Customer Review

38 of 41 people found the following review helpful
3.0 out of 5 stars Should be called "Professional Pen Testing Project Management", January 27, 2010
This review is from: Professional Penetration Testing: Volume 1: Creating and Learning in a Hacking Lab (Paperback)
I had fairly high hopes for Professional Penetration Testing (PPT). The book looks very well organized, and it is published in the new Syngress style that is a big improvement over previous years. Unfortunately, PPT should be called "Professional Pen Testing Project Management." The vast majority of this book is about non-technical aspects of pen testing, with the remainder being the briefest overview of a few tools and techniques. You might find this book useful if you either 1) know nothing about the field or 2) are a pen testing project manager who wants to better understand how to manage projects. Those looking for technical content would clearly enjoy a book like Professional Pen Testing for Web Applications by Andres Andreu, even though that book is 3 years older and focused on Web apps.

PPT offers 18 chapters, with 12 chapters on project management and non-technical issues, and 6 ostensibly covering technical issues. The technical material is limited to the basics of conducting reconnaissance, running Nmap, Nessus, CORE IMPACT, Ettercap, Aircrack-ng, Netcat for "maintaining access," SSH for an "encrypted tunnel," and trivial file and script changes to "cover tracks." Seriously. I'm sure some review readers are saying "sometimes it's just that easy." That's true, but we don't need a 528 page book with an outrageous price tag to read about these well-known methods. If your experience with pen testing is limited to this book, take a look at Andres Andreu's title to see the sort of material you should expect in a book on pen testing.

I didn't find the project management parts all that helpful, either. Some of it just repeats material published in various guides like the Open Source Security Testing Methodology Manual. Other sections repeat certification descriptions found on vendor Web sites. It is clear the author really cares about project management, so maybe he should have just written a book on project management for security managers?

I gave the book three stars because I didn't find the book to be technically or managerially incorrect. (If that had been the case, I would have rated it two stars.) If you want much better coverage on technical matters not found in Andreu's book, try the core Hacking Exposed titles. They address the same topics that PPT barely introduces.
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No

[Add comment]
Post a comment
To insert a product link use the format: [[ASIN:ASIN product-title]] (What's this?)
Amazon will display this name with all your submissions, including reviews and discussion posts. (Learn more)
Name:
Badge:
This badge will be assigned to you and will appear along with your name.
There was an error. Please try again.
Please see the full guidelines here.

Official Comment

As a representative of this product you can post one Official Comment on this review. It will appear immediately below the review wherever it is displayed.   Learn more
The following name and badge will be shown with this comment:
 (edit name)
After clicking the Post button you will be asked to create your public name, which will be shown with all your contributions.

Is this your product?

If you are the author, artist, manufacturer or an official representative of this product, you can post an Official Comment on this review. It will appear immediately below the review wherever it is displayed.  Learn more
Otherwise, you can still post a regular comment on this review.

Is this your product?

If you are the author, artist, manufacturer or an official representative of this product, you can post an Official Comment on this review. It will appear immediately below the review wherever it is displayed.   Learn more
 
System timed out

We were unable to verify whether you represent the product. Please try again later, or retry now. Otherwise you can post a regular comment.

Since you previously posted an Official Comment, this comment will appear in the comment section below. You also have the option to edit your Official Comment.   Learn more
The maximum number of Official Comments have been posted. This comment will appear in the comment section below.   Learn more
Prompts for sign-in
 

Comments

Tracked by 2 customers

Sort: Oldest first | Newest first
Showing 1-2 of 2 posts in this discussion
Initial post: Jan 27, 2010 11:31:46 PM PST
I'm sorry to hear that your expectations for the book were not met, but honestly it was never targeted at someone with your skill level and understanding of penetration testing. Perhaps if I explained why I wrote the book, it would provide some rationale for its existence.

As a university professor teaching Information System Security at the undergraduate and graduate level to students migrating into the security field, I have had numerous students interested and confused as to how to actually conduct a penetration test. These people came from multiple disciplines and backgrounds and needed a way to understand the process. This book is not intended for an audience with a strong technical background in hacking - it is intended for engineers interested in understanding the business side of penetration testing; it is intended for managers trying to understand what they might experience when confronted with an audit, and eventual pentest; it is intended for those who want to become professional penetration testers, but are either just starting out in the field, or committing to a career change from a different part of the IT world.

I believe this book fills a void in the current literature - there are many outstanding books dedicated to tools and advanced hacks, but few that can introduce novices to the field in a way that is understandable, manageable, and yet challenging. The book has an additional feature that was not addressed in your review - the DVD, which contains three LiveCDs that provide an excellent learning experience for novices and experts alike. The book walks the reader part-way through an easier LiveCD setup, but the more advanced LiveCD is definitely a challenge for all.

Again, I am sorry to hear that the book was not to your liking; I still believe that the book offers the intended audience substantial value.

In reply to an earlier post on Nov 28, 2011 2:10:07 PM PST
[Deleted by the author on Nov 28, 2011 2:19:57 PM PST]
‹ Previous 1 Next ›

Review Details

Item

3.9 out of 5 stars (10 customer reviews)
5 star:
 (3)
4 star:
 (4)
3 star:
 (2)
2 star:
 (1)
1 star:    (0)
 
 
 
Used & New from: $8.56
Add to wishlist
Reviewer


Location: Metro Washington, DC

Top Reviewer Ranking: 13,710