background image

F O R E W O R D

Information technology is a complex field, littered 
with the half-dead technology of the past and an 
ever-increasing menagerie of new systems, software, 
and protocols. Securing today’s enterprise networks 
involves more than simply patch management, fire-
walls, and user education; it requires frequent real-
world validation of what works and what fails. This is 
what penetration testing is all about.

Penetration testing is a uniquely challenging job. You are paid to think 

like a criminal, to use guerilla tactics to your advantage, and to find the weak-
est links in a highly intricate net of defenses. The things you find can be both 
surprising and disturbing; penetration tests have uncovered everything from 
rogue pornography sites to large-scale fraud and criminal activity.

Penetration testing is about ignoring an organization’s perception of 

its security and probing its systems for weaknesses. The data obtained from a 
successful penetration test often uncovers issues that no architecture review