Introduction 1Part 1: Building the Foundation for Security Testing 5Chapter 1: Introduction to Vulnerability and Penetration Testing 7Chapter 2: Cracking the Hacker Mindset 25Chapter 3: Developing Your Security Testing Plan 37Chapter 4: Hacking Methodology 49Part 2: Putting Security Testing in Motion 59Chapter 5: Information Gathering 61Chapter 6: Social Engineering 69Chapter 7: Physical Security 87Chapter 8: Passwords 99Part 3: Hacking Network Hosts 129Chapter 9: Network Infrastructure Systems 131Chapter 10: Wireless Networks 165Chapter 11: Mobile Devices 193Part 4: Hacking Operating Systems 205Chapter 12: Windows 207Chapter 13: Linux and macOS 233Part 5: Hacking Applications 257Chapter 14: Communication and Messaging Systems 259Chapter 15: Web Applications and Mobile Apps 283Chapter 16: Databases and Storage Systems 309Part 6: Security Testing Aftermath 321Chapter 17: Reporting Your Results 323Chapter 18: Plugging Your Security Holes 329Chapter 19: Managing Security Processes 337Part 7: The Part of Tens 345Chapter 20: Ten Tips for Getting Security Buy-In 347Chapter 21: Ten Reasons Hacking Is the Only Effective Way to Test 353Chapter 22: Ten Deadly Mistakes 357Appendix: Tools and Resources 363Index 379

Kevin Beaver is an information security guru and has worked in the industry for more than three decades as a consultant, writer, and speaker. He earned his master's degree in Management of Technology at Georgia Tech.