Penguin Power!
Buy Linux distributions at discount prices!
Linux| Perl| PHP| Webserv| Databases| Sysadmin| Programming| Filesystems| Java| Webprog
News from Slashdot
19-Year-Old Squatted At AOL For 2 Months

Astronauts Open Dragon Capsule Hatch

Hacked Bitcoin Financial Site Had No Backups

Is Facebook Going To Buy Opera?

Google Now Searches JavaScript

A Wrinkle For Biometric Systems: Irises Change Over Time

Australian IT Price Hike Inquiry Kicks Off: Submissions Wanted

Sound Increases the Efficiency of Boiling

Free Desktop Software Development Dead In Windows 8

Ask Slashdot: Why Not Linux For Security?


Related products:

Certification

Penetration Tester's Open Source Toolkit

Certification
Format: Paperback
Author: Johnny Long
ReleaseDate: 01 June, 2005
Publisher: Syngress Publishing
Rating:

Excellent kickstart
. Excellent kickstart for the budding pentester (such as myself) Covers as far as i can see most areas, and creating an apetite for more.


Four stars if you don't have any other security assessment books
If you have no other security assessment books, you may find PTOST helpful. I am not sure why Penetration Tester's Open Source Toolkit (PTOST) was published. Otherwise, I don't believe this book offers enough value to justify purchasing it. Other books -- some published by Syngress -- cover some of the same ideas, and 5 of PTOST's chapters are published in other books anyway.

I was somewhat confused by PTOST's approach. The book features the logo of the Auditor live CD, along with a foreword by Auditor developer Max Moser. A version of Auditor is included with the book. However, PTOST isn't exactly a guide to Auditor. In fact, only on the back cover do we see a listing of the "CD contents. " This list is odd since it does not distinguish between categories of tools (e. g. , "Forensics") and the tools themselves (e. g. , "Autopsy"). At the very least the book should have included an appendix listing the Auditor tools and a summary of their purpose.

PTOST does not feature enough original content to warrant buying the book. I think Osborne's Hacking Exposed, 5th Ed (HE5E) (or even the 4th Ed) addresses the phases of compromise in a more coherent and valuable manner. This is especially true for Ch 1 (Reconnaissance) and Ch 2 (Enumeration and Scanning); is there really anything original left to say on those subjects? I admit that coverage of certain SensePost tools was helpful, and SpiderFoot was cool.

Those looking to learn about database assessment (Ch 3) or Web hacking (Ch 4) would be better served by Syngress' own Special Ops: Host and Network Security for Microsoft, Unix, and Oracle. HE5E has a good chapter on Web hacking, and there's even a Hacking Exposed: Web Applications (HEWA) book. (A second edition of HEWA arrives this year, as does Syngress' new Web Application Security: A Guide for Developers and Penetration Testers. ) However, I did like hearing about OScanner, SQLAT, and OAT in Ch 3.

Ch 5 (Wireless Penetration Testing Using Auditor), was one of my favorite chapters. It covered the material well enough, and it covered tools included with Auditor. The case studies were also helpful. Ch 6 (Network Devices) resembled Chs 1 and 2; it didn't contain anything really new. I could not understand why Ch 7 (Writing Open Source Security Tools) appeared in a book more or less about using a penetration testing live CD. The audiences for those using live CDs and those writing their own tools seem very different.

I also liked Ch 8 (Running Nessus from Auditor). Like Ch 5, it looked at the unique problems one encounters using a live CD for security work. For example, author Johnny Long offers multiple ways to update the Nessus plugins to a USB drive. This is exactly the sort of knowledge not found in other Nessus books. He also takes a look behind the scenes of the Nessus startup script on Auditor. Bravo.

I stopped reading PTOST after Ch 8. Why? Chs 9, 12, and 13 are published in Syngress' Writing Security Tools and Exploits (as Chs 9, 10, and 11). Chs 10 and 11 from PTOST are the same as Chs 3 and 4 from Syngress' Nessus, Snort, and Ethereal Power Tools. This tendency to reprint chapters from other books is worrisome.

I believe a second edition of PTOST would be more helpful if it focused strictly on tools found on a future assessment live CD, namely BackTrack. (BackTrack is a new live CD uniting the Auditor and Whax projects. ) In fact, the authors might consider taking a case-based approach for the whole book. I thought the case studies in PTOST were some of the best material. For those looking for a comprehensive guide to security assessment, I recommend waiting for a second edition of Special Ops. Those who want a wide-ranging guide to security tools will like the recently published third edition of Osborne's Anti-Hacker Toolkit.


A Good Place to Start
Many of these packages have been collected onto a couple of CD's that are freely distributed. Penetration testors have worked for many years developing a wide series of tools to test the resistance of systems to intrusion. It seems, however, that these people would rather write new code and develop new techniques than write documentation. This book has been written by a series of security experts who have used these routines to test the security of their own systems.

Included with the book is a copy of the Auditor Secutiry Collection of routines. The description of the various routines contains both a description of how to use the software and a description of the problems that the software is attempting to detect. Finally, this book should be viewed as the place to get started in pentration testing. The techniques used by the bad guys continues to evolve. The start you'll get here will enable you to go to the web and perhaps to write/modify the routines to find new holes in your systems.

As the forward says, here's what you need to get started.


Go to lyrics-now.com for music lyrics and song lyrics.
Bass and guitar tablatures: Fretplay.com, Guitar tabs, Bass tabs, Fresh tabs, How to read tabs
Plan your travel and holiday here: Travel Helper!