Coding for Penetration Testers: Building Better Tools Review

Posted by Richard Wyant on 6/13/2013 / Labels: , , , , ,
Coding for Penetration Testers: Building Better Tools
Average Reviews:

(More customer reviews)Are you looking to buy Coding for Penetration Testers: Building Better Tools? Here is the right place to find the great deals. we can offer discounts of up to 90% on Coding for Penetration Testers: Building Better Tools. Check out the link below:

>> Click Here to See Compare Prices and Get the Best Offers

Coding for Penetration Testers: Building Better Tools ReviewI have to say this has been the biggest disappointment of all security-related books that I ever purchased (there were dozens). It should be named "A quick glance at a few scripting languages".
To give an example, Python is mentioned on 33 pages (that includes a few pages for scapy) where you'll be shown how to (hold your breath) send an ICMP packet. (I will not talk about PEP8 here).
To drill a bit further, the chapter about Python lists is about (wait for it) - bitwise operations. Lists are only mentioned as a way of storing data for the given example which shows how you can use Python to calculate net & broadcast address from a CIDR notation (why would you want to use lists for that?). There is no meaningful mention of list indexing or slicing.
The chapter about Python exceptions is just appaling.
There is no explanation of "why" anywhere, just "what" and a little bit of "how". Also, no hint on where to look for further information.
Real beginners might find this book interesting for getting a basic idea of how are scripting languages used (bash, Python, Perl, Ruby and PowerShell all get a really quick intro). But then they would get really confused towards the end of the book when they suddenly find authors throwing shellcode at vulnerable FTP server and using some terms that are mentioned very briefly: "EIP is called the Instruction pointer", "ESP points to stack area where you can see the stack", "as you can see, the EIP is now overwritten with 41414141 so the server is vulnerable". Is any beginner expected to understand this?
I'm really struggling to see who is the intended audience. It does not give any explanation to beginners and is way too shallow for any penetration tester.Coding for Penetration Testers: Building Better Tools Overview

Want to learn more information about Coding for Penetration Testers: Building Better Tools?

>> Click Here to See All Customer Reviews & Ratings Now

0 comments:

Post a Comment