Tuesday, August 29, 2006

Review of Penetration Testing and Network Defense Posted

Amazon.com just posted my three star review of Penetration Testing and Network Defense. This was another disappointment that duped me into trying to read it. From the review:

Penetration testing is becoming a hot topic again, but the available books on the subject continue to underwhelm. Penetration Testing and Network Defense (PTAND), published in the fall of 2005, would be a four star book if it had been published two years earlier. Stephen Northcutt, unlike all other reviewers, noticed this fact as well. When you combine this problem with PTAND with several other deficiencies, the result is a book you can unfortunately skip.

On a brighter pen testing note, I read that work is progressing on version 3.0 of Pete Herzog's Open Source Security Testing Methodology Manual (OSSTMM). Maybe we'll see a new version in a few weeks?

Also, the Active Filter Detection tool implements a cool function needed by OSSTM.

2 comments:

Anonymous said...

Version 3.0 of the OSSTMM was supposed to be released 1.5 years ago. Based on past history of ISECOM, it will probably take more than a few weeks.

Additionally, the OSSTMM only explains the what and why of the methodology and not the how.

Anonymous said...

Given your comment regarding the OSSTMM back in 2003 (see below), I am curious what your opinion is concerning them now. I am reading through their material to see how valuable it is in actually conducting a test. What are your thoughts?

Comment from 2003 article:
"Wow! That sounds like a four year college degree. Wait -- this is all packed into a four day class? Who do these guys think they are?"