0

I'm currently studying BTEC Diploma in IT LVL3, and so far have basic command of C#, C++, and am going to learn Java basics soon, as we start a new class unit. I also plan on going to the university. I think this is the moment where I should jump into cyber security, as I'm still very young and very interested in penetration testing. I'm experienced with Windows and have good knowledge of Linux, if that helps. I have installed BackTrack, and often download and test various distributions, such as Ubuntu, Debian, Mint and so on. I'm interested in penetration testing of personal computers, as well as websites.

The basic question is where do I start? Which latests books should I buy, to gain basic knowledge and get comfortable with penetration testing? I looked around, and choose two books I could start learning from:

  • Metasploit: The Penetration Tester's Guide
  • Social Engineering: The Art of Human Hacking

I think that when it comes to pen-testing personal computers, the best choice is to use Metasploit. I have used Armitage a few times, but prefer Metasploit. I also know that working with NMAP is basic knowledge when it comes to penetrating computers (port scanning and such), so which books would you recommend for NMAP and website penetration testing?

Is any book listed in here worth getting?

TildalWave
  • 10,801
  • 11
  • 45
  • 84
pipitol
  • 11
  • 2
  • I'd suggest some MS Excel and Word. Metasploit can help also. – ack__ Mar 06 '14 at 19:56
  • Generally by the time an exploit is added to Metsploit's database it has been patched pretty thoroughly. That being said, Metasploit is still a fairly useful tool just for its handler and its sideline features (ie, you can use it to inject script into the macros of word docs). – KnightOfNi Mar 06 '14 at 20:41
  • @ack__, what do you mean by Word and Excel? I mean, those are useful tools, but they don't play a huge role in security (macro injection is about as far as it gets). – KnightOfNi Mar 06 '14 at 20:43
  • 1
    penetrate... tehehe – TruthOf42 Mar 06 '14 at 20:56
  • The main demand at the moment is web application testing, which is a somewhat different set of skills and tools. A very good book is the Web Application Hackers Handbook. – paj28 Mar 06 '14 at 23:38
  • @paj28 does web application testing is the same as pen testing website ? I always get confused when people talking about those two terms. Which is the latest Web Application Hacker Handbook at the moment ? – pipitol Mar 06 '14 at 23:52
  • @pipitol - web app testing is one type of pen testing. What you're talking about with nmap and metasploit is infrastructure testing, which is another type of pen testing. There are many others (WiFi testing, war dialling, etc.) However, web app testing has the greatest demand. It is also where a skilled tester adds the most value. – paj28 Mar 07 '14 at 09:56
  • @paj28 ok final question does most pen testers use metasploit and nmap for infrastructure testing ? I heard from someone that Metasploit is for script kiddies. So web app testing focusing on the website testing not on the applications itself ? – pipitol Mar 08 '14 at 00:43

0 Answers0