The Art Of Software Security Testing

Download The Art Of Software Security Testing full books in PDF, epub, and Kindle. Read online The Art Of Software Security Testing ebook anywhere anytime directly on your device. Fast Download speed and no annoying ads. We cannot guarantee that every ebooks is available!

The Art of Software Security Assessment

Author : Mark Dowd
Publisher : Pearson Education
ISBN 13 : 0132701936
Total Pages : 1432 pages
Book Rating : 4.1/5 (327 download)

DOWNLOAD NOW!

Book Synopsis The Art of Software Security Assessment by : Mark Dowd

Download or read book The Art of Software Security Assessment written by Mark Dowd and published by Pearson Education. This book was released on 2006-11-20 with total page 1432 pages. Available in PDF, EPUB and Kindle. Book excerpt: The Definitive Insider’s Guide to Auditing Software Security This is one of the most detailed, sophisticated, and useful guides to software security auditing ever written. The authors are leading security consultants and researchers who have personally uncovered vulnerabilities in applications ranging from sendmail to Microsoft Exchange, Check Point VPN to Internet Explorer. Drawing on their extraordinary experience, they introduce a start-to-finish methodology for “ripping apart” applications to reveal even the most subtle and well-hidden security flaws. The Art of Software Security Assessment covers the full spectrum of software vulnerabilities in both UNIX/Linux and Windows environments. It demonstrates how to audit security in applications of all sizes and functions, including network and Web software. Moreover, it teaches using extensive examples of real code drawn from past flaws in many of the industry's highest-profile applications. Coverage includes • Code auditing: theory, practice, proven methodologies, and secrets of the trade • Bridging the gap between secure software design and post-implementation review • Performing architectural assessment: design review, threat modeling, and operational review • Identifying vulnerabilities related to memory management, data types, and malformed data • UNIX/Linux assessment: privileges, files, and processes • Windows-specific issues, including objects and the filesystem • Auditing interprocess communication, synchronization, and state • Evaluating network software: IP stacks, firewalls, and common application protocols • Auditing Web applications and technologies

The Art of Software Security Testing

Author : Chris Wysopal
Publisher : Pearson Education
ISBN 13 : 0132715759
Total Pages : 332 pages
Book Rating : 4.1/5 (327 download)

DOWNLOAD NOW!

Book Synopsis The Art of Software Security Testing by : Chris Wysopal

Download or read book The Art of Software Security Testing written by Chris Wysopal and published by Pearson Education. This book was released on 2006-11-17 with total page 332 pages. Available in PDF, EPUB and Kindle. Book excerpt: State-of-the-Art Software Security Testing: Expert, Up to Date, and Comprehensive The Art of Software Security Testing delivers in-depth, up-to-date, battle-tested techniques for anticipating and identifying software security problems before the “bad guys” do. Drawing on decades of experience in application and penetration testing, this book’s authors can help you transform your approach from mere “verification” to proactive “attack.” The authors begin by systematically reviewing the design and coding vulnerabilities that can arise in software, and offering realistic guidance in avoiding them. Next, they show you ways to customize software debugging tools to test the unique aspects of any program and then analyze the results to identify exploitable vulnerabilities. Coverage includes Tips on how to think the way software attackers think to strengthen your defense strategy Cost-effectively integrating security testing into your development lifecycle Using threat modeling to prioritize testing based on your top areas of risk Building testing labs for performing white-, grey-, and black-box software testing Choosing and using the right tools for each testing project Executing today’s leading attacks, from fault injection to buffer overflows Determining which flaws are most likely to be exploited by real-world attackers

Fuzzing for Software Security Testing and Quality Assurance, Second Edition

Author : Ari Takanen,
Publisher : Artech House
ISBN 13 : 1630815195
Total Pages : 330 pages
Book Rating : 4.6/5 (38 download)

DOWNLOAD NOW!

Book Synopsis Fuzzing for Software Security Testing and Quality Assurance, Second Edition by : Ari Takanen,

Download or read book Fuzzing for Software Security Testing and Quality Assurance, Second Edition written by Ari Takanen, and published by Artech House. This book was released on 2018-01-31 with total page 330 pages. Available in PDF, EPUB and Kindle. Book excerpt: This newly revised and expanded second edition of the popular Artech House title, Fuzzing for Software Security Testing and Quality Assurance, provides practical and professional guidance on how and why to integrate fuzzing into the software development lifecycle. This edition introduces fuzzing as a process, goes through commercial tools, and explains what the customer requirements are for fuzzing. The advancement of evolutionary fuzzing tools, including American Fuzzy Lop (AFL) and the emerging full fuzz test automation systems are explored in this edition. Traditional software programmers and testers will learn how to make fuzzing a standard practice that integrates seamlessly with all development activities. It surveys all popular commercial fuzzing tools and explains how to select the right one for software development projects. This book is a powerful new tool to build secure, high-quality software taking a weapon from the malicious hacker’s arsenal. This practical resource helps engineers find and patch flaws in software before harmful viruses, worms, and Trojans can use these vulnerabilities to rampage systems. The book shows how to make fuzzing a standard practice that integrates seamlessly with all development activities.

Mobile Application Penetration Testing

Author : Vijay Kumar Velu
Publisher : Packt Publishing Ltd
ISBN 13 : 1785888692
Total Pages : 313 pages
Book Rating : 4.7/5 (858 download)

DOWNLOAD NOW!

Book Synopsis Mobile Application Penetration Testing by : Vijay Kumar Velu

Download or read book Mobile Application Penetration Testing written by Vijay Kumar Velu and published by Packt Publishing Ltd. This book was released on 2016-03-11 with total page 313 pages. Available in PDF, EPUB and Kindle. Book excerpt: Explore real-world threat scenarios, attacks on mobile applications, and ways to counter them About This Book Gain insights into the current threat landscape of mobile applications in particular Explore the different options that are available on mobile platforms and prevent circumventions made by attackers This is a step-by-step guide to setting up your own mobile penetration testing environment Who This Book Is For If you are a mobile application evangelist, mobile application developer, information security practitioner, penetration tester on infrastructure web applications, an application security professional, or someone who wants to learn mobile application security as a career, then this book is for you. This book will provide you with all the skills you need to get started with Android and iOS pen-testing. What You Will Learn Gain an in-depth understanding of Android and iOS architecture and the latest changes Discover how to work with different tool suites to assess any application Develop different strategies and techniques to connect to a mobile device Create a foundation for mobile application security principles Grasp techniques to attack different components of an Android device and the different functionalities of an iOS device Get to know secure development strategies for both iOS and Android applications Gain an understanding of threat modeling mobile applications Get an in-depth understanding of both Android and iOS implementation vulnerabilities and how to provide counter-measures while developing a mobile app In Detail Mobile security has come a long way over the last few years. It has transitioned from "should it be done?" to "it must be done!"Alongside the growing number of devises and applications, there is also a growth in the volume of Personally identifiable information (PII), Financial Data, and much more. This data needs to be secured. This is why Pen-testing is so important to modern application developers. You need to know how to secure user data, and find vulnerabilities and loopholes in your application that might lead to security breaches. This book gives you the necessary skills to security test your mobile applications as a beginner, developer, or security practitioner. You'll start by discovering the internal components of an Android and an iOS application. Moving ahead, you'll understand the inter-process working of these applications. Then you'll set up a test environment for this application using various tools to identify the loopholes and vulnerabilities in the structure of the applications. Finally, after collecting all information about these security loop holes, we'll start securing our applications from these threats. Style and approach This is an easy-to-follow guide full of hands-on examples of real-world attack simulations. Each topic is explained in context with respect to testing, and for the more inquisitive, there are more details on the concepts and techniques used for different platforms.

The Art of Network Penetration Testing

Author : Royce Davis
Publisher : Simon and Schuster
ISBN 13 : 163835071X
Total Pages : 302 pages
Book Rating : 4.6/5 (383 download)

DOWNLOAD NOW!

Book Synopsis The Art of Network Penetration Testing by : Royce Davis

Download or read book The Art of Network Penetration Testing written by Royce Davis and published by Simon and Schuster. This book was released on 2020-11-19 with total page 302 pages. Available in PDF, EPUB and Kindle. Book excerpt: The Art of Network Penetration Testing is a guide to simulating an internal security breach. You’ll take on the role of the attacker and work through every stage of a professional pentest, from information gathering to seizing control of a system and owning the network. Summary Penetration testing is about more than just getting through a perimeter firewall. The biggest security threats are inside the network, where attackers can rampage through sensitive data by exploiting weak access controls and poorly patched software. Designed for up-and-coming security professionals, The Art of Network Penetration Testing teaches you how to take over an enterprise network from the inside. It lays out every stage of an internal security assessment step-by-step, showing you how to identify weaknesses before a malicious invader can do real damage. Purchase of the print book includes a free eBook in PDF, Kindle, and ePub formats from Manning Publications. About the technology Penetration testers uncover security gaps by attacking networks exactly like malicious intruders do. To become a world-class pentester, you need to master offensive security concepts, leverage a proven methodology, and practice, practice, practice. Th is book delivers insights from security expert Royce Davis, along with a virtual testing environment you can use to hone your skills. About the book The Art of Network Penetration Testing is a guide to simulating an internal security breach. You’ll take on the role of the attacker and work through every stage of a professional pentest, from information gathering to seizing control of a system and owning the network. As you brute force passwords, exploit unpatched services, and elevate network level privileges, you’ll learn where the weaknesses are—and how to take advantage of them. What's inside Set up a virtual pentest lab Exploit Windows and Linux network vulnerabilities Establish persistent re-entry to compromised targets Detail your findings in an engagement report About the reader For tech professionals. No security experience required. About the author Royce Davis has orchestrated hundreds of penetration tests, helping to secure many of the largest companies in the world. Table of Contents 1 Network Penetration Testing PHASE 1 - INFORMATION GATHERING 2 Discovering network hosts 3 Discovering network services 4 Discovering network vulnerabilities PHASE 2 - FOCUSED PENETRATION 5 Attacking vulnerable web services 6 Attacking vulnerable database services 7 Attacking unpatched services PHASE 3 - POST-EXPLOITATION AND PRIVILEGE ESCALATION 8 Windows post-exploitation 9 Linux or UNIX post-exploitation 10 Controlling the entire network PHASE 4 - DOCUMENTATION 11 Post-engagement cleanup 12 Writing a solid pentest deliverable

How to Break Software Security

Author : James A. Whittaker
Publisher : Addison-Wesley
ISBN 13 : 9780321194336
Total Pages : 185 pages
Book Rating : 4.1/5 (943 download)

DOWNLOAD NOW!

Book Synopsis How to Break Software Security by : James A. Whittaker

Download or read book How to Break Software Security written by James A. Whittaker and published by Addison-Wesley. This book was released on 2004 with total page 185 pages. Available in PDF, EPUB and Kindle. Book excerpt: Learn how to destroy security bugs in your software from a tester's point-of-view. It focuses your security test on the common vulnerabilities--ther user interface, software dependencies, design, process and memory. (Midwest)

Designing Secure Software

Author : Loren Kohnfelder
Publisher : No Starch Press
ISBN 13 : 1718501935
Total Pages : 330 pages
Book Rating : 4.7/5 (185 download)

DOWNLOAD NOW!

Book Synopsis Designing Secure Software by : Loren Kohnfelder

Download or read book Designing Secure Software written by Loren Kohnfelder and published by No Starch Press. This book was released on 2021-12-21 with total page 330 pages. Available in PDF, EPUB and Kindle. Book excerpt: What every software professional should know about security. Designing Secure Software consolidates Loren Kohnfelder’s more than twenty years of experience into a concise, elegant guide to improving the security of technology products. Written for a wide range of software professionals, it emphasizes building security into software design early and involving the entire team in the process. The book begins with a discussion of core concepts like trust, threats, mitigation, secure design patterns, and cryptography. The second part, perhaps this book’s most unique and important contribution to the field, covers the process of designing and reviewing a software design with security considerations in mind. The final section details the most common coding flaws that create vulnerabilities, making copious use of code snippets written in C and Python to illustrate implementation vulnerabilities. You’ll learn how to: • Identify important assets, the attack surface, and the trust boundaries in a system • Evaluate the effectiveness of various threat mitigation candidates • Work with well-known secure coding patterns and libraries • Understand and prevent vulnerabilities like XSS and CSRF, memory flaws, and more • Use security testing to proactively identify vulnerabilities introduced into code • Review a software design for security flaws effectively and without judgment Kohnfelder’s career, spanning decades at Microsoft and Google, introduced numerous software security initiatives, including the co-creation of the STRIDE threat modeling framework used widely today. This book is a modern, pragmatic consolidation of his best practices, insights, and ideas about the future of software.

Network Security Assessment

Author : Chris McNab
Publisher : "O'Reilly Media, Inc."
ISBN 13 : 059600611X
Total Pages : 396 pages
Book Rating : 4.5/5 (96 download)

DOWNLOAD NOW!

Book Synopsis Network Security Assessment by : Chris McNab

Download or read book Network Security Assessment written by Chris McNab and published by "O'Reilly Media, Inc.". This book was released on 2004 with total page 396 pages. Available in PDF, EPUB and Kindle. Book excerpt: A practical handbook for network adminstrators who need to develop and implement security assessment programs, exploring a variety of offensive technologies, explaining how to design and deploy networks that are immune to offensive tools and scripts, and detailing an efficient testing model. Original. (Intermediate)

The Art of Unit Testing

Author : Roy Osherove
Publisher : Simon and Schuster
ISBN 13 : 1638353050
Total Pages : 459 pages
Book Rating : 4.6/5 (383 download)

DOWNLOAD NOW!

Book Synopsis The Art of Unit Testing by : Roy Osherove

Download or read book The Art of Unit Testing written by Roy Osherove and published by Simon and Schuster. This book was released on 2013-11-24 with total page 459 pages. Available in PDF, EPUB and Kindle. Book excerpt: Summary The Art of Unit Testing, Second Edition guides you step by step from writing your first simple tests to developing robust test sets that are maintainable, readable, and trustworthy. You'll master the foundational ideas and quickly move to high-value subjects like mocks, stubs, and isolation, including frameworks such as Moq, FakeItEasy, and Typemock Isolator. You'll explore test patterns and organization, working with legacy code, and even "untestable" code. Along the way, you'll learn about integration testing and techniques and tools for testing databases and other technologies. About this Book You know you should be unit testing, so why aren't you doing it? If you're new to unit testing, if you find unit testing tedious, or if you're just not getting enough payoff for the effort you put into it, keep reading. The Art of Unit Testing, Second Edition guides you step by step from writing your first simple unit tests to building complete test sets that are maintainable, readable, and trustworthy. You'll move quickly to more complicated subjects like mocks and stubs, while learning to use isolation (mocking) frameworks like Moq, FakeItEasy, and Typemock Isolator. You'll explore test patterns and organization, refactor code applications, and learn how to test "untestable" code. Along the way, you'll learn about integration testing and techniques for testing with databases. The examples in the book use C#, but will benefit anyone using a statically typed language such as Java or C++. Purchase of the print book includes a free eBook in PDF, Kindle, and ePub formats from Manning Publications. What's Inside Create readable, maintainable, trustworthy tests Fakes, stubs, mock objects, and isolation (mocking) frameworks Simple dependency injection techniques Refactoring legacy code About the Author Roy Osherove has been coding for over 15 years, and he consults and trains teams worldwide on the gentle art of unit testing and test-driven development. His blog is at ArtOfUnitTesting.com. Table of Contents PART 1 GETTING STARTED The basics of unit testing A first unit test PART 2 CORE TECHNIQUES Using stubs to break dependencies Interaction testing using mock objects Isolation (mocking) frameworks Digging deeper into isolation frameworks PART 3 THE TEST CODE Test hierarchies and organization The pillars of good unit tests PART 4 DESIGN AND PROCESS Integrating unit testing into the organization Working with legacy code Design and testability

Secure and Resilient Software

Author : Mark S. Merkow
Publisher : CRC Press
ISBN 13 : 1439866228
Total Pages : 278 pages
Book Rating : 4.4/5 (398 download)

DOWNLOAD NOW!

Book Synopsis Secure and Resilient Software by : Mark S. Merkow

Download or read book Secure and Resilient Software written by Mark S. Merkow and published by CRC Press. This book was released on 2011-11-18 with total page 278 pages. Available in PDF, EPUB and Kindle. Book excerpt: Secure and Resilient Software: Requirements, Test Cases, and Testing Methods provides a comprehensive set of requirements for secure and resilient software development and operation. It supplies documented test cases for those requirements as well as best practices for testing nonfunctional requirements for improved information assurance. This resource-rich book includes: Pre-developed nonfunctional requirements that can be reused for any software development project. Documented test cases that go along with the requirements and can be used to develop a Test Plan for the software, Testing methods that can be applied to the test cases provided. Offering ground-level, already-developed software nonfunctional requirements and corresponding test cases and methods, this book will help to ensure that your software meets its nonfunctional requirements for security and resilience.

Penetration Testing

Author : Georgia Weidman
Publisher : No Starch Press
ISBN 13 : 1593275641
Total Pages : 531 pages
Book Rating : 4.5/5 (932 download)

DOWNLOAD NOW!

Book Synopsis Penetration Testing by : Georgia Weidman

Download or read book Penetration Testing written by Georgia Weidman and published by No Starch Press. This book was released on 2014-06-14 with total page 531 pages. Available in PDF, EPUB and Kindle. Book excerpt: Penetration testers simulate cyber attacks to find security weaknesses in networks, operating systems, and applications. Information security experts worldwide use penetration techniques to evaluate enterprise defenses. In Penetration Testing, security expert, researcher, and trainer Georgia Weidman introduces you to the core skills and techniques that every pentester needs. Using a virtual machine–based lab that includes Kali Linux and vulnerable operating systems, you’ll run through a series of practical lessons with tools like Wireshark, Nmap, and Burp Suite. As you follow along with the labs and launch attacks, you’ll experience the key stages of an actual assessment—including information gathering, finding exploitable vulnerabilities, gaining access to systems, post exploitation, and more. Learn how to: –Crack passwords and wireless network keys with brute-forcing and wordlists –Test web applications for vulnerabilities –Use the Metasploit Framework to launch exploits and write your own Metasploit modules –Automate social-engineering attacks –Bypass antivirus software –Turn access to one machine into total control of the enterprise in the post exploitation phase You’ll even explore writing your own exploits. Then it’s on to mobile hacking—Weidman’s particular area of research—with her tool, the Smartphone Pentest Framework. With its collection of hands-on lessons that cover key tools and strategies, Penetration Testing is the introduction that every aspiring hacker needs.

Software Security Engineering

Author : Nancy R. Mead
Publisher : Addison-Wesley Professional
ISBN 13 : 0132702452
Total Pages : 368 pages
Book Rating : 4.1/5 (327 download)

DOWNLOAD NOW!

Book Synopsis Software Security Engineering by : Nancy R. Mead

Download or read book Software Security Engineering written by Nancy R. Mead and published by Addison-Wesley Professional. This book was released on 2004-04-21 with total page 368 pages. Available in PDF, EPUB and Kindle. Book excerpt: Software Security Engineering draws extensively on the systematic approach developed for the Build Security In (BSI) Web site. Sponsored by the Department of Homeland Security Software Assurance Program, the BSI site offers a host of tools, guidelines, rules, principles, and other resources to help project managers address security issues in every phase of the software development life cycle (SDLC). The book’s expert authors, themselves frequent contributors to the BSI site, represent two well-known resources in the security world: the CERT Program at the Software Engineering Institute (SEI) and Cigital, Inc., a consulting firm specializing in software security. This book will help you understand why Software security is about more than just eliminating vulnerabilities and conducting penetration tests Network security mechanisms and IT infrastructure security services do not sufficiently protect application software from security risks Software security initiatives should follow a risk-management approach to identify priorities and to define what is “good enough”–understanding that software security risks will change throughout the SDLC Project managers and software engineers need to learn to think like an attacker in order to address the range of functions that software should not do, and how software can better resist, tolerate, and recover when under attack

Proceedings of Defining the State of the Art in Software Security Tools Workshop

Author : Paul E. Black
Publisher : Createspace Independent Publishing Platform
ISBN 13 : 9781494952136
Total Pages : 114 pages
Book Rating : 4.9/5 (521 download)

DOWNLOAD NOW!

Book Synopsis Proceedings of Defining the State of the Art in Software Security Tools Workshop by : Paul E. Black

Download or read book Proceedings of Defining the State of the Art in Software Security Tools Workshop written by Paul E. Black and published by Createspace Independent Publishing Platform. This book was released on 2005-09-30 with total page 114 pages. Available in PDF, EPUB and Kindle. Book excerpt: This is the proceeding of the workshop on Defining the State of the Art in Software Security Tools held on August 10 and 11, 2005. It was hosted by the Software Diagnostics and Conformance Testing Division, Information Technology Laboratory, at the National Institute of Standards and Technology (NIST) in Gaithersburg, MD, USA.

Fuzzing for Software Security Testing and Quality Assurance

Author : Ari Takanen
Publisher : Artech House
ISBN 13 : 1596932155
Total Pages : 312 pages
Book Rating : 4.5/5 (969 download)

DOWNLOAD NOW!

Book Synopsis Fuzzing for Software Security Testing and Quality Assurance by : Ari Takanen

Download or read book Fuzzing for Software Security Testing and Quality Assurance written by Ari Takanen and published by Artech House. This book was released on 2008 with total page 312 pages. Available in PDF, EPUB and Kindle. Book excerpt: Introduction -- Software vulnerability analysis -- Quality assurance and testing -- Fuzzing metrics -- Building and classifying fuzzers -- Target monitoring -- Advanced fuzzing -- Fuzzer comparison -- Fuzzing case studies.

19 Deadly Sins of Software Security

Author : Michael Howard
Publisher : McGraw-Hill Osborne Media
ISBN 13 :
Total Pages : 308 pages
Book Rating : 4.3/5 (91 download)

DOWNLOAD NOW!

Book Synopsis 19 Deadly Sins of Software Security by : Michael Howard

Download or read book 19 Deadly Sins of Software Security written by Michael Howard and published by McGraw-Hill Osborne Media. This book was released on 2005-07-26 with total page 308 pages. Available in PDF, EPUB and Kindle. Book excerpt: This essential book for all software developers--regardless of platform, language, or type of application--outlines the “19 deadly sins” of software security and shows how to fix each one. Best-selling authors Michael Howard and David LeBlanc, who teach Microsoft employees how to secure code, have partnered with John Viega, the man who uncovered the 19 deadly programming sins to write this much-needed book. Coverage includes: Windows, UNIX, Linux, and Mac OS X C, C++, C#, Java, PHP, Perl, and Visual Basic Web, small client, and smart-client applications

Software Security

Author : Gary McGraw
Publisher : Addison-Wesley Professional
ISBN 13 : 0321356705
Total Pages : 450 pages
Book Rating : 4.3/5 (213 download)

DOWNLOAD NOW!

Book Synopsis Software Security by : Gary McGraw

Download or read book Software Security written by Gary McGraw and published by Addison-Wesley Professional. This book was released on 2006 with total page 450 pages. Available in PDF, EPUB and Kindle. Book excerpt: A computer security expert shows readers how to build more secure software by building security in and putting it into practice. The CD-ROM contains a tutorial and demo of the Fortify Source Code Analysis Suite.

The Art of Network Penetration Testing

Author : Royce Davis
Publisher : Manning Publications
ISBN 13 : 1617296821
Total Pages : 302 pages
Book Rating : 4.6/5 (172 download)

DOWNLOAD NOW!

Book Synopsis The Art of Network Penetration Testing by : Royce Davis

Download or read book The Art of Network Penetration Testing written by Royce Davis and published by Manning Publications. This book was released on 2020-12-29 with total page 302 pages. Available in PDF, EPUB and Kindle. Book excerpt: The Art of Network Penetration Testing is a guide to simulating an internal security breach. You’ll take on the role of the attacker and work through every stage of a professional pentest, from information gathering to seizing control of a system and owning the network. Summary Penetration testing is about more than just getting through a perimeter firewall. The biggest security threats are inside the network, where attackers can rampage through sensitive data by exploiting weak access controls and poorly patched software. Designed for up-and-coming security professionals, The Art of Network Penetration Testing teaches you how to take over an enterprise network from the inside. It lays out every stage of an internal security assessment step-by-step, showing you how to identify weaknesses before a malicious invader can do real damage. Purchase of the print book includes a free eBook in PDF, Kindle, and ePub formats from Manning Publications. About the technology Penetration testers uncover security gaps by attacking networks exactly like malicious intruders do. To become a world-class pentester, you need to master offensive security concepts, leverage a proven methodology, and practice, practice, practice. Th is book delivers insights from security expert Royce Davis, along with a virtual testing environment you can use to hone your skills. About the book The Art of Network Penetration Testing is a guide to simulating an internal security breach. You’ll take on the role of the attacker and work through every stage of a professional pentest, from information gathering to seizing control of a system and owning the network. As you brute force passwords, exploit unpatched services, and elevate network level privileges, you’ll learn where the weaknesses are—and how to take advantage of them. What's inside Set up a virtual pentest lab Exploit Windows and Linux network vulnerabilities Establish persistent re-entry to compromised targets Detail your findings in an engagement report About the reader For tech professionals. No security experience required. About the author Royce Davis has orchestrated hundreds of penetration tests, helping to secure many of the largest companies in the world. Table of Contents 1 Network Penetration Testing PHASE 1 - INFORMATION GATHERING 2 Discovering network hosts 3 Discovering network services 4 Discovering network vulnerabilities PHASE 2 - FOCUSED PENETRATION 5 Attacking vulnerable web services 6 Attacking vulnerable database services 7 Attacking unpatched services PHASE 3 - POST-EXPLOITATION AND PRIVILEGE ESCALATION 8 Windows post-exploitation 9 Linux or UNIX post-exploitation 10 Controlling the entire network PHASE 4 - DOCUMENTATION 11 Post-engagement cleanup 12 Writing a solid pentest deliverable