Professional

Penetration Testing
Creating and Operating

Setting Up

There is an increasing need for experienced information system and network

penetration testers, and demand has exceeded the abilities of PenTest professionals
throughout the information technology (IT) industry. The number of conferences,
training bootcamps, and colleges offering courses related to professional penetration
testing is increasing; but they cannot keep pace with government regulations and
customer pressure, which are forcing companies to escalate the number, and scope,
of penetration tests within their infrastructure.
To complicate matters, the career path to penetration testing professions has
been a long one. Until recently, the only people capable of contributing to a
penetration test project were those with numerous years of experience in system
security. However, as the profession is becoming more mature, educational and
research organizations have begun to refine attack methodologies and techniques
within the information system security profession. Today, professional penetration
testing is being taught to young professionals just entering the IT industry, and
companies are hiring students with no practical experience.
This book is divided into three parts Setting Up, Running a PenTest, and
Wrapping EverythingUp. In the first part of the book,wewill discuss the professionals
within a penetration test team and skills needed to be an effective team member.
More importantly, we will create our own PenTest lab, so we can transfer theoretical
knowledge into practical, hands-on experience. Exercises at the end of chapters have
been included, which are designed to build on the lessons within this book.
A penetration test is more than attacking and compromising a system. In Part I
of this book, we will discuss how project management is an integral component to a
successful penetration test project.We will look at the different stages within a project
and identify those areas where PenTest engineer involvement is introduced into the
process. By understanding PenTest projects fromconception to completion, engineers
can better understand their role in supporting their clients business objectives.
Understanding the unique challenges and opportunities within penetration
testing projects is not restricted to just PenTest engineers. Managers and stakeholders

who have never participated in a professional penetration test need to understand

the different roles, responsibilities, and processes that contribute to the successful
conclusion of the project. Part I of this book will examine the steps necessary for
both engineers and management to prepare for a professional penetration test.