1

I need a relevant text (scientific paper, book chapter etc.) that provides a full overview (big picture) about penetration testing. It should include as much complete, consistent and up-to-date as possible lists of:

  • types of tests, what can all be pen tested (networks, web apps, wireless...)
  • the most common attacks for every category above
  • the most popular tools for some type of testing.

I don't need another text about white, gray and black box testing. Because of them I can't find what I'm looking for.

On Infosec I have found this classification:

  • Network Services
  • Web Application
  • Client Side
  • Wireless
  • Social Engineering.

On some other sites, I have found different classification and every book I've found has it's own classification. I understand that maybe there is no single classification, but I need some good enough that the rest of that text (or book) is consistent with it's own classification. I have found many books that covers some random mix of attacks that falls in different categories and now I'm confused.

R2-D2
  • 38
  • 4

1 Answers1

1

I will link you some good resources at the end of this answer. But I think what you need to understand is that to fully learn something, I don't think you should be focused on trying to learn from one resource. There are tens of thousands of GOOD resources for learning in InfoSec (and in anything in-fact)

Your question seems to point to the fact you want ONE resource, I'm sorry but you won't get that. Learning is about taking stuff in, understanding it and then being able to execute it to learn from one resource is honestly... Impossible. I'd say impossible. Especially when there is so much to learn in this field.

https://www.amazon.co.uk/Penetration-Testing-Hands-Introduction-Hacking/dp/1593275641 - This book is fantastic for foundation knowledge, teaches you all kinds of attacks, how to setup a lab (for learning) and its a good foundation book which I believe a lot of people would recommend.

Heres a question here on InfoSec with resources for web vulnerabilities - Best resources to learn web security attacks?

You can also use this site - https://www.owasp.org/index.php/Main_Page

I would also look at reading this - https://www.amazon.co.uk/Hacking-Art-Exploitation-Jon-Erickson/dp/1593271441

Other than that just explore the Internet there are plenty of GREAT resources but the best advice - don't learn from one place.

EDIT This might be a good post to look at as well Penetration testing methodologies

  • Thank you for fast answer! I actually don't need one book where I can learn all of this. I just need some relevant classifications and explanation where are boundaries between them. For example I don't understand why is wireless pen testing separated out of network pen testing. When I start to learn some methodology, of course that I will find another book that talks only about that. But now, I need good coarse grained "map" of whole field, so if I read about something more detailed later, I would know where is that particular sector on whole map of penetration testing. – R2-D2 Apr 30 '18 at 17:45
  • @R2-D2 in that case I'd say that the final link in my edit will prove to be pretty helpful. –  Apr 30 '18 at 18:33
  • 1
    Yeah, the asnwer of question in final link mentioned PTES (http://www.pentest-standard.org) and there is what I am actually looking for. Just a big picture of whole process and mention of the most common tools. And for details how to do something, the books you mentioned seems awesome. Thank you! – R2-D2 May 07 '18 at 14:15