This book does not teach you penetration testing technically, it teaches you penetration testing professionally. Here, the pentest is not a technical exercise anymore, it becomes a paid service delivered to a customer to satisfy a business need. This requires more than throwing a bunch of tools and lines of code toward a target. This requires things like planning, methodology, quality and risks management, and communication. This is what this book is about.
This book target mainly three kind of audiences:
People who are already familiar with the technical side of pentesting and are wondering if making it a career would be interesting for them (doing something as a hobby and as a job is not the same) and, if so, how to proceed and what to expect.
Pentesters already in the field but who would-like to have a broader view of their current job.
Project managers who are already familiar in handling technical projects but are new in the field of penetration testing.
A lot of books describe pentesting in a world of exploits and mitigations. The fact that this one describes pentesting in a world of business needs, risks and costs sets it apart from the others.
While in the introduction I heavily emphasize on the management aspect of this book, this is actually only half the book. Technical aspects such as “creating and operating a formal hacking lab”1 and the several phases of conducting a penetration test from information gathering to writing the final report are also well covered (a DVD is even provided to feed your pentest lab with targets systems).
However, if you are only interested in these technical aspects, other books analyze them more deeply. Here they are covered mainly to allow technical and management people to understand each other by speaking the same language and having a better realization of the ins and outs of each other’s activity.
“creating and operating a formal hacking lab” happens to be the subtitle of the first edition of the book, “learning” replacing “operating” in the second edition. I find this subtitles a bit misleading as people buying this book in order to technically learn to build and work with a pentest lab are usually disappointed by the relatively small amount of information compared to other books dedicated to the subject. ↩