<rant> If you could learn to hack/assess from reading a book everyone would do
it. Does a carpenter go get a book to learn to swing a hammer.?No he goes out
and does it and probably smashes a few knuckles in the process.The most
important part of hacking/assessing is opening your mind see where it leads.
There is a million ways to check for XSS, CSRF etc. You have to be determined
and flexlible. Try things even though it shouldn't work.
e.g I was looking for XSS in a input field. Tried all the normal stale
"><script>alert('XSS')</script> type syntax. - nadda.
Only after I padded it with 20 null characters (%00) on each side it did pop.
Reading should give you 'ideas' after that its up to you.
CEH is a baseline like most certs. It says I sat through a week of training and
then I took a multiple choice test. May mean I know my stuff and want to
documnt it to an extent. Or I May be good at tests and dont know sh@t about
security.</rant>
Jay
----- Original Message -----
From: Michelle Duff [mailto:mduff@tampabay.rr.com]
To: manis@digital39.com,pen-test@securityfocus.com
Sent: Fri, 24 Aug 2007 01:01:23 -0400
Subject: RE: CEH Books
Peter -
Sorry, I haven't read those books...when I can't find anyone who's read a
study book, I'll check out the reviews on Amazon.com - granted, the
reviewers may not always have a clue, but the more the book is reviewed I
can get an idea if it's what I need & if it's any good... I've had good
results w/ this method.
Amazon readers gave Michael Graves' Exam Prep book a good review:
http://www.amazon.com/Certified-Ethical-Hacker-Exam-Publishing/dp/0789735318
/ref=sr_1_1/102-9254239-5172111?ie=UTF8&s=books&qid=1187930981&sr=1-1
Amazon readers also gave Kimberly Graves' Review Guide good marks:
http://www.amazon.com/CEH-Official-Certified-Ethical-Hacker/dp/0782144373/re
f=sr_1_1/102-9254239-5172111?ie=UTF8&s=books&qid=1187931127&sr=1-1
Hopefully, someone here has read the books and can comment on them.
Good luck!
Michelle
-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com] On
Behalf Of Peter Manis
Sent: Thursday, August 23, 2007 6:09 PM
To: pen-test@securityfocus.com
Subject: CEH Books
I found two CEH books on Alibris and I was wondering if anyone had
experience with either.
Certified Ethical Hacker: Exam 312-50
by Michael Gregg
CEH: Official Certified Ethical Hacker Review Guide
by Kimbery Graves
Thanks,
- Pete
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
