43

What are the books you advise describing methods or steps required to make a successful penetration test?

I have a base knowledge of common security checks, but it would be great if someone more experienced describes the full test.

Andrei Botalov
  • 5,267
  • 10
  • 45
  • 73
Tornike
  • 593
  • 1
  • 6
  • 8
  • 2
    It's not a book, but you may want to check out Offensive Security's online classes: http://www.offensive-security.com/online-information-security-training/penetration-testing-backtrack/ – Tate Hansen Feb 06 '11 at 05:43
  • 1
    Class is great, but costs too much for me. – Tornike Feb 06 '11 at 07:54
  • 1
    I *loved* that class. Compared to other security classes it's damn near free, and I certainly had a *great* time absorbing all that material. – Scott Pack Feb 06 '11 at 14:35
  • @Tate: Actually, it is a book. There's a new book an Pen-testing with BackTrack, but I think it is unrelated to the class and OffSec – atdre May 19 '11 at 06:18
  • "BackTrack 4: Assuring Security by Penetration Testing" – atdre May 19 '11 at 06:28

9 Answers9

16

I am partial to the appsec side of penetration-testing.

  • Hunting Security Bugs
  • The Art of Software Security Assessment
  • Secure Programming with Static Analysis
  • Open-Source Fuzzing Tools
  • Fuzzing for Software Security Testing and Quality Assurance
  • Gray Hat Hacking, 3rd Edition
  • Advanced Windows Debugging
  • How to Break Software
  • Seven Deadliest Web Application Attacks
  • SQL Injection Attacks and Defense
  • Identifying Malicious Code through Reverse Engineering
  • The Shellcoder's Handbook (both 1st and 2nd Edition since they vary so greatly in content)
  • A Guide to Kernel Exploitation: Attacking the Core
  • Managed Code Rootkits
  • Mobile Application Security
  • Why Programs Fail, 2nd Edition
  • The Mac Hacker's Handbook
  • Gray Hat Python
  • The Software Vulnerability Guide
  • Hacking Exposed Linux, 3rd Edition
  • Code Reading: An Open-Souce Perspective

Most of the other answers seemed to be focused on web pen-testing or network pen-testing.

If you really want to learn network pen-testing, I'm surprised there has been no mention of:

  • Silence on the Wire
  • Network Security Assessment, 2nd Edition
  • Aggressive Network Self-Defense
  • Hacking Exposed Cisco Networks: Cisco Security Secrets & Solutions
  • Securing the Smart Grid: Next Generation Power Grid Security (useful for more than just Smart Grid stuff -- invaluable, and up-to-date resource for network, web, and app pen-testing)
  • Unauthorized Access: Physical Penetration-Testing for IT Security Teams
  • The Hacker's Handbook: The Strategy Behind Breaking Into and Defending Networks

If you want to learn the business process side of pen-testing, you'll have to check out Valsmith and H.D. Moore's work on Tactical Exploitation. I also recommend the Trace Security "Social Engineering: The Art of Human Hacking" book and the older "No Tech Hacking: A Guide to Social Engineering, Dumpster Diving, and Shoulder Surfing" from people who seem to have done PTES style pen-tests hundreds of times and let go with some practical knowledge of how to deal with situations instead of just technology.

You also may want to check out some fiction (e.g. Zero Day, Stealing the Network: The Complete Series Collector's Edition, Final Chapters) and some non-fiction (Zero Day Threat, Fatal System Error, No Place to Hide, etc). Yes, I've read all of this stuff except Zero Day: A Novel, which I just started. Haven't heard much about "The Lure" or Kingpin yet, but I plan on checking those out as well.

atdre
  • 18,885
  • 6
  • 58
  • 107
  • 1
    Oh, and just so that everyone knows -- the 2 books that got me into this stuff originally were 1) The Hacker Crackdown and 2) Practical Unix Security – atdre May 19 '11 at 07:23
  • Really good list of books! Why no book on reversing engineering ? Ida guide and so on ? No windows internal ? BTW I know some author of this book and I think they are the most talented security people around since the 1990 ;) This one was the right answer of the question. – boos Jul 23 '11 at 16:15
14

I really enjoyed

I have also heard heard great things about, but haven't read yet,

dmitris
  • 215
  • 1
  • 6
Scott Pack
  • 15,167
  • 5
  • 61
  • 91
  • 4
    Hacking: The Art of Exploitation and Nmap Network Scanning: Yap, they might be a great books but they are mostly focused at some parts of attack. I would recommend following book: http://oreilly.com/catalog/9780596006112 but searching for another great books. Thanks anyway. Web app handbook looks really great. – Tornike Feb 05 '11 at 18:30
  • 2
    I can vouch for The Web Application Hacker's Handbook. It's a really good book. – Chris Dale Feb 06 '11 at 10:37
  • Again, not a very impressive list. I never liked Erickson's book. The others are overall very cliche and don't answer the original question well. – atdre May 19 '11 at 07:11
  • @tokozedg Chris McNab's book is quite excellent. Good choice! – atdre May 19 '11 at 07:19
  • 2
    The Web Application Hacker's Handbook is a wonderful, very detailed and thorough introduction to as well as reference for hacking web application and web application's security. Make sure to get the recently published second edition. There is also companion labs http://mdsec.net/labs/ (for an extra per-hour fee). – dmitris Dec 20 '11 at 14:45
5

You could do much worse than Hacking Exposed. It's a really good introduction to this side of things, along with the associated series like Hacking Linux Exposed and similar books on Windows, Wireless Security etc.

Update: Should have mentioned the OSSTMM as well - as far as general security testing methodology goes, it's not bad.

Andrei Botalov
  • 5,267
  • 10
  • 45
  • 73
Rory Alsop
  • 61,367
  • 12
  • 115
  • 320
  • 2
    -1 for mentioning Hacking Exposed, but +1 for OSSTMM. It evens out and you get no up or down vote from me. Of course you could do worse, there's always this guy: http://attrition.org/errata/charlatan/gregory_evans/ – atdre May 19 '11 at 07:13
3

To an extent it varies depending on the types of testing that you're looking at. Here's some one's I've liked.

Infrastructure/General

  • Hacking Exposed 6 - canonical series on infrastructure hacking, and has some good information.
  • NMAP Network Scanning - If you use nmap (and if you're testing you will) this book is an excellent way to really get to understand nmap.

Wireless

  • Wi-Foo - getting a bit old now but a good book
  • Hacking Exposed - Wireless 2nd Edition - This ones more recent and also widens out the coverage beyond just 802.11 to bluetooth, zigbee and DECT

Web App

  • Web App Hackers Handbook -Definitive app testing book in my opinion and I believe that there's a second edition on the way
  • SQL Injection Attacks and Defense - Good in-depth coverage of SQL Injection
  • Professional Pen Testing For Web Applications - This one's getting a little old as well now, but had some good coverage of the process side of things as well as the purely technical aspects.

Other - slightly more specialist topics

  • The hackers handbook series is generally good (mac, database, oracle) the people writing them tend to be very good technically so they've got some good in-depth information)
  • Exploiting Software - Good look into the non-web applications hacking side of things.
  • Secure programming with static analysis - If you're interested in using static/code analysis as part of testing, this one's a good way to get an understanding of the topic.
claws
  • 2,145
  • 5
  • 19
  • 22
Rory McCune
  • 60,923
  • 14
  • 136
  • 217
  • Wow, besides the 2 that I listed -- this is overall a very bad list of books. I'd probably recommend "Hacking For Dummies" over this list and I'm not even joking! – atdre May 19 '11 at 07:10
  • Seriously, you'd take hacking for dummies over the Web app hackers handbook?!? ahh well each to their own I guess – Rory McCune May 19 '11 at 12:40
3

My Pick:

  • Penetration Tester’s Open Source Toolkit, Vol. 2
  • Dissecting the Hack: The F0rb1dd3n Network, Revised Edition
  • Ninja Hacking: Unconventional Penetration Testing Tactics and Techniques
  • Hacking: The Next Generation (Animal Guide)
  • Gray Hat Hacking, Second Edition: The Ethical Hacker’s Handbook
  • Google Hacking for Penetration Testers
  • Professional Pen Testing for Web Applications (Programmer to Programmer)
  • WarDriving and Wireless Penetration Testing
  • The Hacker’s Handbook: The Strategy Behind Breaking into and Defending Networks

Get the list of other relevant pentesting books here: http://www.ivizsecurity.com/blog/security-books/

Stephen Paulger
  • 191
  • 7
RudraK
  • 87
  • 3
3

I am missing the following excellent book from the list. Highly recommended

The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy

Hans
  • 31
  • 1
2

I personally recently bought Gray Hat Hacking, 3rd Edition. It's a pretty good book, but you must have a basis in the industry, which you have. I would also recommend a book on Metasploit, which is used in the Gray Hat book a bit.

cutrightjm
  • 1,714
  • 4
  • 18
  • 31
1

I will recommend a book for Wireless Pentesting is (Wireless Pentesting with Backtrack 5) This book is very good to learn Wireless Penetration testing and book is full with practicals.

BackTrack 5 Wireless Penetration Testing Beginner's Guide

And the book author also created a free video series on this book have a look:

Wireless Exploitation Video Series

Ashish
  • 53
  • 4
0

Metasploit penetration testing cookbook is a good book to start learning penetration testing using Metasploit.

abhinav singh
  • 283
  • 1
  • 4