Home Page Icon
Home Page
Table of Contents for
Cover
Close
Cover
by Kevin Beaver
Hacking For Dummies, 6th Edition
Cover
Introduction
About This Book
Foolish Assumptions
Icons Used in This Book
Beyond the Book
Where to Go from Here
Part 1: Building the Foundation for Security Testing
Chapter 1: Introduction to Vulnerability and Penetration Testing
Straightening Out the Terminology
Recognizing How Malicious Attackers Beget Ethical Hackers
Understanding the Need to Hack Your Own Systems
Understanding the Dangers Your Systems Face
Following the Security Assessment Principles
Using the Vulnerability and Penetration Testing Process
Chapter 2: Cracking the Hacker Mindset
What You’re Up Against
Who Breaks into Computer Systems
Why They Do It
Planning and Performing Attacks
Maintaining Anonymity
Chapter 3: Developing Your Security Testing Plan
Establishing Your Goals
Determining Which Systems to Test
Creating Testing Standards
Selecting Security Assessment Tools
Chapter 4: Hacking Methodology
Setting the Stage for Testing
Seeing What Others See
Scanning Systems
Determining What’s Running on Open Ports
Assessing Vulnerabilities
Penetrating the System
Part 2: Putting Security Testing in Motion
Chapter 5: Information Gathering
Gathering Public Information
Mapping the Network
Chapter 6: Social Engineering
Introducing Social Engineering
Starting Your Social Engineering Tests
Knowing Why Attackers Use Social Engineering
Understanding the Implications
Performing Social Engineering Attacks
Social Engineering Countermeasures
Chapter 7: Physical Security
Identifying Basic Physical Security Vulnerabilities
Pinpointing Physical Vulnerabilities in Your Office
Chapter 8: Passwords
Understanding Password Vulnerabilities
Cracking Passwords
General Password Cracking Countermeasures
Securing Operating Systems
Part 3: Hacking Network Hosts
Chapter 9: Network Infrastructure Systems
Understanding Network Infrastructure Vulnerabilities
Choosing Tools
Scanning, Poking, and Prodding the Network
Detecting Common Router, Switch, and Firewall Weaknesses
Putting Up General Network Defenses
Chapter 10: Wireless Networks
Understanding the Implications of Wireless Network Vulnerabilities
Choosing Your Tools
Discovering Wireless Networks
Discovering Wireless Network Attacks and Taking Countermeasures
Chapter 11: Mobile Devices
Sizing Up Mobile Vulnerabilities
Cracking Laptop Passwords
Cracking Phones and Tablets
Part 4: Hacking Operating Systems
Chapter 12: Windows
Introducing Windows Vulnerabilities
Choosing Tools
Gathering Information About Your Windows Vulnerabilities
Detecting Null Sessions
Checking Share Permissions
Exploiting Missing Patches
Running Authenticated Scans
Chapter 13: Linux and macOS
Understanding Linux Vulnerabilities
Choosing Tools
Gathering Information About Your System Vulnerabilities
Finding Unneeded and Unsecured Services
Securing the .rhosts and hosts.equiv Files
Assessing the Security of NFS
Checking File Permissions
Finding Buffer Overflow Vulnerabilities
Checking Physical Security
Performing General Security Tests
Patching
Part 5: Hacking Applications
Chapter 14: Communication and Messaging Systems
Introducing Messaging System Vulnerabilities
Recognizing and Countering Email Attacks
Understanding VoIP
Chapter 15: Web Applications and Mobile Apps
Choosing Your Web Security Testing Tools
Seeking Out Web Vulnerabilities
Minimizing Web Security Risks
Uncovering Mobile App Flaws
Chapter 16: Databases and Storage Systems
Diving Into Databases
Following Best Practices for Minimizing Database Security Risks
Opening Up About Storage Systems
Following Best Practices for Minimizing Storage Security Risks
Part 6: Security Testing Aftermath
Chapter 17: Reporting Your Results
Pulling the Results Together
Prioritizing Vulnerabilities
Creating Reports
Chapter 18: Plugging Your Security Holes
Turning Your Reports into Action
Patching for Perfection
Hardening Your Systems
Assessing Your Security Infrastructure
Chapter 19: Managing Security Processes
Automating the Security Assessment Process
Monitoring Malicious Use
Outsourcing Security Assessments
Instilling a Security-Aware Mindset
Keeping Up with Other Security Efforts
Part 7: The Part of Tens
Chapter 20: Ten Tips for Getting Security Buy-In
Cultivate an Ally and a Sponsor
Don’t Be a FUDdy-Duddy
Demonstrate That the Organization Can’t Afford to Be Hacked
Outline the General Benefits of Security Testing
Show How Security Testing Specifically Helps the Organization
Get Involved in the Business
Establish Your Credibility
Speak on Management’s Level
Show Value in Your Efforts
Be Flexible and Adaptable
Chapter 21: Ten Reasons Hacking Is the Only Effective Way to Test
The Bad Guys Think Bad Thoughts, Use Good Tools, and Develop New Methods
IT Governance and Compliance Are More Than High-Level Checklist Audits
Vulnerability and Penetration Testing Complements Audits and Security Evaluations
Customers and Partners Will Ask How Secure Your Systems Are
The Law of Averages Works Against Businesses
Security Assessments Improve Understanding of Business Threats
If a Breach Occurs, You Have Something to Fall Back On
In-Depth Testing Brings Out the Worst in Your Systems
Combined Vulnerability and Penetration Testing Is What You Need
Proper Testing Can Uncover Overlooked Weaknesses
Chapter 22: Ten Deadly Mistakes
Not Getting Approval
Assuming That You Can Find All Vulnerabilities
Assuming That You Can Eliminate All Vulnerabilities
Performing Tests Only Once
Thinking That You Know It All
Running Your Tests Without Looking at Things from a Hacker’s Viewpoint
Not Testing the Right Systems
Not Using the Right Tools
Pounding Production Systems at the Wrong Time
Outsourcing Testing and Not Staying Involved
Appendix: Tools and Resources
Advanced Malware
Bluetooth
Certifications
Databases
Denial of Service (DoS) Protection
Exploits
General Research Tools
Hacker Stuff
Keyloggers
Laws and Regulations
Linux
Live Toolkits
Log Analysis
Messaging
Miscellaneous
Mobile
Networks
Password Cracking
Patch Management
Security Education and Learning Resources
Security Methods and Models
Social Enginering and Phishing
Source Code Analysis
Statistics
Storage
System Hardening
User Awareness and Training
Voice over Internet Protocol
Vulnerability Databases
Websites and Applications
Windows
Wireless Networks
About the Author
Advertisement Page
Connect with Dummies
Index
End User License Agreement
Search in book...
Toggle Font Controls
Playlists
Add To
Create new playlist
Name your new playlist
Playlist description (optional)
Cancel
Create playlist
Sign In
Email address
Password
Forgot Password?
Create account
Login
or
Continue with Facebook
Continue with Google
Sign Up
Full Name
Email address
Confirm Email Address
Password
Login
Create account
or
Continue with Facebook
Continue with Google
Next
Next Chapter
Title Page
Add Highlight
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click
here
login for view all page.
Day Mode
Cloud Mode
Night Mode
Reset