By Jeremy Faircloth
Reviewed by Joyce Chua, CISA, CISM, CITPM, ITIL, PMP
Penetration Tester’s Open Source Toolkit, 3rd Edition is a learning guide relevant to IT security professionals, ethical hackers and IT auditors who are required to perform and understand penetration testing with open-source tools.
This third edition contains up-to-date content, including information on enterprise application testing, client-side attacks, and updates on Metasploit and Backtrack. Commercial penetration testing tools have questionable accuracy, can be very expensive and are sometimes hard to use. This book helps to solve these problems by offering current open-source, no-cost penetration testing tools that can be modified by the user for different situations. To help the reader, this book expands on existing available instructional tools to provide the reader with the most accurate and in-depth test results.
The book is broken down into 10 chapters: Tools of the Trade, Reconnaissance, Scanning and Enumeration, Client-side Attacks and Human Weaknesses, Hacking Database Services, Web Server and Web Application Testing, Network Devices, Enterprise Application Testing, Wireless Penetration Testing, and Building Penetration Test Labs.
Each chapter begins with an objectives section and the approach taken, followed by a concise discussion of the core technologies and various helpful open-source tools available. The last section of each chapter offers a case study that helps tie together all the information from that chapter. Then, the hands-on challenge section brings the book from passive reading to a practical guide, prompting the reader to proactively take up experimental challenges.
Because this book is loaded with information and is systematically organized, readers do not need to read from beginning to end as they can just start from any chapter. This book also offers many screenshots, illustrations and code examples. It serves as an excellent starting point for readers who are required to understand and assess if penetration testing should be added to an organization’s services or are required to execute penetration testing with minimal cost.
This book is really a treasure trove of open-source penetration testing tools. It supplements existing research and compresses a variety of content from other publications.
Penetration Tester’s Open Source Toolkit, 3rd Edition is available from the ISACA Bookstore. For information, see the ISACA Bookstore Supplement in the latest issue of the ISACA Journal, visit www.isaca.org/bookstore, email firstname.lastname@example.org or telephone +1.847.660.5650.
Joyce Chua, CISA, CISM, CITPM, ITIL, PMP, is a Global IT Compliance manager for GLOBALFOUNDRIES, one of the world’s top dedicated semiconductor foundries. Chua is a member of the ISACA Publications Subcommittee.