Second book
Together with several other authors, I had the opportunity to co-create second book in my career, “Wprowadzenie do bezpieczeństwa IT” (also known as “Introduction to IT Security”). The book is written in Polish and covers a broad range of topics in the field of IT security. It is targeted at audiences such as:
1) IT managers interested in IT security
2) Individuals from the IT field wanting to learn current security recommendations
3) Those taking their first steps in the area of technical IT security
4) People responsible for implementing security measures in organizations
5) Pentesters wanting to expand their knowledge in different areas related to IT security
My chapter, titled “Penetration Testing” has the following introduction:
The “Penetration Testing” chapter was created for those who wish to acquire or organize knowledge related to the essence and the process of conducting penetration tests from an organizational standpoint. In this chapter, I will outline the individual steps that need to be taken to define the scope of work, choose the appropriate methodology, and set requirements for the summary report. The information provided here should suffice for independently coordinating penetration tests from defining the scope to accepting the work.
The knowledge presented in this chapter is based on experience from over 550 penetration tests conducted in 2021 and 750 completed projects in 2022. In each case, I was the person responsible for defining the scope of work and assisting with problem-solving during their execution.
The goal of this text is not to convey knowledge about all possible techniques for conducting penetration tests, nor to discuss the career path of a pentester. Readers of this chapter do not need any experience other than what comes from working in the broadly defined IT industry.
Authors of the individual chapters are:
- On Ethics in Hacking (Gynvael Coldwind)
- What Every Administrator Should Know About Web Application Security (Michał Sajdak)
- Android – System Security and Basic Penetration Testing of Mobile Applications (Marek Rzepecki)
- iOS – System Security and Basic Penetration Testing of Mobile Applications (Marek Rzepecki)
- Penetration Testing (Marcin Piosek)
- Introduction to Cyber Threat Intelligence (Bartosz Jerzman)
- Threat Modeling and Risk Analysis of Applications (Łukasz Basa, Wiktor Sędkowski)
- Introduction to the MITRE ATT&CK® Framework (Wojciech Lesicki)
- Cryptology at a Glance (Iwona Polak)
- Introduction to the Security of Industrial Control Systems (ICS/OT) (Marcin Dudek)
- Data Security at Rest – Encryption and Data Deletion (Krzysztof Wosiński)
- OSINT – An Introduction (Tomasz Turba)
- Physical Security – Asset Protection (Tomasz Dacka)
- Modern Fuzzing (Marek Zmysłowski)
- Email Message Authentication Mechanisms – SPF, DKIM, and DMARC (Grzegorz Trawiński)
- Hashcat - Racing Against Time in a Balance of Forces and Resources (Konrad Jędrzejczyk)
- Introduction to the Metasploit Tool (Piotr Ptaszek)
- PowerShell in Offense (Paweł Maziarz)
For more information about the book you can: