reminding you of it. It’s often advice to help keep you out of trouble.
What You’re Not to Read
This book is written so you aren’t required to read it beginning to end. If you’re familiar with the basics of penetration testing, for example, you can probably skip the first part. You can skip Part 2 if you feel you have a pretty good handle on attack types and various pen testing tools. Technical Stuff icons are truly technical pieces of information that I file under “nice to know” — skip those, as well, if you’re looking for need-to-know content only.
Where to Go from Here
If you’re truly new to the world of penetration testing, I recommend you begin with Chapter 1 and read from there. Readers with a grasp on pen testing fundamentals — what it is, the role of the pen tester, types of hackers, types of attacks, and so on — but who want to hone their testing and/or reporting skills, for example, can go straight to Parts 3 and 4, respectively.
Looking for information about a particular tool or attack? Use the Table of Contents or Index to find where I cover that thing and go straight to that discussion. More advanced readers might want to read only those sections that cover any area they need to bone up on.
Of course, I recommend Chapters 15 and 16 for everyone because continual learning is so important to becoming and remaining an excellent pen tester.
You can also find more pen testing topics on the book’s cheat sheet, such as pen testing terminology and specific certifications you’ll find useful in your career. Go to dummies.com and search for “Pen Testing For Dummies cheat sheet” to find it.
Part 1
Getting Started with Pen Testing
IN THIS PART …
Dive into the world of pen testing by exploring the skills and certifications necessary to get started.
Learn what kind of hackers there are, what goals you’ll have as a pen tester, and the basics of scan maintenance.
Build your pen testing toolkit.
Chapter 1
Understanding the Role Pen Testers Play in Security
IN THIS CHAPTER
Penetration (or pen, for short) testing is one of the hottest up and coming skills any IT professional needs to have. As more and more technology takes over our world, the need to ensure it’s safe and secure is at the forefront. Companies are actively looking for professionals with a background in IT security and the ability to do penetration testing.
As a pen tester, you need a solid understanding of how an attacker can access your systems and how they can conduct attacks. Not to fear, I walk you through these attacks and the mind of the hacker. You have to truly think like a hacker to be a good pen tester, which is why pen testers are called white hats, grey hats, or ethical hackers, which I explain in more depth in Chapter 2.
I also lay out everything you need to know about security vulnerabilities and introduce you to the tools, techniques, and skills that today’s most elite pen testers use on a daily basis to conduct penetration tests that keep their company’s assets safe.
I get to all that and more throughout the book, but in this chapter, I cover the basics, starting with what roles a pen tester can hold in a company. I move from there into the importance of getting certified and what skills are required. I end the chapter with a couple sections that can set you on the path to becoming a competent and sought-after pen tester.
Looking at Pen Testing Roles
The security arena has myriad names applied to anyone who does good or bad security stuff. If you’re new to pen testing, all that can be highly confusing. To clear up any and all confusion on the matter, I dedicate this section to describing the good guys who do pen testing and what roles you might have as a pen tester. (See Chapter 2 for a breakdown of the baddies.)
The pen tester’s role is to penetrate and to ethically hack to find weaknesses within a company’s IT security program. Securing the weaknesses might be someone else’s responsibility. You may or may not be responsible for making recommendations based on the weaknesses you uncover, but I discuss that task in Chapter 12.
