Publisher: Packt Publishing
If you want to start practicing penetration testing, you will be needing a test lab. This book will tell you what you need in order to do it, how to set it up, and how to use it in a simple, straightforward manner.
About the author
Vyacheslav Fadyushin started as a lead information security officer at a power engineering company and continued as a lead information security consultant. He acquired a lot of diverse experience and skills performing various information security audits, and consulting and penetration testing projects with major CIS companies.
Inside the book
The book's preface is a must-read, as it contains a list of hardware and software you'll need to set up a pentesting lab, as well as the text conventions used throughout the book, which will make it easier to follow the "plot."
After a short overview of penetration testing types and typical workflow, the author offers a list of cons for setting up your own lab - some of which you might have not thought about - and explains each of them. He finishes the chapter with important rules that should make you avoid legal problems and a list of suggested reading materials (Hacking Exposed 7 among them).
Planning your lab environment will require you to consider which skills you want to practice and whether you want to test networks, Web applications or Wi-Fi. You'll learn how to determine lab requirements, size, resources and architecture, and you'll do it by consulting a series of helpful tables and lists. You'll also be "lectured" on pros and cons of virtualization solutions.
Each of the subsequent chapter addresses one type of pentesting lab (network security, Web app and Wi-Fi). Setting them up and configuring them becomes easy with the thorough step-by-step guides the author has created. He explains the steps, offers some alternative solutions and configurations, and tips that might come in handy.
The chapters are sprinkled with helpful screenshots, and end with links to great additional source of information about each topic, and additional vulnerable web apps to test with impunity.
Finally, the author reviews some popular public online penetration testing labs.
This book is perfect for absolute beginners that feel overwhelmed by the subject and are unsure where to start. Theory is all good and well - and hopefully those picking up this book have already absorbed some basic knowledge about penetration testing - but this book provides a clear step-by-step guide for starting you along this chosen path.
I enjoyed the no-nonsense, clear approach, and felt that not a word was out of place or too much.