The Pentester BluePrint
eBook - ePub

The Pentester BluePrint

Starting a Career as an Ethical Hacker

Phillip L. Wylie, Kim Crawley

  1. English
  2. ePUB (handyfreundlich)
  3. Über iOS und Android verfügbar
eBook - ePub

The Pentester BluePrint

Starting a Career as an Ethical Hacker

Phillip L. Wylie, Kim Crawley

Angaben zum Buch
Buchvorschau
Inhaltsverzeichnis
Quellenangaben

Über dieses Buch

JUMPSTART YOUR NEW AND EXCITING CAREER AS A PENETRATION TESTER

The Pentester BluePrint: Your Guide to Being a Pentester offers readers a chance to delve deeply into the world of the ethical, or "white-hat" hacker. Accomplished pentester and author Phillip L. Wylie and cybersecurity researcher Kim Crawley walk you through the basic and advanced topics necessary to understand how to make a career out of finding vulnerabilities in systems, networks, and applications.

You'll learn about the role of a penetration tester, what a pentest involves, and the prerequisite knowledge you'll need to start the educational journey of becoming a pentester. Discover how to develop a plan by assessing your current skillset and finding a starting place to begin growing your knowledge and skills. Finally, find out how to become employed as a pentester by using social media, networking strategies, and community involvement.

Perfect for IT workers and entry-level information security professionals, The Pentester BluePrint also belongs on the bookshelves of anyone seeking to transition to the exciting and in-demand field of penetration testing.

Written in a highly approachable and accessible style, The Pentester BluePrint avoids unnecessarily technical lingo in favor of concrete advice and practical strategies to help you get your start in pentesting. This book will teach you:

  • The foundations of pentesting, including basic IT skills like operating systems, networking, and security systems
  • The development of hacking skills and a hacker mindset
  • Where to find educational options, including college and university classes, security training providers, volunteer work, and self-study
  • Which certifications and degrees are most useful for gaining employment as a pentester
  • How to get experience in the pentesting field, including labs, CTFs, and bug bounties

Häufig gestellte Fragen

Wie kann ich mein Abo kündigen?
Gehe einfach zum Kontobereich in den Einstellungen und klicke auf „Abo kündigen“ – ganz einfach. Nachdem du gekündigt hast, bleibt deine Mitgliedschaft für den verbleibenden Abozeitraum, den du bereits bezahlt hast, aktiv. Mehr Informationen hier.
(Wie) Kann ich Bücher herunterladen?
Derzeit stehen all unsere auf Mobilgeräte reagierenden ePub-Bücher zum Download über die App zur Verfügung. Die meisten unserer PDFs stehen ebenfalls zum Download bereit; wir arbeiten daran, auch die übrigen PDFs zum Download anzubieten, bei denen dies aktuell noch nicht möglich ist. Weitere Informationen hier.
Welcher Unterschied besteht bei den Preisen zwischen den Aboplänen?
Mit beiden Aboplänen erhältst du vollen Zugang zur Bibliothek und allen Funktionen von Perlego. Die einzigen Unterschiede bestehen im Preis und dem Abozeitraum: Mit dem Jahresabo sparst du auf 12 Monate gerechnet im Vergleich zum Monatsabo rund 30 %.
Was ist Perlego?
Wir sind ein Online-Abodienst für Lehrbücher, bei dem du für weniger als den Preis eines einzelnen Buches pro Monat Zugang zu einer ganzen Online-Bibliothek erhältst. Mit über 1 Million Büchern zu über 1.000 verschiedenen Themen haben wir bestimmt alles, was du brauchst! Weitere Informationen hier.
Unterstützt Perlego Text-zu-Sprache?
Achte auf das Symbol zum Vorlesen in deinem nächsten Buch, um zu sehen, ob du es dir auch anhören kannst. Bei diesem Tool wird dir Text laut vorgelesen, wobei der Text beim Vorlesen auch grafisch hervorgehoben wird. Du kannst das Vorlesen jederzeit anhalten, beschleunigen und verlangsamen. Weitere Informationen hier.
Ist The Pentester BluePrint als Online-PDF/ePub verfügbar?
Ja, du hast Zugang zu The Pentester BluePrint von Phillip L. Wylie, Kim Crawley im PDF- und/oder ePub-Format sowie zu anderen beliebten Büchern aus Ciencia de la computación & Ciberseguridad. Aus unserem Katalog stehen dir über 1 Million Bücher zur Verfügung.

Information

Verlag
Wiley
Jahr
2020
ISBN
9781119684374
Auflage
1
Thema
Ciencia de la computación
Thema
Ciberseguridad

1
What Is a Pentester?

What is a pentester? Although the term may have you thinking of someone who works in quality assurance for an ink pen manufacturing plant, it's actually short for “penetration tester.” Pentesters are commonly known as ethical hackers.
When you think of the term penetration tester, it makes more sense when you think about someone trying to penetrate the security of a computer, a network, the building in which a network is located, or a website. While the term ethical hacker is a little easier to understand, people are surprised to hear that such a job exists. Pentesters assess the security of computers, networks, and websites by looking for and exploiting vulnerabilities–commonly known as hacking.
To be clear, not all hackers are bad. Nevertheless, the terms hacker and hacking have been vilified for many years. Ethical hackers use their skills for good to help uncover vulnerabilities that could be exploited by malicious hackers.
The hackers you hear about in the news who are committing crimes should be labeled as cyber criminals. While they are using hacking to commit illegal activities, the intent and purpose of their efforts should be distinguished from pentesting, which is a way to see how cyberattackers can exploit a network for the benefit of security.
Before we get further into the topic, consider the wisdom of a particular philosopher:
With great power comes great responsibility.
François Voltaire
You will need permission to hack; otherwise, it would be considered illegal. This quote is a good way to ingrain that message. Prior to starting a pentest, written permission must be obtained.

Synonymous Terms and Types of Hackers

Various terms are synonymous with pentesters and malicious hackers, and we will discuss them to help you understand what each means. The following terms are often used interchangeably and are useful to know.
The most common types of hackers are known as white hat, gray hat, and black hat hackers. These terms were taken from old westerns, where hats were used as a descriptor to tell the good guys from the bad guys:
  • White hat hackers Ethical hackers (aka pentesters).
  • Gray hat hackers: Gray hats fall into a fuzzy area. Their intent is not always malicious, but it is not always ethical either.
  • Black hat hackers: Their intent and purpose are illegal. Cyber criminals fall into this category.
Other commonly used terms for pentesting and pentesters include ethical hackers, offensive security, and adversarial security.
Pentesters are sometimes referred to as the red team, and defensive security is referred to as the blue team. Although red team is used for offensive security in general, true red teams perform adversarial simulation to emulate malicious hackers and test the blue team. Sometimes companies will also have a purple team. Mix red and blue and you get purple! A purple team is simply a small group of people who help to facilitate communication between the red team and blue team. The red team finds vulnerabilities and exploits, and the blue team uses the red team's findings to security harden their networks.
There are also commonly used terms for malicious hackers. Out of respect for good hackers, it is advised that you use these terms rather than the generic term “hacker”:
  • Threat actor
  • Cyber criminals
  • Black hat hackers, or black hats for short
Another way that hacking is used is through hacktivism. Hacktivists are activists that use their hacking skills to support social change, human rights, freedom of speech, or environmental causes. These are still cyberattacks. Even though the hacktivists' motivation may be to help a good cause, these activities are still illegal.
Graphic depiction that Chapter 1 focuses on what a pentester is, why are pentests needed, and what are the legalities involved.

Pentests Described

Pentests assess security from an adversarial perspective. This type of security assessment is the only way to uncover exploitable vulnerabilities and understand their risks. Vulnerability scanning alone or running an application to find vulnerabilities in targeted computers and devices only detects limited vulnerabilities, and by successfully exploiting or hacking the discovered vulnerabilities, it is possible to find ones that would have otherwise gone undetected.
This approach to security testing allows pentesters to mimic a malicious hacker in order to traverse the complex layers of systems to detect vulnerabilities beneath the surface. A vulnerability scan alone misses exploitable security flaws that are only visible on the surface of the system. Getting past the initial system layer allows you to assess security to see how far an attacker could get into your system, or to see if the possibility exists to access and compromise other systems or networks.
Pentesters use similar, or sometimes the same, tactics, techniques, and procedures (TTPs) as are used by cyber criminals. The emulation of an adversary can vary with the type and scope of a test, which we will cover in greater depth in the sections that follow. Pentests are performed on a variety of computers and networking devices. As humans are often fooled in order to conduct cyberattacks, sometimes you may be asked to test them as well. As technology evolves, newer technologies can become targets for testing. Too seldom, security is an afterthought when it should be considered up-front in the design phase.

Benefits and Reasons

The benefits and reasons for conducting pentests have become more recognized by private- and public-sector organizations, and the need to conduct them continues to grow. A decade ago, pentests were typically performed by consultants or contractors. Most companies did not employ their own pentesters, but as the need increased, more companies built their own pentesting teams.
The benefit of pentesting is that it provides a view of the security posture from an adversary's point of view. As we discussed, the best way to understand how an adversary sees security is to have a pentest performed.
Some of the most common reasons for pentests are as follows:
  • Discovering and remediating vulnerabilities in order to mitigate possible breaches.
  • Regulatory compliance is a major driver for companies to conduct pentests. Of course, this should not be the only reason—security should be the main purpose. Nonetheless, Payment Card Industry-Data Security Standard (PCI-DSS) and General Data Protection Regulation (GDPR) are two major regulations. They pertain to payment systems ranging from those seen in brick-and-mortar stores to those implemented in ecommerce.
Knowledge of pentesting techniques is helpful to more than just pentesters. Understanding how malicious hackers think, as well as the TTPs used by cyber criminals, are helpful to defenders in all areas of information security.
Some areas that can benefit from an understanding of pentesting are as follows:
  • Security operations center (SOC) analysts
  • Network security analysts and engineers
  • Digital forensics and incident response (DFIR)
  • Purple teams (a collaboration of defensiv...

Inhaltsverzeichnis

  1. Cover
  2. Table of Contents
  3. Title Page
  4. Foreword
  5. Introduction
  6. 1 What Is a Pentester?
  7. 2 Prerequisite Skills
  8. 3 Education of a Hacker
  9. 4 Education Resources
  10. 5 Building a Pentesting Lab
  11. 6 Certifications and Degrees
  12. 7 Developing a Plan
  13. 8 Gaining Experience
  14. 9 Getting Employed as a Pentester
  15. Appendix: The Pentester Blueprint
  16. Glossary
  17. Index
  18. End User License Agreement
Zitierstile für The Pentester BluePrint

APA 6 Citation

Wylie, P., & Crawley, K. (2020). The Pentester BluePrint (1st ed.). Wiley. Retrieved from https://www.perlego.com/book/2010332/the-pentester-blueprint-starting-a-career-as-an-ethical-hacker-pdf (Original work published 2020)

Chicago Citation

Wylie, Phillip, and Kim Crawley. (2020) 2020. The Pentester BluePrint. 1st ed. Wiley. https://www.perlego.com/book/2010332/the-pentester-blueprint-starting-a-career-as-an-ethical-hacker-pdf.

Harvard Citation

Wylie, P. and Crawley, K. (2020) The Pentester BluePrint. 1st edn. Wiley. Available at: https://www.perlego.com/book/2010332/the-pentester-blueprint-starting-a-career-as-an-ethical-hacker-pdf (Accessed: 15 October 2022).

MLA 7 Citation

Wylie, Phillip, and Kim Crawley. The Pentester BluePrint. 1st ed. Wiley, 2020. Web. 15 Oct. 2022.