Published on Security Management (http://www.securitymanagement.com)
Metasploit: The Penetration Tester’s Guide
By David Kennedy, Jim O’Gorman, Devon Kearns, and Mati Aharoni; Reviewed by Ben Rothke, CISSP, CISA 



    
Print Edition Only: 
No
Beyond Print?: 
No
Weight: 
0
Teaser: 
For those looking to use the Metasploit to its fullest, Metasploit: The Penetration Tester’s Guide is a valuable aid.


*****  Metasploit: The Penetration Tester’s Guide. By David Kennedy, Jim O’Gorman, Devon Kearns, and Mati Aharoni. No Starch Press, nostarch.com; 328 pages; $49.95.


People who design networks or build software applications are often oblivious to security faults that their designs may have. Those serious about information security will perform or will have an outside firm perform a penetration test—which is a way to evaluate how effective the security of a network or application is. Those performing a penetration test will imitate what an attacker would do in an adversarial situation to see how the system holds up.


The Metasploit Project is an open-source security project that provides information about security vulnerabilities and assists those performing the penetration tests in building a framework in which to carry out the testing. For those looking to use the Metasploit to its fullest, Metasploit: The Penetration Tester’s Guide is a valuable aid. Meta­sploit itself is an extremely powerful tool, but it is not an intui-tive piece of software.


While there’s documentation on Metasploit available at the project Web site, the authors use the book to help the reader become more fluent in how to use the base Meta­sploit meth­odology to be an effective penetration tester.


The first two chapters provide an introduction to penetration testing and Metasploit. By chapter four, the reader is deep in the waters of penetration testing. The book progressively advances in complexity. And by the time the reader finishes chapter 17, he or she should have a high comfort level on how to use Metasploit.


The book is meant for someone who is technical and needs to be hands-on with Metasploit and really understand it. For firms that are looking to do their own penetration testing, Metasploit is a free open-source tool, also used by firms that charge for the service.


For those looking to jump on the Meta­sploit bandwagon, this book is a great way to do that.




Reviewer: Ben Rothke, CISSP (Certified Information Systems Security Professional), CISA (Certified Information Systems Auditor), is an information security manager with a major hospitality firm.

 


Author: 
David Kennedy, Jim O’Gorman, Devon Kearns, and Mati Aharoni; Reviewed by Ben Rothke, CISSP, CISA 
Related Resources: 
Detail Image: 
Metasploit copy.gif
Thumbnail: 
Comments


    

    




  
Security Management is the award-winning publication of ASIS International, the preeminent international

organization for security professionals, with more than 38,000 members worldwide.


ASIS International, Inc. Worldwide Headquarters, 1625 Prince Street, Alexandria, Virginia 22314-2818 U.S.A.

703.519.6200 | fax 703.519.6299 | www.asisonline.org


ASIS


© 2013 Security Management

This site is protected by copyright and trade mark laws under U.S. and International law.

No part of this work may be reproduced without the written permission of Security Management.








    

    
Source URL: http://www.securitymanagement.com/article/metasploit-penetration-tester%E2%80%99s-guide-009352