General Overview
This 272‑page book is divided into two major sections: Attack, containing 16 chapters, and Defense, containing 7 chapters. The material is presented mainly in text and graphic form, with occasional code snippets. Each chapter ends with a summary of the material covered. The level of difficulty is medium.
Contents
The following summarizes the book’s contents without delving into the details of each chapter.
PART 1. ATTACK
- Chapter 1. Beginning
- Chapter 2. Gathering Information from Open Sources
- Chapter 3. Acquiring Information from Network Services
- Chapter 4. Attacking Web Applications
- Chapter 5. Social Engineering
- Chapter 6. Password Acquisition
- Chapter 7. Wireless Networks
- Chapter 8. Intercepting Data
- Chapter 9. Bypassing Security Systems
- Chapter 10. Malware
- Chapter 11. Metasploit Framework
- Chapter 12. File Transfer
- Chapter 13. Privilege Escalation
- Chapter 14. Port Forwarding and Tunneling
- Chapter 15. Buffer Overflow
- Chapter 16. Bringing It All Together
PART 2. DEFENSE
- Chapter 17. Personal Example
- Chapter 18. Paperwork
- Chapter 19. Training and Exercises
- Chapter 20. Information Leakage Protection
- Chapter 21. Firewalls
- Chapter 22. Intrusion Detection Systems (IDS)
- Chapter 23. Virtual Private Networks (VPN)
Opinion
Another excellent book on computer security. Alongside Peter Yaworski’s Bug‑trap: A Field Guide to Web Hacking, the material in this book also formed the basis of my presentation at the company where I work on computer‑security topics.
This article is purely a book review and does not serve a recommendation purpose. The tools and methods described in the book are presented solely for informational purposes—and are not a call to action on my part. Moreover, some technologies or practices may be restricted, blocked, or illegal in certain countries, and each reader must evaluate their use independently, taking into account local law and personal responsibility.
