This book is a compendium of software tools, some Unix commands, some open source software, and some commercial products that can be used for penetration testing. It is not an introductory book. But with some diligence, the determined ethical hacker can work through it and learn a lot along the way. For the benefit of those readers who are not familiar with the term “ethical hacker,” a short explanation and a few words of definition are in order.

Most, perhaps all, computer networks have vulnerabilities. Many of these areas of vulnerability are well known. To put this into perspective, consider the following scenario.

The homes of most people, perhaps all, have vulnerabilities. Some people, for example, don’t lock their front doors. Once there is a break-in in the neighborhood, most people will begin locking their front doors. But, in case they lock themselves out, many people will put a key under the mat or in a fake stone in the garden. Thieves know this, and once a house is broken into using a key found under the mat, this behavior will probably change as well. As people become more security conscious and begin locking their doors without hidden keys, they don’t think about other entry points like breaking a window. Once a house is broken into through a broken window, residents in the neighborhood begin installing security systems that raise an alarm when glass is broken. And this process continues as the thieves get cleverer and the residents become more serious about security. Of course, different neighborhoods have different levels of security based on the breaches they have experienced. And this is true for networks as well.

Historically, network administrators would establish a reasonable level of security and then respond to threats as they occurred. Just like there is a collection of techniques used by thieves in the neighborhood, such as checking to see if the front door is locked, looking for a key under the mat if it is, and so on, there is a collection of techniques known to technical experts for testing the vulnerabilities in networks. People who use these techniques to penetrate a network are known as hackers; this is just one of the many definitions.

In order to protect their networks from hackers, network administrators can hire people who are well versed in these techniques to look for vulnerabilities. These people are referred to as ethical hackers, and the work they do is called penetration testing. According to the author of this book, “The sole difference between the terms ‘hacking’ and ‘ethical hacking’ is the permission.” And, indeed, the techniques in this book could be used for either purpose.

This book is a good collection of penetration testing techniques, but it is probably not the best place to start for those who are just getting interested in ethical hacking. Readers should have some background in Linux, network protocols, and web technologies, as the coverage in the book is more of a reminder than a tutorial. In addition, the reader will need to be comfortable locating, downloading, and installing software from the web. But, if those prerequisites are not a problem, this book provides a wealth of information on the techniques of penetration testing. It would also be useful as a textbook in a hands-on course in penetration testing with the knowledge gaps being filled in by the instructor.

More reviews about this item: Amazon, Goodreads