Review of "The basics of hacking and penetration testing : ethical hacking and penetration testing made easy. P. Engebretson, Syngress Publishing, Waltham, MA, 2011"

Research output: Contribution to journalBook/Film/Article reviewAcademic

34 Downloads (Pure)

Abstract

This is a book on the “dark side‿ of information technology, as it describes how the vulnerabilities of systems and networks can be exploited to gain unauthorized access. It is important that students and practitioners understand how advanced the state of the art in exploiting vulnerabilities is, since only a deep understanding of the problem will lead to good solutions. Engebretson presents an overview of the tools a penetration tester might use to test the vulnerability of a system or network. The tools are described in some detail, mainly focusing on the syntax of commands. The interpretation of the results is described only superficially. The reader is left wondering what exactly is going on and why. Let me give a few examples to illustrate this point. In several places, the book warns the penetration tester that stealth is important. However, there is no information on how stealthy the various tools are, nor is there a discussion on how to use the tools in the stealthiest manner. The book often suggests that the reader should learn about a particular topic--for example, Internet protocols (p. 53): “To truly master port scanning you will need to have a solid understanding of these protocols.‿ Another example is the discussion (p. 79) of the differences between bind and reverse payloads. The book provides some of the facts, but it does not explain the relevance or the underlying principles. There are no pointers to further studies, references, or even Web pages. What exactly do we have to learn? Why? Where can we find the relevant material? I have read books similar to this one, but on topics that are far from my area of expertise (for example, Nanotechnology for dummies [1]), which I found more readable because the relevance of the topic was clear, and links to further information were provided. In summary: if the reader knows little about networking and is looking for a book that will get him started on penetration testing, then this book may be useful. But it won’t get the reader anywhere near successful penetration tests, because a much better understanding of networking than the book provides will be needed. Unfortunately, the book does not even try to point readers in the right direction to becoming proficient penetration testers. 1) E. Boysen, Nanotechnology for dummiesDummies Series: Dummies Series. Wiley, Indianapolis, IN, 2011.
Original languageUndefined
Pages (from-to)CR140206
Number of pages1
JournalComputing reviews
Issue numberCR140206
Publication statusPublished - 30 May 2012

Keywords

  • IR-80500
  • SCS-Cybersecurity
  • EWI-21893
  • METIS-286375

Cite this

@article{99929a069b9241bfb4b3b50b9e0a081d,
title = "Review of {"}The basics of hacking and penetration testing : ethical hacking and penetration testing made easy. P. Engebretson, Syngress Publishing, Waltham, MA, 2011{"}",
abstract = "This is a book on the “dark side‿ of information technology, as it describes how the vulnerabilities of systems and networks can be exploited to gain unauthorized access. It is important that students and practitioners understand how advanced the state of the art in exploiting vulnerabilities is, since only a deep understanding of the problem will lead to good solutions. Engebretson presents an overview of the tools a penetration tester might use to test the vulnerability of a system or network. The tools are described in some detail, mainly focusing on the syntax of commands. The interpretation of the results is described only superficially. The reader is left wondering what exactly is going on and why. Let me give a few examples to illustrate this point. In several places, the book warns the penetration tester that stealth is important. However, there is no information on how stealthy the various tools are, nor is there a discussion on how to use the tools in the stealthiest manner. The book often suggests that the reader should learn about a particular topic--for example, Internet protocols (p. 53): “To truly master port scanning you will need to have a solid understanding of these protocols.‿ Another example is the discussion (p. 79) of the differences between bind and reverse payloads. The book provides some of the facts, but it does not explain the relevance or the underlying principles. There are no pointers to further studies, references, or even Web pages. What exactly do we have to learn? Why? Where can we find the relevant material? I have read books similar to this one, but on topics that are far from my area of expertise (for example, Nanotechnology for dummies [1]), which I found more readable because the relevance of the topic was clear, and links to further information were provided. In summary: if the reader knows little about networking and is looking for a book that will get him started on penetration testing, then this book may be useful. But it won’t get the reader anywhere near successful penetration tests, because a much better understanding of networking than the book provides will be needed. Unfortunately, the book does not even try to point readers in the right direction to becoming proficient penetration testers. 1) E. Boysen, Nanotechnology for dummiesDummies Series: Dummies Series. Wiley, Indianapolis, IN, 2011.",
keywords = "IR-80500, SCS-Cybersecurity, EWI-21893, METIS-286375",
author = "Hartel, {Pieter H.}",
year = "2012",
month = "5",
day = "30",
language = "Undefined",
pages = "CR140206",
journal = "Computing reviews",
issn = "0010-4884",
publisher = "Association for Computing Machinery (ACM)",
number = "CR140206",

}

TY - JOUR

T1 - Review of "The basics of hacking and penetration testing : ethical hacking and penetration testing made easy. P. Engebretson, Syngress Publishing, Waltham, MA, 2011"

AU - Hartel, Pieter H.

PY - 2012/5/30

Y1 - 2012/5/30

N2 - This is a book on the “dark side‿ of information technology, as it describes how the vulnerabilities of systems and networks can be exploited to gain unauthorized access. It is important that students and practitioners understand how advanced the state of the art in exploiting vulnerabilities is, since only a deep understanding of the problem will lead to good solutions. Engebretson presents an overview of the tools a penetration tester might use to test the vulnerability of a system or network. The tools are described in some detail, mainly focusing on the syntax of commands. The interpretation of the results is described only superficially. The reader is left wondering what exactly is going on and why. Let me give a few examples to illustrate this point. In several places, the book warns the penetration tester that stealth is important. However, there is no information on how stealthy the various tools are, nor is there a discussion on how to use the tools in the stealthiest manner. The book often suggests that the reader should learn about a particular topic--for example, Internet protocols (p. 53): “To truly master port scanning you will need to have a solid understanding of these protocols.‿ Another example is the discussion (p. 79) of the differences between bind and reverse payloads. The book provides some of the facts, but it does not explain the relevance or the underlying principles. There are no pointers to further studies, references, or even Web pages. What exactly do we have to learn? Why? Where can we find the relevant material? I have read books similar to this one, but on topics that are far from my area of expertise (for example, Nanotechnology for dummies [1]), which I found more readable because the relevance of the topic was clear, and links to further information were provided. In summary: if the reader knows little about networking and is looking for a book that will get him started on penetration testing, then this book may be useful. But it won’t get the reader anywhere near successful penetration tests, because a much better understanding of networking than the book provides will be needed. Unfortunately, the book does not even try to point readers in the right direction to becoming proficient penetration testers. 1) E. Boysen, Nanotechnology for dummiesDummies Series: Dummies Series. Wiley, Indianapolis, IN, 2011.

AB - This is a book on the “dark side‿ of information technology, as it describes how the vulnerabilities of systems and networks can be exploited to gain unauthorized access. It is important that students and practitioners understand how advanced the state of the art in exploiting vulnerabilities is, since only a deep understanding of the problem will lead to good solutions. Engebretson presents an overview of the tools a penetration tester might use to test the vulnerability of a system or network. The tools are described in some detail, mainly focusing on the syntax of commands. The interpretation of the results is described only superficially. The reader is left wondering what exactly is going on and why. Let me give a few examples to illustrate this point. In several places, the book warns the penetration tester that stealth is important. However, there is no information on how stealthy the various tools are, nor is there a discussion on how to use the tools in the stealthiest manner. The book often suggests that the reader should learn about a particular topic--for example, Internet protocols (p. 53): “To truly master port scanning you will need to have a solid understanding of these protocols.‿ Another example is the discussion (p. 79) of the differences between bind and reverse payloads. The book provides some of the facts, but it does not explain the relevance or the underlying principles. There are no pointers to further studies, references, or even Web pages. What exactly do we have to learn? Why? Where can we find the relevant material? I have read books similar to this one, but on topics that are far from my area of expertise (for example, Nanotechnology for dummies [1]), which I found more readable because the relevance of the topic was clear, and links to further information were provided. In summary: if the reader knows little about networking and is looking for a book that will get him started on penetration testing, then this book may be useful. But it won’t get the reader anywhere near successful penetration tests, because a much better understanding of networking than the book provides will be needed. Unfortunately, the book does not even try to point readers in the right direction to becoming proficient penetration testers. 1) E. Boysen, Nanotechnology for dummiesDummies Series: Dummies Series. Wiley, Indianapolis, IN, 2011.

KW - IR-80500

KW - SCS-Cybersecurity

KW - EWI-21893

KW - METIS-286375

M3 - Book/Film/Article review

SP - CR140206

JO - Computing reviews

JF - Computing reviews

SN - 0010-4884

IS - CR140206

ER -