While you’re relaxing at the beach or barbecuing smoky kebabs over the weekend, unbeknownst to you nasty elements in Mumbai, Turkey, Ukraine, China, Azerbaijan, Russia, Iran, New York, Dallas etc are relentlessly plotting to do your business harm by hacking your web site, stealing customer credit card details, filching Social Security Numbers, vandalizing the web pages and ruining your livelihood.
Some hackers do their nefarious deeds for money by selling the stolen information on shady online black markets while others are in it for the thrill.
As Alfred tells Bruce a.k.a. Batman in Dark Knight:
Some men aren’t looking for anything logical, like money. They can’t be bought, bullied, reasoned, or negotiated with. Some men just want to watch the world burn.
Whether hackers are doing it for money or thrill, the damage is real.
In recent months, hackers have penetrated computer systems of Staples, Morgan Stanley, Target, UPS and countless other American companies and stolen valuable information like customer credit card details, address, social security numbers and other precious private information.
Every day brings worrisome news of a new security breach.
The U.S. Department of Homeland Security recently warned that over 1,000 U.S. retailers could have malware in their cash register computers.
Even employees of the Department of Homeland Security are not immune from the reach of malicious hackers. Media reports in August 2014 said internal records of 25,000 DHS employees containing sensitive information were exposed after a computer attack at a contractor.
Given the numerous security breaches, there’s obviously a good job market for people with solid Linux skills and expertise in penetration testing of computers and networks and who can help to to prevent the next round of attacks or mitigate its severity.
To understand penetration testing, there’s no better place to start than Professor Patrick Engebretson’s book The Basics of Hacking and Penetration Testing.
Although Professor Engebretson’s book is three-years old and the BackTrack Linux OS he describes in its pages has been succeeded by Kali Linux, it’s still a valuable primer on the subject of penetration testing.
Our below discussion on penetration testing draws from his book.
What is Penetration Testing
Simply put penetration testing refers to legally authorized attempts to exploit computers (including servers, desktops and point of sale systems) and networks to make them more secure (see chapter 1 of Prof. Engebretson’s book).