Secure Reads: Gray Hat Hacking

Gray Hat Hacking: The Ethical Hacker's Handbook

This Content Component encountered an error
This article can also be found in the Premium Editorial Download: Information Security magazine: How security pros can benefit from information sharing:
Gray Hat Hacking: The Ethical Hacker's Handbook
By Shon Harris, Allen Harper, Chris Eagle, Jonathan Ness and Michael Lester
456 pages, $49.99
McGraw Hill/Osborne Media

@exb

Gray Hat Hacking: The Ethical Hacker's Handbook
@exe

Any authors willing to throw their hats in the ring with hands-on technical security/hacking manuals--such as Security Warrior, Exploiting Softwar and Hacking Exposed--must differentiate themselves from the pack. Gray Hat Hacking: The Ethical Hacker's Handbook is a proficient work, but doesn't particularly stand out among security texts.

Gray Hat offers a smorgasbord of topics geared toward moderate- and advanced-level practitioners, but fails to go into much depth in any one area. The authors touch on some deep technical issues, such as automated penetration testing and shellcode exploit construction, but the information is largely recycled from other sources and doesn't offer much insight. The authors' great command of the material brings the book some redemption, since they discuss a few refreshingly different topics--such as vulnerability disclosure protocols--that are hardly covered elsewhere.

The complex topic of reverse engineering gets somewhat short shrift, with a single chapter dealing with the two distinct methods--analysis of human-readable source code and of machine object code, which requires disassembly. Gray Hat describes the standard tools for scanning source code, but knowing how to use scanners is a basic skill for source code analysis. This condensed discussion shortchanges the reader. The authors would have done better to explain how and why the code is written, so readers could seek an outside reference or consultant for source code analysis projects.

The authors did, however, deliver on their ethical obligations to provide accurate countermeasures to the attack methods they describe--a true value to readers. For example, after describing a next-generation, stealthy network-based tool that identifies the operating system on remote hosts, the authors make specific recommendations for firewall configurations at the network's edge.

While books dedicated to specific issues--such as The Shellcoder's Handbook--will certainly dig deeper than Gray Hat Hacking, security professionals will find value in the authors' formidable understanding of the material.

--Patrick Mueller

This was first published in January 2005

Dig deeper on Security Testing and Ethical Hacking

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close