Book Review: Hacking for Dummies 6th Edition

Hacking for Dummies by Kevin Beaver is an information security professional’s introduction to ethical hacking.  It is 22 chapters of information ranging from definitions (kept to a minimum) to reporting findings and everything in between.  It also includes an appendix full of tools and resources useful for testing, reporting, and researching.  It is not the end-all be-all of ethical hacking.  There are topics on which it scratched the surface and others where it spends a little more time.  On just about every topic, the author refers to additional resources that are also listed in the appendix.  What follows is what I felt were the good points of the book, the not so good, and a final recommendation.  As Sun Tzu wrote some 2500 years ago, “Know yourself and know your enemy and you need not fear the outcome of 100 battles.”¹

The Good

This 6^th version of the popular book has a lot going for it.  The first section on understanding your adversary is point on.  Part of any risk assessment, whether doing a penetration test or just an general risk assessment for your information systems is understanding the threat (Nikolić & Ružić-dimitrijević, 2009; NIST, 2014; Nourbakhshian, Rajabinasr, Hooman, & Seyedabrishami, 2013; Ross et al., 2012)².  In this case the author introduces two overarching types of threats: the insider/malicious user and the criminal hacker or cracker.  The major differentiator between these two is the level of access they have: one is internal and the other external.  The major differentiator between these two is the level of access they have: one is internal and the other external (Beaver, 2018)³.  This was covered briefly but with enough depth for the reader to recognize (Read more...)