---

While there are other books on this topic, this particular book will be focused and direct, which will allow someone interested in this topic to get started immediately. While there is a focus on foundations, the objective of the book will be to get people immediately working on performing penetration testing. All of the foundational components will be explained in place with a focus on hands-on, practical experience rather than using the practical experience as an afterthought.

---

Learn how to break systems, networks, and software in order to determine where the bad guys might get in. Once the holes have been determined, this short book discusses how they can be fixed. Until they have been located, they are exposures to your organization. By reading Penetration Testing Basics , you´ll gain the foundations of a simple methodology used to perform penetration testing on systems and networks for which you are responsible.
What You Will Learn

Identify security vulnerabilities
Use some of the top security tools to identify holes
Read reports from testing tools
Spot and negate common attacks
Identify common Web-based attacks and exposures as well as recommendations for closing those holes Who This Book Is For
Anyone who has some familiarity with computers and an interest in information security and penetration testing.

---

1. What Is Penetration Testing? Information Security
Penetration Testing vs Security Assessments
Who does Penetration Testing

2. Digging for Information Google Hacking
Social Networking
Job Sites
Technical sources (e.g., regional Internet registries)

3. What´s Open? Port scanning
Banner grabbing

4. Vulnerabilities Scanning for vulnerabilities
Nessus vs Nexpose vs OpenVAS
Fuzzing

5. Exploitation Using Metasploit
Exploit Database

6. Breaking Web Sites Common Vulnerabilities< Web Scanning

7. Reporting

---

Ric Messier, MS, GCIH, GSEC, CEH, CISSP is the program director for Cyber Security, Computer Forensics and Digital Investigations and the Economic Crime Investigation bachelors´ degree programs, as well as the Digital Forensic Science master´s degree program at Champlain College.
Messier has been involved in the networking and security arena since the early 1980s. He has worked at large Internet service providers and small software companies developing knowledge and experience about a range of topics related to networking and security. Messier has also been involved on incident response teams and has been consulted on forensic investigations for large companies.
An established expert in the field and author, Messier has published several articles for Hackin9 Magazine, has developed number of video training titles with O´Reilly Media and has written a number of books on information security.

---