F O R E W O R D
Information technology is a complex field, littered
with the half-dead technology of the past and an
ever-increasing menagerie of new systems, software,
and protocols. Securing today’s enterprise networks
involves more than simply patch management, fire-
walls, and user education; it requires frequent real-
world validation of what works and what fails. This is
what penetration testing is all about.
Penetration testing is a uniquely challenging job. You are paid to think
like a criminal, to use guerilla tactics to your advantage, and to find the weak-
est links in a highly intricate net of defenses. The things you find can be both
surprising and disturbing; penetration tests have uncovered everything from
rogue pornography sites to large-scale fraud and criminal activity.
Penetration testing is about ignoring an organization’s perception of
its security and probing its systems for weaknesses. The data obtained from a
successful penetration test often uncovers issues that no architecture review