Gray Hat Hacking : The Ethical Hacker's Handbook Review

Average Reviews:

(More customer reviews)Are you looking to buy Gray Hat Hacking : The Ethical Hacker's Handbook? Here is the right place to find the great deals. we can offer discounts of up to 90% on Gray Hat Hacking : The Ethical Hacker's Handbook. Check out the link below:

>> Click Here to See Compare Prices and Get the Best Offers

Gray Hat Hacking : The Ethical Hacker's Handbook Review'Gray Hat Hacking' (GHH) is positioned as a next-generation book for so-called ethical hackers, moving beyond the tool-centric discussions of books like 'Hacking Exposed.' The authors leave their definition of 'gray hat' unresolved until ch 3, where they claim that a 'white hat' is a person who 'uncovers a vulnerability and exploits it with authorization;' a 'black hat' is one who 'uncovers a vulnerability and illegally exploits it and/or tells others how to;' and a 'gray hat' is one who 'uncovers a vulnerability, does not illegally exploit it or tell others how to do it, but works with the vendor.' I disagree and prefer SearchSecurity.com's definitions, where white hats find vulnerabilities and tell vendors without providing public exploit code; black hats find vulnerabilities, code exploits, and maliciously attack victims; and gray hats find vulnerabilities, publish exploits, but do not illegally use them. According to these more common definitions, the book should have been called 'White Hat Hacking.' I doubt it would sell as well with that title!
Content-wise, the book mixes ethical and legal advice with tool overviews and technical information. Many reviewers note the good legal overview in ch 3, where I found the tables summarizing various laws to be helpful. The authors provide a sound rationale for penetration testing: 'Nothing should be trusted until it is tested' (p. 13). I enjoyed the disclosure discussion in ch 3 as well. I liked the brief tool descriptions of Core IMPACT, Immunity Security's CANVAS, and the Metasploit Framework. Some of the other discussions (e.g., Amap, P0f, Ettercap) didn't go deeper than already published explanations of those same tools.
I found the technical material to be accurate albeit somewhat disorganized and in some cases far too shallow. For example, the authors provide 6 pages on Python (ch 6), 6 pages on C (ch 7), and a single 21 page chapter (ch 10) mentioning system calls, socket programming, and assembly language. On p 279 and several other places the authors admit their topic 'deserves a chapter to itself, if not an entire book!' They should have trusted their instincts and required readers to have prior knowledge of programming in low- and high-level languages prior to reading GHH. Instead, short sections that are too basic for the pros but too rushed for beginners detract from the book's focus.
The five authors clearly know their subjects, but they should have coordinated their chapters better. For example, ch 7 introduces using debuggers without even a description of their purpose. Six chapters later (in ch 13), we read a description of debugging only to be followed again by another discussion of debugging in ch 14. All of this should have been consolidated and rationalized.
I think McGraw-Hill/Osborne's second edition of GHH should seek to differentiate itself from more focused books like 'The Shellcoder's Handbook' (by Wiley) and 'Exploiting Software' (by Addison-Wesley). There is a market for high-end security books without sparse introductory material included for the benefit of beginners. Authors should either commit to the beginners and give enough information to enlighten them, or tell them to read foundational references first and concentrate on the more experienced audience. Authors like Allen Harper and Chris Eagle, winners of last year's 'Capture the Flag' contest at Def Con, can deliver the goods if not constrained by a publisher's desire to address as broad an audience as possible. I would not be surprised to see this book greatly expanded in a second edition, which I look forward to reading.Gray Hat Hacking : The Ethical Hacker's Handbook OverviewAnalyze your company's vulnerability to hacks with expert guidance from Gray Hat Hacking: The Ethical Hacker's Handbook. Discover advanced security tools and techniques such as fuzzing, reverse engineering, and binary scanning. Test systems using both passive and active vulnerability analysis. Learn to benefit from your role as a gray hat. Review ethical and legal issues and case studies. This unique resource provides leading-edge technical information being utilized by the top network engineers, security auditors, programmers, and vulnerability assessors. Plus, the book offers in-depth coverage of ethical disclosure and provides a practical course of action for those who find themselves in a "disclosure decision" position.

Want to learn more information about Gray Hat Hacking : The Ethical Hacker's Handbook?

>> Click Here to See All Customer Reviews & Ratings Now