Instant Penetration Testing Setting Up a Test Lab How-to [eBook]
This book is a good little read I decided to read it as I wanted to get an idea for a new lab I was working on and it didn’t disappoint me. As someone who tries to help other people get into security, I think this book will be a great buy for anyone new to the industry. The book is not extremely large so reading it in one or two days is not a problem with just 88 pages to the Ebook.
The first chapter gives you a basic background to pen testing which I don’t really think is needed as if you are buying this book you are only buying it to help with the lab setup for pentesting.
The book then goes onto talking about lab setups, you should be aware that some examples use windows and a wireless router so you may need to buy a license or purchase hardware, if you want to copy the labs exactly, all other software is pretty much free as it’s Linux based.
The book covers three main labs; one for web testing, one for wireless and online labs. You could get away with networking test labs too, from the setup, but not much networking is involved although you can scan the windows host and Lunux boxes and make changes.
The lab setup consists of Wireless router, Win 2008 web and database, win 2009 domain controller, Ubuntu FTP and radius server, and two windows boxes one XP and the other windows 7.
The book is pretty straight forward with step by step instructions, so it makes it really ideal for anyone even if you have never attempted anything like this before.
Web lab DVWA
The web lab just uses the DVWA that includes all common found web application issues like XSS, SQL injection, CSRF and much more. DVWA is pretty good to learn web application testing
There are also loads of other alternatives like webgoat that do not really get any mention in the ebook which I think is shame.
In order to setup the wi-fi lab you need to have a wireless router or purchase one off ebay. This lab is pretty good to do and it covers things like radius server too, which is pretty cool as it is not seen in many books.
The book then tells you about online labs and challenges that you can do, it mainly covers /www.hacking-lab.com/ which are pretty awesome labs and challenges with loads of different levels from easy to hard and it is really worth checking out if you have not done so already.
Overall this book is pretty useful if you are new to building a lab and would like step-by-step instructions to build one. However if you already have a lab or are not a complete newbie to pen testing then this book might not be for you. I think there is also information missing from the book and should include other chapters maybe along the lines of how to update your lab, as there are a lot more resources online with regards to building a pentesting lab like http://vulnhub.com/