| | Copyright |
| | About the Authors |
| | About the Technical Reviewers |
| | Acknowledgments |
| | Icons Used in This Book |
| | Command Syntax Conventions |
| | Foreword |
| | Introduction |
| | | Who Should Read this Book |
| | | Ethical Considerations |
| | | How This Book Is Organized |
| | Part I: Overview of Penetration Testing |
| | | Chapter 1. Understanding Penetration Testing |
| | | Defining Penetration Testing |
| | | Assessing the Need for Penetration Testing |
| | | Attack Stages |
| | | Choosing a Penetration Testing Vendor |
| | | Preparing for the Test |
| | | Summary |
| | | Chapter 2. Legal and Ethical Considerations |
| | | Ethics of Penetration Testing |
| | | Laws |
| | | Logging |
| | | To Fix or Not to Fix |
| | | Summary |
| | | Chapter 3. Creating a Test Plan |
| | | Step-by-Step Plan |
| | | Open-Source Security Testing Methodology Manual |
| | | Documentation |
| | | Summary |
| | Part II: Performing the Test |
| | | Chapter 4. Performing Social Engineering |
| | | Human Psychology |
| | | What It Takes to Be a Social Engineer |
| | | First Impressions and the Social Engineer |
| | | Tech Support Impersonation |
| | | Third-Party Impersonation |
| | | E-Mail Impersonation |
| | | End User Impersonation |
| | | Customer Impersonation |
| | | Reverse Social Engineering |
| | | Protecting Against Social Engineering |
| | | Case Study |
| | | Summary |
| | | Chapter 5. Performing Host Reconnaissance |
| | | Passive Host Reconnaissance |
| | | Active Host Reconnaissance |
| | | Port Scanning |
| | | NMap |
| | | Detecting a Scan |
| | | Case Study |
| | | Summary |
| | | Chapter 6. Understanding and Attempting Session Hijacking |
| | | Defining Session Hijacking |
| | | Tools |
| | | Beware of ACK Storms |
| | | Kevin Mitnick's Session Hijack Attack |
| | | Detecting Session Hijacking |
| | | Protecting Against Session Hijacking |
| | | Case Study |
| | | Summary |
| | | Resources |
| | | Chapter 7. Performing Web Server Attacks |
| | | Understanding Web Languages |
| | | Website Architecture |
| | | E-Commerce Architecture |
| | | Web Page Spoofing |
| | | Cookie Guessing |
| | | Brute Force Attacks |
| | | Tools |
| | | Detecting Web Attacks |
| | | Protecting Against Web Attacks |
| | | Case Study |
| | | Summary |
| | | Chapter 8. Performing Database Attacks |
| | | Defining Databases |
| | | Testing Database Vulnerabilities |
| | | Securing Your SQL Server |
| | | Detecting Database Attacks |
| | | Protecting Against Database Attacks |
| | | Case Study |
| | | Summary |
| | | References and Further Reading |
| | | Chapter 9. Password Cracking |
| | | Password Hashing |
| | | Password-Cracking Tools |
| | | Detecting Password Cracking |
| | | Protecting Against Password Cracking |
| | | Case Study |
| | | Summary |
| | | Chapter 10. Attacking the Network |
| | | Bypassing Firewalls |
| | | Evading Intruder Detection Systems |
| | | Testing Routers for Vulnerabilities |
| | | Testing Switches for Vulnerabilities |
| | | Securing the Network |
| | | Case Study |
| | | Summary |
| | | Chapter 11. Scanning and Penetrating Wireless Networks |
| | | History of Wireless Networks |
| | | Antennas and Access Points |
| | | Wireless Security Technologies |
| | | War Driving |
| | | Tools |
| | | Detecting Wireless Attacks |
| | | Case Study |
| | | Summary |
| | | Chapter 12. Using Trojans and Backdoor Applications |
| | | Trojans, Viruses, and Backdoor Applications |
| | | Common Viruses and Worms |
| | | Trojans and Backdoors |
| | | Detecting Trojans and Backdoor Applications |
| | | Prevention |
| | | Case Study |
| | | Summary |
| | | Chapter 13. Penetrating UNIX, Microsoft, and Novell Servers |
| | | General Scanners |
| | | UNIX Permissions and Root Access |
| | | Microsoft Security Models and Exploits |
| | | Novell Server Permissions and Vulnerabilities |
| | | Detecting Server Attacks |
| | | Preventing Server Attacks |
| | | Case Study |
| | | Summary |
| | | Chapter 14. Understanding and Attempting Buffer Overflows |
| | | Memory Architecture |
| | | Buffer Overflow Examples |
| | | Preventing Buffer Overflows |
| | | Case Study |
| | | Summary |
| | | Chapter 15. Denial-of-Service Attacks |
| | | Types of DoS Attacks |
| | | Tools for Executing DoS Attacks |
| | | Detecting DoS Attacks |
| | | Preventing DoS Attacks |
| | | Case Study |
| | | Summary |
| | | Chapter 16. Case Study: A Methodical Step-By-Step Penetration Test |
| | | Case Study: LCN Gets Tested |
| | | DAWN Security |
| | Part III: Appendixes |
| | | Appendix A. Preparing a Security Policy |
| | | What Is a Security Policy? |
| | | Risk Assessment |
| | | Basic Policy Requirements |
| | | Security Policy Implementation and Review |
| | | Preparing a Security Policy in Ten Basic Steps |
| | | Reference Links |
| | | Appendix B. Tools |
| | | Performing Host Reconnaissance (Chapter 5) |
| | | Understanding and Attempting Session Hijacking (Chapter 6) |
| | | Performing Web-Server Attacks (Chapter 7) |
| | | Performing Database Attacks (Chapter 8) |
| | | Cracking Passwords (Chapter 9) |
| | | Attacking the Network (Chapter 10) |
| | | Scanning and Penetrating Wireless Networks (Chapter 11) |
| | | Using Trojans and Backdoor Applications (Chapter 12) |
| | | Penetrating UNIX, Microsoft, and Novell Servers (Chapter 13) |
| | | Understanding and Attempting Buffer Overflows (Chapter 14) |
| | | Denial-of-Service Attacks (Chapter 15) |
| | Glossary |
| | | A |
| | | B |
| | | C |
| | | D |
| | | E |
| | | F |
| | | H |
| | | I |
| | | J K L |
| | | M |
| | | N |
| | | O P |
| | | R |
| | | S |
| | | T |
| | | U |
| | | V |
| | | W |
| | Index |