عنوان
پدید آورنده
موضوع
رده
TK5105.59
TK5105
.
59
کتابخانه
محل استقرار
INTERNATIONAL STANDARD BOOK NUMBER
(Number (ISBN
1783284781 (electronic bk.)
(Number (ISBN
9781783284788 (electronic bk.)
Erroneous ISBN
1783284773
Erroneous ISBN
9781783284771
NATIONAL BIBLIOGRAPHY NUMBER
Number
b432262
TITLE AND STATEMENT OF RESPONSIBILITY
Title Proper
Building virtual pentesting labs for advanced penetration testing :
General Material Designation
[Book]
Other Title Information
build intricate virtual architecture to practice any penetration testing technique virtually /
First Statement of Responsibility
Kevin Cardwell.
PHYSICAL DESCRIPTION
Specific Material Designation and Extent of Item
1 online resource (430 pages).
SERIES
Series Title
Community experience distilled
GENERAL NOTES
Text of Note
Description based upon print version of record
Text of Note
Missing function-level access control
CONTENTS NOTE
Text of Note
Cover; Copyright; Credits; About the Author; About the Reviewers; www.PacktPub.com; Table of Contents; Preface; Chapter 1: Introducing Penetration Testing; Security testing; Authentication; Authorization; Confidentiality; Integrity; Availability; Non-repudiation; Abstract testing methodology; Planning; Nonintrusive target search; Intrusive target search; Data analysis; Reporting; Myths and misconceptions of pen testing; Summary; Chapter 2: Choosing the Virtual Environment; Open source and free environments; VMware Player; VirtualBox; Xen; Hyper-V; vSphere Hypervisor; Commercial environments
Text of Note
Comparing tests and examinationsTesting viewpoints; Overt and covert; Offensive Security; Other methodologies; Customization; Summary; Chapter 6: Creating an External Attack Architecture; Establishing layered architectures; Configuring firewall architectures; iptables; Deploying IDS/IPS and load balancers; Intrusion Detection System (IDS); Intrusion Prevention System (IPS); Load balancers; Integrating web application firewalls; Summary; Chapter 7: Assessment of Devices; Assessing routers; Evaluating switches; MAC attacks; VLAN hopping attacks; GARP attacks; Attacking the firewall
Text of Note
Identifying the firewall rulesTricks to penetrate filters; Summary; Chapter 8: Architecting an IDS/IPS Range; Deploying a network-based IDS; Implementing the host-based IDS and endpoint security; Working with virtual switches; Evasion; Determining thresholds; Stress testing; Shell code obfuscation; Summary; Chapter 9: Assessment of Web Servers and Web Applications; Analyzing the OWASP Top Ten attacks; Injection flaws; Broken authentication and session management; Cross-Site Scripting; Insecure direct object references; Security misconfiguration; Sensitive data exposure
Text of Note
The attacker machineRouter; Firewall; Web server; Summary; Chapter 5: Identifying a Methodology; The OSSTMM; The Posture Review; Logistics; Active detection verification; Visibility Audit; Access verification; Trust verification; Control verification; Process verification; Configuration verification; Property validation; Segregation review; Exposure verification; Competitive intelligence scouting; Quarantine verification; Privileges audit; Survivability validation; Alert and log review; CHECK; NIST SP-800-115; The information security assessment methodology; Technical assessment techniques
Text of Note
VSphereVMware Player Plus; XenServer; VMware Workstation; Image conversion; Converting from a physical to virtual environment; Summary; Chapter 3: Planning a Range; Planning; What are we trying to accomplish?; By when do we have to accomplish it?; Identifying vulnerabilities; Vulnerability sites; Vendor sites; Summary; Chapter 4: Identifying Range Architecture; Building the machines; Building new machines; Conversion; Cloning a virtual machine; Selecting network connections; The bridged setting; Network Address Translation; The host-only switch; The custom settings; Choosing range components
0
8
8
8
8
SUMMARY OR ABSTRACT
Text of Note
Written in an easy-to-follow approach using hands-on examples, this book helps you create virtual environments for advanced penetration testing, enabling you to build a multi-layered architecture to include firewalls, IDS/IPS, web application firewalls, and endpoint protection, which is essential in the penetration testing world. If you are a penetration tester, security consultant, security test engineer, or analyst who wants to practice and perfect penetration testing skills by building virtual pen testing labs in varying industry scenarios, this is the book for you. This book is ideal if yo
ACQUISITION INFORMATION NOTE
Source for Acquisition/Subscription Address
Safari Books Online
Stock Number
CL0500000457
OTHER EDITION IN ANOTHER MEDIUM
Title
Building Virtual Pentesting Labs for Advanced Penetration Testing
International Standard Book Number
9781783284771
TOPICAL NAME USED AS SUBJECT
Computer networks-- Security measures.
Computer security-- Testing.
Computers-- Access control.
Computer networks-- Monitoring.
Computer networks-- Security measures.
Computer security.
Computers-- Access control.
(SUBJECT CATEGORY (Provisional
COM-- 053000
DEWEY DECIMAL CLASSIFICATION
Number
005
.
8
LIBRARY OF CONGRESS CLASSIFICATION
Class number
TK5105
.
59
PERSONAL NAME - PRIMARY RESPONSIBILITY
Cardwell, Kevin.
ORIGINATING SOURCE
Date of Transaction
20140903101357.0
Cataloguing Rules (Descriptive Conventions))
rda
ELECTRONIC LOCATION AND ACCESS
Electronic name
مطالعه متن کتاب [Book]
Y
