From Hacking To Report Writing // An Introduction to Security and Penetration Testing
- This book will teach you everything you need to know to become a professional security and penetration tester
- This book describes advanced hacking techniques AND how to professionally make use of them
- This book explains how to write detailed reports on security issues that everyone will understand
Learn everything you need to know to become a professional security and penetration tester. It simplifies hands-on security and penetration testing by breaking down each step of the process so that finding vulnerabilities and misconfigurations becomes easy. The book explains how to methodically locate, exploit, and professionally report security weaknesses using techniques such as SQL-injection, denial-of-service attacks, and password hacking.
Although From Hacking to Report Writing will give you the technical know-how needed to carry out advanced security tests, it also offers insight into crafting professional looking reports describing your work and how your customers can benefit from it. The book will give you the tools you need to clearly communicate the benefits of high-quality security and penetration testing to IT-management, executives and other stakeholders.
Embedded in the book are a number of on-the-job stories that will give you a good understanding of how you can apply what you have learned to real-world situations.
We live in a time where computer security is more important than ever. Staying one step ahead of hackers has never been a bigger challenge. From Hacking to Report Writing clarifies how you can sleep better at night knowing that your network has been thoroughly tested.
Table of contents
- Security Basics
- The Security Testing Process
- Technical Preparations
- Security Test Execution
- Identifying Vulnerabilities
- Exploiting Vulnerabilities
- Reporting Vulnerabilities
- Example Reports
- Ten Tips to Become a Better Security Tester
Total pages: 190
Detailed chapter description
Chapter 1 — Introduction
It’s simple. There are no shortcuts. No high-quality security test has ever been carried out without the proper preparations. Even though they are most likely less formal, even hackers of the most vicious kind make preparations of some sort before attacking their victims. Taking the time to thoroughly prepare a security test before execution is the only way to get good results in the long run.Chapter 2 — Security Testing Basics
No two systems are identical. This means that each security test is more or less unique. But having the knowledge to categorize different types of security tests is key to getting a good and valuable result. This chapter explains the industry-standard security test types and how they can be applied to real- world scenarios. What vulnerabilities actually are and how they can be discovered, along with information on how they can be contained through security testing, is discussed in great detail. This chapter also provides an in-depth look at the infamous Heartbleed bug and how that security vulnerability, and others like it, can be handled within a security testing program.Chapter 3 — The Security Testing Process
Many honest attempts have been made to define a universal security testing process. Some attempts to explain such a process have been more widely accepted than others. One of the most well-established processes is the penetration testing execution standard, or PTES.While using the PTES during a security test is a relatively straightforward process, some consider PTES to be too big and too technically oriented to be applied to all security testing scenarios. This chapter will therefore aim to define a security testing process that can be applied to almost any technical environment in any organization.
The following sections will describe how a well-defined security test can transition from the early stages of planning to the delivery of a rock solid presentation that everyone in the organization can benefit from.
Chapter 4 — Technical Preparations
Even the most well-planned security test will eventually fail if the security tester does not have the right tools for the job. This chapter will explain how the security tester can prepare for the technically challenging tasks that lie ahead.The following sections will give tried–and–true advice on how to best prepare oneself for a security test regarding how to capture network traffic, how to keep report drafts confidential, how to document the step- by-step progress of the security test, and much more. The sections will also provide advice on how to put together a reliable security testing platform.
Chapter 5 — Security Test Execution
This chapter is meant to provide a transition from the theoretical aspects of security testing to the hands- on hacking. The following sections will explain different technical approaches to security testing that will result in a well-structured report. This chapter will also address the benefits, and the potential side effects, of running security tests against pre-production and/or production systems.Chapter 6 — Identifying Vulnerabilities
It’s time to start hacking away. After the test scope has been set, the test has been planned and the security tester has prepared her technical platform - then it’s time to get hacking.This chapter will open the door to the tools used by hackers and software testers alike. The pages that are about to follow will dig into the nitty-gritty of many hacking tools and methods used to carry out high- quality security testing.
The reader of this chapter, and the coming chapters, will learn how to configure, launch, and understand the result of today’s most popular hacking software. This includes the technical details of how to scan networks for live and potentially vulnerable hosts, how to identify vulnerable services, and how to break into them - the hacker way.
As we saw in the previous chapter, the identifying vulnerabilities step can be, and sometimes must be, broken down into several smaller substeps (See Figures 5-2 and 5-3 in Chapter 5). One such division is breaking it down into footprinting, scanning, and enumeration. Each of the three is discussed in greater detail below.
Chapter 7 — Exploiting Vulnerabilities
What makes an excellent carpenter? The most obvious answer would, of course, be excellent craftsmanship. But without the right tools, not even the world’s greatest carpenter could make a decent table. The same is true for a security tester; she needs the right tools to carry out a decent security test. These tools are, most of the time, the very same tools that a hacker would use to try to force her way into a system.The chapter will explain how computer systems can be broken into. This includes how to hack conventional password implementations and how to break into traditional services like FTP servers, file- sharing systems, and database management systems.
This chapter will also guide the reader though how to exploit web application vulnerabilities using The Open Web Application Security Project’s top ten list (known as the OWASP Top Ten Project) as a guideline.
Last but not least, this chapter will show in great detail how both hackers and security testers can break their way into databases using SQL injection techniques. The techniques demonstrated for SQL injection will give the reader full insight into one of the most popular attack techniques employed by hackers.
Chapter 8 — Reporting Vulnerabilities
The final report, and how it is presented, can be considered to be the most important step of the security testing process. A good security tester should be able to clearly present her findings to non-tech executives and systems administrators. She should also be able to explain every aspect of her report to everyone else involved in the project regardless of how knowledgeable they are of IT security solutions.Chapter 9 — Example Reports
Included in this chapter are two sample security test reports. They are both based on security issues that have been addressed throughout this book.The first one is a report on a general security test of three Linux-based servers providing a variety of services. It can be considered to be a black box test since little was known regarding the servers to the security tester before the test begun.
The second report is on a handful of web applications running on a single server. This test can be considered to be a gray box test since the security tester had access to data flow diagrams before the test took place.
While they are likely to be somewhat shorter than a real-world security test report since the test scope is rather narrow, both of the sample reports are meant to serve as examples of what a professional looking one could look like.
Although the two reports share much of the same structure, they are different in the sense that the first report was written from a “let’s scan the network and see what we can find” approach while the second report takes on a more checklist type of testing approach. The checklist applied to the testing featured in the second report is based on the well-established OWASP Top Ten list for web application vulnerabilities.