computers & security 31 (2012) 252
Available online at www.sciencedirect.com
journal homepage: www.elsevier.com/locate/cose
Book review Coding for Penetration Testers, Jason Andress, Ryan Linn Without meaning to advocate over-reliance on it, penetration tests usually require a certain suite of tools. While standard utilities such as nmap, dirbuster and sqlmap tend to meet the needs of testers in most situations, some tricky assessments call for custom development or at least a skilled combination of tools. This is where Coding for Penetration Testers by Jason Andress and Ryan Linn comes in: By guiding the reader through a variety of languages (in that order: Bash scripting, PowerShell scripting, Python, Perl, Ruby, PHP, Lua, NASL), this book aims to teach how to create custom penetration testing tools. It also addresses a few other topics such as information gathering using Google Hacks/dorks, Metasploit scripting and post-exploitation scripting. For a book just over 250 pages strong, this certainly does look like an impressive list, considering that most books on any single programming language tend to be around that same size. With that in mind, it comes as no surprise that the authors do not try to exhaustively discuss any single topic. In fact, at times it appears as if they are rushing from one language to the other without giving the reader enough background knowledge to tackle his or her own projects. This is by no means a book to quickly scan over e I would
encourage anybody who decides to buy it to reserve a few days in their schedule to actually try out the examples given (and there are a lot of them!). Luckily, most of the scripts and snippets printed throughout the book are very much relevant to the work of a penetration tester and in no way boring or of the “just another language feature we want to show off” kind. This book is definitely not for rookie coders, but rather a good starting point for people with a medium level of programming experience. It is also not suited well as a reference to quickly look things up in. But if what you’re looking for is a very practical guide with tons of pointers to further (and recommended) reading material and exercises Coding for Penetration Testers delivers what it promises. Manuel Leithner, Edgar Weippl* SBA Research, Favoritenstr 16, A-1040 Vienna, Austria *Corresponding author. Tel.: þ43 664 4126558; fax: þ43 1 5058888. E-mail address:
[email protected] (E. Weippl) 0167-4048/$ e see front matter doi:10.1016/j.cose.2011.12.006