Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Secure Reads: Gray Hat Hacking

Gray Hat Hacking: The Ethical Hacker's Handbook

This article can also be found in the Premium Editorial Download: Information Security magazine: How security pros can benefit from information sharing
Gray Hat Hacking: The Ethical Hacker's Handbook
By Shon Harris, Allen Harper, Chris Eagle, Jonathan Ness and Michael Lester
456 pages, $49.99
McGraw Hill/Osborne Media


Gray Hat Hacking: The Ethical Hacker's Handbook

Any authors willing to throw their hats in the ring with hands-on technical security/hacking manuals--such as Security Warrior, Exploiting Softwar and Hacking Exposed--must differentiate themselves from the pack. Gray Hat Hacking: The Ethical Hacker's Handbook is a proficient work, but doesn't particularly stand out among security texts.

Gray Hat offers a smorgasbord of topics geared toward moderate- and advanced-level practitioners, but fails to go into much depth in any one area. The authors touch on some deep technical issues, such as automated penetration testing and shellcode exploit construction, but the information is largely recycled from other sources and doesn't offer much insight. The authors' great command of the material brings the book some redemption, since they discuss a few refreshingly different topics--such as vulnerability disclosure protocols--that are hardly covered elsewhere.

The complex topic of reverse engineering gets somewhat short shrift, with a single chapter dealing with the two distinct methods--analysis of human-readable source code and of machine object code, which requires disassembly. Gray Hat describes the standard tools for scanning source code, but knowing how to use scanners is a basic skill for source code analysis. This condensed discussion shortchanges the reader. The authors would have done better to explain how and why the code is written, so readers could seek an outside reference or consultant for source code analysis projects.

The authors did, however, deliver on their ethical obligations to provide accurate countermeasures to the attack methods they describe--a true value to readers. For example, after describing a next-generation, stealthy network-based tool that identifies the operating system on remote hosts, the authors make specific recommendations for firewall configurations at the network's edge.

While books dedicated to specific issues--such as The Shellcoder's Handbook--will certainly dig deeper than Gray Hat Hacking, security professionals will find value in the authors' formidable understanding of the material.

--Patrick Mueller

This was last published in January 2005

Dig Deeper on Penetration testing, ethical hacking and vulnerability assessments

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.