Saturday, June 4, 2011

BT4 Assuring Security by Penetration Testing

If you are working in the “information security” field, you must know the BackTrack distribution (otherwise you must be an alien coming from a far away planet!). If you search for the word “backtrack” on Amazon, you will find lot of references but only one book is fully dedicated to the Linux distribution: “BackTrack 4: Assuring Security by Penetration Testing“. I received a copy directly from the publisher and here is my review.

Just for those who are not familiar with BackTrack, it’s a Linux distribution made by security professionals for security professionals: It contains hundreds of tools to perform security assessments and penetration tests. Some of them are well-known like Metasploit, WebScarab or sqlmap and others are real gems (example: ua-tester which was added recently) and  increase the quality of the toolbox version after version.
Even if BackTrack 5 was released a few weeks ago, it does not reduce the book quality. There are so many tools that a single volume is not enough to cover all of them.The following chapters covered the classic penetration testing schema:
  • Target scoping
  • Information gathering
  • Target discovery
  • Enumerating target
  • Vulnerability mapping
  • Social engineering
  • Target exploitation
  • Privilege escalation
  • Maintaining access
  • Documentation and reporting
Each chapter reviews the most interesting tools (according to the authors) to achieve the chapter topic. Tools are briefly explained with examples. Straight to the point!
So, who’s need this book? The author’s goal is certainly not to give recipes on “how to hack a website“. The book must been see as a reference for those who already know the BackTrack distribution or who want to learn it. Don’t forget: this is just a toolbox, it does not prevent you to use your brain!
More information about the book here.
Regards
Adnan Anjum.

0 comments:

Post a Comment