For people looking to become pen-testers, this is an excellent first step. For anyone simply curious about what pen-testing involves and who wants to try some of the techniques for themselves, it may be all you need.--Network Security,December 1 2011 This book is relevant for a community of hackers (in the positive sense hopefully) or technical auditors. The author, Jeremy Faircloth, is a Sr. Manager/Solutions Architect for Best Buy where, with his team, he architects and maintains enterprise-wide client/server and Web-based technologies. He is a member of the Society for Technical Communication and frequently acts as a technical resource for other IT professionals. He is an expert in many areas including Web development, database administration, enterprise security, network design, large enterprise applications and project management. The author is also co-author to several technical books covering a variety of topics. The author presents in this book a kind of toolbox that can help to test systems' resiliency to penetration actions and thus revealing any exploitable vulnerabilities. The elements presented in this book should enable the design of a penetration tests laboratory.--Computers and Security Readers would find a rich collection of tools here.... Those with a background in this area would find the collection of tool usage and reviews helpful and would benefit from this as a resource.--BCS.org Jeremy Faircloth continues to write about computer and network security in ways that help the InfoSec community. In Penetration Tester's Open Source Toolkit, Third Edition he combines his sharp insight into a wide variety of technologies, diverse penetration testing approaches and several penetration testing tools (then showcases these tools in action in the case study in each chapter) so the student of penetration testing can go out and get it done. This is just the kind of writing we should be expecting from our front runners in IT to be doing to support our Enterprise.--Tim Hoffman, President, Alida Connection All in all Penetration Tester's Open Source Toolkit is a good read. Clear, concise and made me want to put to work the knowledge I had learnt at the end of each chapter so that I could say, yes I do understand how that works and how to use it in future tests.--review on Hakin9.org Intended for new and experienced penetration testers as well as database administrators, system architects, and others involved in security design, this guide to open source tools provides detailed practical information on freely available applications for security testing. Beginning with an overview of general tools, the work covers reconnaissance and scanning, client side attacks, database hacking, web and web application vulnerabilities, wireless penetration and building customized testing and penetration 'labs.' The volume includes numerous screenshots, illustrations, and code examples as well as information on where to collect the open source applications discussed in the work.--SciTech Book News My first impression about this book was that it was loaded with information! The book is well organized and systematically walks you through the art/science of penetration testing. The language used is easy to understand and if you look at each chapter, the book is organized in a certain fashion. Each chapter starts with an objectives section and the approach taken, followed by a concise discussion on the core technologies and various helpful Open Source tools. The last section before the summary is dedicated to a case study, which helps tie together all the information from that chapter. One element of the book that really stood out for me was the Hands-on challenge section. It really lifts the book from a passive reading source to a more practical guide and prompts the reader to experiment with a few things.--PenTest Magazine As mentioned earlier, this book is a treasure of open source tools, but what I would have loved to see is a cheatsheet of all the tools mentioned. One of the biggest takeaways for me from the book is the importance of getting comfortable with open source tools, such as Backtrack suite and Metasploit. Knowledge of python can be an added advantage, especially if you intend to modify the existing script.--PenTest Online
