Google Hacking for Penetration Testers, Volume 2 | Johnny Long

Google Hacking for Penetration Testers, Volume 2 | Johnny Long | This book should be on the President's Desk

books:

Google Hacking for...

	Google Hacking for Penetration Testers, Volume 2 Johnny Long Syngress, 2007 - 448 pages average customer review:based on 25 reviews view larger image
	for more information click here

highly recommended

Awesome!!!

You don't know how powerful Google is until you read Google Hacking for Penetration Testers.

This is a great book!

This book should be on the President's Desk

About the only thing I don't like about this book is the title, Google Hacking For Penetration Testers. It sounds like it's going to be boring but it is far from it. This book is fantastic. I couldn't put it down. This book opens up a whole world of information vulnerability from a tool we use in searching for information, the Google search engine.

The book is like a college education spanning the freshman year all the way to graduate school. A novice can easily understand the author's, Johnny Long's, explanations on how to surf Google. Yes,you can go to Google itself and get this information, but he compiles it for you in the first several chapters in a neat, clean, well laid out format. Anyone reading this section will have a solid grounding in the basics of using Google to surf the web.

As I read the book I kept saying "Good Point" and I thought that many web types like myself "know" what the author is saying but seeing it in print makes you focus and think about issues of security. It exposes so many vulnerabilities and gives options to deal with them. For under $45 this book could save you from major problems as an individual or as an enterprise.

The book does get complicated. It expects you to be a web adminstrator, web master, or very familiar with web development and servers. Johnny Long has a straightforward writing style which he combines with concrete examples that open your eyes to the points he is making. For example, Johnny shows how configuration files and document types can be crawled for user names and passwords. It's chilling to read about the devious methods Google hackers use.

Johnny Long is talking about one of the most serious, really important things in this day and age. SECURITY. Secure web sites are important to each of us as individuals. It's important to your company. Vital information is shown to be at risk in Google Hacking. This book should be on the President of the United States desk.

Have you ever seen a tv show where a former thief shows you how to protect your house? This book is just like that. Some of the tips are very simple, ones that many administrators know and those who are smart implement. Others are more complex. The table of contents reads like a dry college curriculum. But if you follow what is written, trying out the suggestions as it relates to your site, not only will you be rewarded, but the book just comes to life and you find yourself saying 'I can't believe how useful this is'.

In summing up, Johnny Long has issued a wake-up call to all who use the web. I showed this book to a colleague of mine and we both felt that the strength of the book lies in its constant repetition that the Google search engine, while effective in helping web surfers find information, also helps those web surfers with not such good intentions. Any reader would do well to follow the author's advice throughout the book in each and every chapter.

for more information click here

Application reconnaissance taken to the next level

'Google Hacking for Penetration Testers' (GHFPT) should be a wake-up call for organizations that consider 'information leakage' a theoretical problem. 'Information leakage' refers to the unintentional disclosure of sensitive information to public forums, like the Web. Security staff can use the tools and techniques outlined in Johnny Long's GHFPT to assess the degree of information leakage affecting their organizations. They can then propose, implement, and test remedies. When Google says they are clean, they can be reasonably assured they are.

'Google hacking' is popular because the results are so unambiguous. If you can locate a sensitive configuration file, mail box, registry key, etc., using Google, so can an intruder. GHFPT thoroughly documents multiple ways to find an incredible range of sensitive information using Web searches. Johnny Long takes care not to document how to find Social Security numbers or credit cards, although details on doing so have been posted on the Web.

While companies have performed corporate espionage or collected 'business intelligence' against each other, I wonder how many direct their gaze inwards. Armed with GHFPT, a security administrator should know how to search and secure his organization's Web site. The book explains tools like Sensepost's Wikto, which automate Google-based reconnaissance and use the Google query API. Those who wish to write their own Google query tools will like James Foster's excellent chapter 12. There he demonstrates four implementations, in Perl, Python, C#, and C.

GHFPT concludes with two appendices. The first, by Pete Herzog, outlines professional penetration testing with respect to the Open Source Security Testing Methodology Manual. The second, by Matt Fisher, is a brief discussion of Web application security. Readers who want to know more about the latter subject will enjoy 'Hacking Exposed: Web Applications' by Scambray and Shema; 'Hack Proofing Your E-Commerce Site,' by Russel, et al; and 'Hack Proofing Your Web Applications,' by Forristal. While those books are several years old, they are thorough and still relevant.

When you hire your next penetration testing team, be sure to ask if they offer Google assessment services. I see this as the next step in application reconnaissance. I also highly recommend all security staff read GHFPT. You are responsible now if an intruder compromises your Web server via an application attack. You will soon find yourself responsible if an intruder queries Google and discovers an exposed password file that yields the same level of access. Reading and experimenting with GHFPT is the best insurance policy you could buy in 2005.

for more information click here

Required reading for network and security admins

If you are at the book store trying to decide if the book is worth spending $44.95, just flip open to Chapter 7: Ten Simple Security Searches That Work. This chapter alone is probably worth the price of the book.

There are some aspects of security that are core fundamentals that remain true throughout time. Then, there are some aspects of security that are created by new technology. A few years ago, securing wireless networks was unheard of. Now it is at the forefront of many security administrator's concerns. Google is the latest hot technology to create its own security field.

There are other search engines, but Google is the one that has become synonymous with the act of Web searching itself. Google is an excellent tool. But, like many excellent tools, it is also somewhat of a double-edged sword. The same aspects that make it excel at what it does also make it gather sensitive and private information which may be used to compromise systems or gain unauthorized access.

This book is a must-read in my opinion. Network and security administrators should be required to read this book and follow the advice at the end to ensure that Google hackers don't compromise your network.

(...)

for more information click here

Best search engine feature summary on the marcet

The book "Google Hacking for penetration testers" is no doubt a real eye opener and as far as I know the first book on the marcet thoroughly covering this important issue. I am confident that this will soon be refered to as a "Standard" literature for IT security.

It is also a nice additional feature that each chapter has its summary at the end.

The actual "contents" of the book is (currently) well worth the money, however there are a few things which I didnt like about the book:

- Book layout should be easier readable / accessable
- The physical pages look like photocopies or copy of a novell that I picked up in a sale.
- optional overview chart tables (take out) would have been a very helpful addition.
- The book reads like an interview or keynote speech, but should actually be more engineering like.
- Whats the point in printing pages of scripts ? Shouldnt that be downloadable or on a cd ? Or at least in the Appendix ?

Summary:

For now probably the "best search engine feature summary on the marcet". The layout of the book should be newly structured to be in an easier accessable format. I guess what I dislike most about the book is the casual writing style and the missing engineer style. The book is hardly usable as a reference but more as a one time read.

If the contents wouldnt be worth it, I would rate it with less. Unfortunately the layout absolutely disvalues the contents value. Usually casual writing style is used to fill the pages, with content thats not thoroughly researched.

for more information click here

reviews: 1, 2, 3, page 4, 5

products you might be interested in