Security Test; What's In a Name?; The World's First Security Test; Who Are These Hackers Anyway?; State-Sponsored Actors; Two Examples of State-Sponsored Hacking; Computer Criminals; The SpyEye Botnet; Hacktivists; Welcome to the Central Stupidity Agency; Insider; Edward Snowden; Script Kiddies
|
|
|
:
|
Examples of Script KiddiesWhat Is a Threat?; Threats and Threat Agents; Summary; Chapter 2: Security Testing Basics; Types of Security Tests; The Knowledge Factor vs. The Guesswork Factor; On The Job: When Black Box Testing Goes Wrong; Social Engineering; What Is a Vulnerability?; Uncovering Vulnerabilities; The Vulnerability Wheel and the Heartbleed Bug; The Vulnerability Wheel by Example; Zero Day Exploits; How Vulnerabilities Are Scored and Rated; A Real-World Example Using CVSS; Software Development Life Cycle and Security Testing; How Security Testing Can Be Applied to the SDLC
|
|
|
:
|
Security MetricsWhat Is Important Data?; Client-Side vs. Server-Side Testing; Summary; Chapter 3: The Security Testing Process; The Process of a Security Test; The Initialization Phase; Setting the Scope; Setting the Scope Using Old Reports; Helping the Client to Set a Good Scope; Pre Security Test System Q Statement of Work; Statement of Work Example: Organization XYZ; Get Out of Jail Free Card; Security Test Execution; Security Test Report; Summary; Chapter 4: Technical Preparations; Collecting Network Traffic; Software Based; Hardware Based; Inform The CSIRT; Keep Track of Things
|
|
|
:
|
A Note on NotesSoftware Versioning and Revision Control Systems; Use a Jump Server; Screen; Know Which System You're Testing; The Habit of Saving Complex Commands; Be Verifiable; Visually Recording Your Work; Tools of the Trade; The Worst Tools One Can Possibly Imagine; Bash Lovely Bash; Keep a Command Log; The Security Tester's Software Setup; Virtual Machines for Security Testing; When to Use Hacker Distributions; Metasploit; Don't Be Volatile; End-of-the-Day Checklists; Keep Secrets Safe; Keep Your Backups Secure; Get Liability Insurance
|
|
|
:
|
Automated Vulnerability Scanners (and When to Use Them)The Google Proxy Avoidance Service; When to Connect Via VPN; Summary; Chapter 5: Security Test Execution; Security Test Execution; The Technical Security Test Process; The Layered Approach; The Layered Approach by Example; Identify; Footprinting; Scanning; Enumeration; Exploit; Report; The Circular Approach; When to Use What Approach; The Layered Approach; The Circular Approach; Expecting the Unexpected; The Pre-Security Test System Q&A Taken with a Grain of Salt
|
|
|
:
|
To Test Production Systems or to Not Test Productions Systems -- That Is the Question
|
| Subject
|
:
|
Computer security
|
| Subject
|
:
|
Computer networks-- Security measures
|
| Dewey Classification
|
:
|
005.8
|
| LC Classification
|
:
|
QA76.9.A25
|
| Added Entry
|
:
|
Ohio Library and Information Network
|