ACKNOWLEDGMENTS  

We’d like to thank all of the open source security practitioners who have contributed in some way, shape, or form to the greater good of improving and standardizing “information security” practices. To name everyone who has contributed would require a book all to itself, but to name a few, we first would like to say thank you to OWASP for providing foundational learning material on the art of web application security testing. Thank you to all those who contributed to the Open Source Security Testing Methodology Manual (OSSTMM); the Information Systems Security Assessment Framework (ISSAF); the National Institute of Standards and Technology (NIST) Special Publications (SP) 800 series, Penetration Testing Execution Standard (PTES); and the CVE, CWE, CAPEC, and ATT&CK framework provided by MITRE. Thank you to all the other silent contributors who have shared their knowledge and expertise on certain subjects to help inspire the development of certain labs and exercises used in this book. For all of our friends who helped us along the way, thank you. You know who you are!