'Penetration Testing Essentials' by Sean Philip Oriyano purports to be a beginner to intermediate level introduction to the field of Penetration Testing. Penetration Testing, or Pen Testing, is basically sanctioned testing to assess an entity's defenses against network intrusion. Familiarity with computer networking concepts is desired for those pursuing this text.
Penetration Testing Essentials
Sean Philip Oriyano
Sybex - A Wiley Brand
The book quickly covers the basics of operating systems, networking and cryptography in the first three chapters. Then, we get started with things related to Pen Testing. It outlines the entire process from getting approvals to perform the tests, reconnaissance and social engineering, to performing scans, using rootkits, backdoors and trojans, to finally reporting the findings. It also discusses in a couple of chapters the wireless paradigm of computer networks. Finally, some solutions to 'hardening' the host systems and networks are discussed briefly.
What the book manages to do is to prime its readers with the introductory jargon that gets bandied in the trade. Terms like firewalking, wardriving and their variants are discussed. One gets to know about Intrusion Detection Systems and Intrusion Prevention Systems that an enterprise may deploy apart from a Firewall to protect its networks.
Lack of sufficient detail and circumlocutory talk besets the chapters which discuss any - otherwise hands-on - task in Pen Testing. The book falls short on what it purports by a long shot. While the author advises readers to 'think like a bad guy', little effort is expended in even showing how one might do that. What is discussed is the 'process' - the system of steps, the red tape. It tells you how to wear the doctor's white coat and what to keep in mind when filling out the 'lab-report', but little about how to operate. The only aspect that has been covered in some detail is the topic of port scanning using the tool nmap. But after a while, even that seems like a poor bargain compared to the manual pages of the tool itself. The 'hands-on' exercises are not useful as most of them cannot be replicated and are low-resolution screenshots of something, somewhere.
The chapters seem to have been written in an amateurish way - voluminous but fluffy. The language is somewhat grandiose but the content is lacking. I am tempted to compare it with the memes on Donald Trump's way of appeasing the public with words.
What exactly is rooting in the context of an Android device? Well, the simplest explanation is that rooting involves running a process or script on an Android device, and if the execution of this application works as planned, the device should be unlocked and rooted, meaning that the user or whoever has the device is able to do whatever they want. It is because of the power unleashed by rooting a device that the process should only be undertaken by those who are experienced and knowledgeable enough to avoid negatively impacting security of a device.
The quality of writing an essay about what could otherwise be said in a single sentence is often made into a joke by young students. Brevity doesn't seem to be the forte of the author either (I am guilty of the same, but hey, I'm not publishing a book). The word count of the book has exploded merely by repetition of words or saying the same thing in a different way. There are many editorial and printing mistakes too. On the advantages of Wireless Networks, the author writes:
There are many advantages that make wireless a great target of opportunity:
Can go places where wires would be impossible to place and thus easier to access
Available in many places where wired networks do not exist or can’t exist
Extremely common technology
Aren’t the three points essentially one point?
Or, consider this nugget about evading IDS:
When working with an IDS, an effective method of avoiding detection is to employ techniques that defy or evade detection...An evasion attack is very tricky, but it’s effective in tricking an IDS.
There is little new information to be found and that too in very unlikely places. For example, it gives some pointers to where cross-site scripting attacks might work. This is listed as an example of how to report vulnerabilities to the people concerned. Other than that, it seems to introduce some concepts that seem very absurd to me. For example:
In the OSI model, TCP/IP resides at Layer 7, the Application layer.
I have never heard of that. Even when the reasons he gives for this make some vague sense, I would have reservations in making one model a part of another so casually.
Somehow, the author manages to show that 'sanctioned tests' are not very interesting - they're full of documentation, paperwork, permissions yada yada... At each step, the author reminds us to obey the law and the 'process'. This, along with skimming over the interesting parts makes the book a very dreary read. Overall, the book is pretty basic and I feel that it is more suited for absolute beginners rather than those with some technical background. At the price that the book sells for, I would not advise anyone to buy or read it. It is a waste of time.