New Book Coming Out on Penetration Testing: Thoughts?
I just saw that a new book on Penetration Testing is coming out. Some of you may know the authors; I don't but I have heard of them. The cover is still in flux apparently, but I was wondering if anyone had thoughts on this forthcoming book on pen testing:
And just in case those don't work:
Title: Penetration Tester's Open Source Toolkit
Amazon states the book has not been released yet for sale and the publish date from the book information is December 1, 2005.
Here is what Amazon.com says:
It looks at the very least interesting and could provide another tool for a pen tester or a security admin.
This is the first fully integrated Penetration Testing book and bootable Linux CD containing the Auditor Security Collection which includes over 300 of the most effective and commonly used open source attack and penetration testing tools. This powerful tool kit and authoritative reference is written by the security industry's foremost penetration testers including HD Moore, Jay Beale, and SensePost. This unique package provides you with a completely portable and bootable Linux attack distribution and authoritative reference to the toolset included and the required methodology.
Penetration testing a network requires a delicate balance of art and science. A penetration tester must be creative enough to think outside of the box to determine all possible attack vector into his own network, and also be expert in using the literally hundreds of tools required to execute the plan and meticulously document their results. This book provides both the art and the science. The authors of the book are expert penetration testers who have developed many of the leading pen testing tools; such as the Metasploit framework. The authors allow the reader inside their heads to unravel the mysteries of thins like identifying targets, enumerating hosts, application fingerprinting, cracking passwords, and attacking exposed vulnerabilities. Along the way, the authors provide an invaluable reference to the hundreds of hijacking tools; sniffers; scanners; Web application; and vulnerability assessment tools from the bootable-Linux CD including the Metasploit Framework; ettercap, dsniff, Ethereal, Nmap, Paketto, Scanrand, Hydra, Paros, Nessus, and many more.
Does anyone else have information on this book?