LEADER 05608nam 2200673 450 001 9910786642603321 005 20200520144314.0 010 $a1-78328-478-1 035 $a(CKB)3710000000137754 035 $a(EBL)1644005 035 $a(OCoLC)881886712 035 $a(SSID)ssj0001326195 035 $a(PQKBManifestationID)11913875 035 $a(PQKBTitleCode)TC0001326195 035 $a(PQKBWorkID)11517194 035 $a(PQKB)10365811 035 $a(MiAaPQ)EBC1644005 035 $a(Au-PeEL)EBL1644005 035 $a(CaPaEBR)ebr10887984 035 $a(CaONFJC)MIL624231 035 $a(PPN)228035929 035 $a(EXLCZ)993710000000137754 100 $a20140710h20142014 uy 0 101 0 $aeng 135 $aur|n|---||||| 181 $ctxt 182 $cc 183 $acr 200 10$aBuilding virtual pentesting labs for advanced penetration testing $ebuild intricate virtual architecture to practice any penetration testing technique virtually /$fKevin Cardwell ; cover image by Tony Shi 210 1$aBirmingham, [England] :$cPackt Publishing,$d2014. 210 4$dİ2014 215 $a1 online resource (430 p.) 225 1 $aCommunity Experience Distilled 300 $aIncludes index. 311 $a1-78328-477-3 327 $aCover; Copyright; Credits; About the Author; About the Reviewers; www.PacktPub.com; Table of Contents; Preface; Chapter 1: Introducing Penetration Testing; Security testing; Authentication; Authorization; Confidentiality; Integrity; Availability; Non-repudiation; Abstract testing methodology; Planning; Nonintrusive target search; Intrusive target search; Data analysis; Reporting; Myths and misconceptions of pen testing; Summary; Chapter 2: Choosing the Virtual Environment; Open source and free environments; VMware Player; VirtualBox; Xen; Hyper-V; vSphere Hypervisor; Commercial environments 327 $avSphereVMware Player Plus; XenServer; VMware Workstation; Image conversion; Converting from a physical to virtual environment; Summary; Chapter 3: Planning a Range; Planning; What are we trying to accomplish?; By when do we have to accomplish it?; Identifying vulnerabilities; Vulnerability sites; Vendor sites; Summary; Chapter 4: Identifying Range Architecture; Building the machines; Building new machines; Conversion; Cloning a virtual machine; Selecting network connections; The bridged setting; Network Address Translation; The host-only switch; The custom settings; Choosing range components 327 $aThe attacker machineRouter; Firewall; Web server; Summary; Chapter 5: Identifying a Methodology; The OSSTMM; The Posture Review; Logistics; Active detection verification; Visibility Audit; Access verification; Trust verification; Control verification; Process verification; Configuration verification; Property validation; Segregation review; Exposure verification; Competitive intelligence scouting; Quarantine verification; Privileges audit; Survivability validation; Alert and log review; CHECK; NIST SP-800-115; The information security assessment methodology; Technical assessment techniques 327 $aComparing tests and examinationsTesting viewpoints; Overt and covert; Offensive Security; Other methodologies; Customization; Summary; Chapter 6: Creating an External Attack Architecture; Establishing layered architectures; Configuring firewall architectures; iptables; Deploying IDS/IPS and load balancers; Intrusion Detection System (IDS); Intrusion Prevention System (IPS); Load balancers; Integrating web application firewalls; Summary; Chapter 7: Assessment of Devices; Assessing routers; Evaluating switches; MAC attacks; VLAN hopping attacks; GARP attacks; Attacking the firewall 327 $aIdentifying the firewall rulesTricks to penetrate filters; Summary; Chapter 8: Architecting an IDS/IPS Range; Deploying a network-based IDS; Implementing the host-based IDS and endpoint security; Working with virtual switches; Evasion; Determining thresholds; Stress testing; Shell code obfuscation; Summary; Chapter 9: Assessment of Web Servers and Web Applications; Analyzing the OWASP Top Ten attacks; Injection flaws; Broken authentication and session management; Cross-Site Scripting; Insecure direct object references; Security misconfiguration; Sensitive data exposure 327 $aMissing function-level access control 330 $aWritten in an easy-to-follow approach using hands-on examples, this book helps you create virtual environments for advanced penetration testing, enabling you to build a multi-layered architecture to include firewalls, IDS/IPS, web application firewalls, and endpoint protection, which is essential in the penetration testing world. If you are a penetration tester, security consultant, security test engineer, or analyst who wants to practice and perfect penetration testing skills by building virtual pen testing labs in varying industry scenarios, this is the book for you. This book is ideal if yo 410 0$aCommunity experience distilled. 606 $aComputer networks$xSecurity measures 606 $aComputer security$xTesting 606 $aComputers$xAccess control 615 0$aComputer networks$xSecurity measures. 615 0$aComputer security$xTesting. 615 0$aComputers$xAccess control. 676 $a005.8 700 $aCardwell$b Kevin$01474565 702 $aShi$b Tony 801 0$bMiAaPQ 801 1$bMiAaPQ 801 2$bMiAaPQ 906 $aBOOK 912 $a9910786642603321 996 $aBuilding virtual pentesting labs for advanced penetration testing$93738300 997 $aUNINA