** Hacking: The Next Generation. By Nitesh Dhanjani et al; published by O’Reilly Media, www.oreilly.com (Web); 304 pages; $39.99.
While many of the IT security texts that have appeared over the years focus on the same topics—buffer overflows, brute force password attacks, and other fundamentals—Hacking: The Next Generation acknowledges that attack vectors have shifted towards Web 2.0, the Cloud, and social networks, and that hacker sophistication has progressed in many cases faster than advances in countermeasures.
Providing a plethora of scripts, source code, tool listings, and case studies, the authors address a wide range of attacks and even how several can be used together. The text addresses the most current testing methodologies—from creating Perl, Python, and PHP scripts to leveraging many existing tools. The book does leave out some of the newest tool suites—such as BackTrack and Samurai—but keeping current is difficult with this evolving subject. In addition, while in most cases, the authors’ advice is fairly prescriptive, some “filler” text on social engineering techniques could have been omitted without losing value.
An important topic covered by the authors is the existence of “blended threats,” wherein particular vulnerabilities by themselves do not appear to pose much risk, but when combined together, they represent a serious danger. It is precisely these blended threats that are growing in popularity among cybercriminals and must be understood by security professionals.
While much of the information in the text can be gathered from various other sources, most organizations must be able to defend against all possible attacks and so having all of this information readily available in one place is of great benefit.
If you want to learn how criminal techniques have evolved to include sophisticated tools and methods that can compromise an individual or an enterprise, this book is for you.
Reviewer: Don Fergus, CISSP (Certified Information Systems Security Professional), is vice president and chief security officer at Intekras, Inc., which provides information assurance and cyber risk management services to public and private sector organizations. He is a member of the ASIS International Information Technology Security Council.