About the Book:

The Ethical Hack: A Framework for Business Value Penetration Testing explains the methodologies, framework, and "unwritten conventions" that ethical hacks should employ to provide the maximum value to organizations that want to harden their security. This book is unique in that it goes beyond the technical aspects of penetration testing to address the processes and rules of engagement required for successful tests. It examines testing from a strategic perspective, shedding light on how testing ramifications affect an entire organization.

Critical Issues emphasized in The Ethical Hack and nowhere else:

·         A Focus on methodology over technology. Hacker tools and techniques are relatively well known, so this book instead explains how to apply the information derived from them toward the hardening of organizational security.

·         Interpretation of results. The author recommends expert integration of testing results into security practice, which is surprisingly uncommon.

·         Protecting the innocent. This book provides the framework for protecting security professionals and confidential information during testing.

·         Politics and processes. The text highlights the need for proper communications, expectations, and metrics before testing.

·         Testing procedures. The book is unique in connecting reconnaissance, data collection, vulnerability analysis, exploitation, analysis, and other testing components to overall business objectives.

Contents:

1.    Getting Started

2.    Setting the Stage

3.    The Framework

4.    Information Security Models

5.    Information Security Program

6.    The Business Perspective

7.    Planning for a Controlled Attack

8.    Preparing for a Hack

9.    Reconnaissance

10. Enumeration

11. Vulnerability Analysis

12. Exploitation

13. The Deliverable

14. Integrating the Results

About the Author: