Metasploit: The Penetration Tester's Guide


Posted on by Ben Rothke

People who design networks or build software applications are often oblivious to security faults that their designs may have. Those serious about information security will perform or will have an outside firm perform a penetration test—which is a way to evaluate how effective the security of a network or application is. Those performing a penetration test will imitate what an attacker would do in an adversarial situation to see how the system holds up. 

The Metasploit Project is an open-source security project that provides information about security vulnerabilities and assists those performing the penetration tests in building a framework in which to carry out the testing. For those looking to use the Metasploit to its fullest, Metasploit: The Penetration Tester’s Guide is a valuable aid. Metasploit itself is an extremely powerful tool, but it is not an intui-tive piece of software. 

While there’s documentation on Metasploit available at the project Web site, the authors use the book to help the reader become more fluent in how to use the base Metasploit meth­odology to be an effective penetration tester. 

The first two chapters provide an introduction to penetration testing and Metasploit. By chapter four, the reader is deep in the waters of penetration testing. The book progressively advances in complexity. And by the time the reader finishes chapter 17, he or she should have a high comfort level on how to use Metasploit. 

The book is meant for someone who is technical and needs to be hands-on with Metasploit and really understand it. For firms that are looking to do their own penetration testing, Metasploit is a free open-source tool, also used by firms that charge for the service.

For those looking to jump on the Meta­sploit bandwagon, this book is a great way to do that.


Contributors
Ben Rothke

Senior Information Security Manager, Tapad

data security

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment. Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA Conference™, or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.


Share With Your Community

Related Blogs