In this book, the author covers the penetration test process: reconnaissance, enumeration, vulnerability assessment and the eventual launch of an attack. He explains how to prepare the test report, focusing on what information to include in the report and how best to present it to the client. The book also discusses the potential dangers of new technology adopted to improve business operations (e.g. employee remote access, wireless communications, public-facing web applications), but, at the same time, creating new vulnerabilities.
Avoiding a detailed, technical analysis of the tools currently used by today’s pen testers, which often come in and out of fashion, the book instead focuses on the range of techniques employed by professional pen testers. The author draws on his wealth of experience and provides real-world examples to give readers a practical understanding of how to conduct a penetration test. He also explains how to deliver a client-focused report that assesses the security of the system and whether the level of risk to the organisation is within acceptable levels.