Re: Penetration testing books (Metasploit)

[krymson () gmail com]

The book is overpriced for what you get. There are two main topics. 

First, the basics on installing and using Metasploit. While it can be esoteric to figure out for the first time, there 
are plenty of free resources on the web to accomplish this.

The second part has some decent information on writing your own payloads, but was just not all that useful to me.

The case studies are interesting, but you're better off picking it up in the bookstore, flipping to them, reading them, 
then replacing the book on the shelf.

If you can get the book for less than $20, it might be a decent addition to your book shelf, but otherwise a Saturday 
spent with you, Metasploit, the Internet, and a target Windows XP install will teach you a lot more than this book will.



<- snip ->
Palacios Ruiz, Pablo wrote:
> Metasploit Toolkit for Penetration Testing, Exploit Development, and Vulnerability Research
> Publisher Syngress
> Author(s) James Foster
> ISBN 1597490741

I've been looking at this one too, but it is more than a year old and as 
far as I know Metasploit has been completely rewritten since then. Is it 
still up to date ? Or should I say, is it still worth the money ?

For web pentesting I can recommend the OWASP testing guide: 
http://www.owasp.org/index.php/Category:OWASP_Testing_Project

Cheers,
Robert