11 Part 7: The Part of Tens Chapter 20: Ten Tips for Getting Security Buy-In Cultivate an Ally and a Sponsor Don’t Be a FUDdy-Duddy Demonstrate That the Organization Can’t Afford to Be Hacked Outline the General Benefits of Security Testing Show How Security Testing Specifically Helps the Organization Get Involved in the Business Establish Your Credibility Speak on Management’s Level Show Value in Your Efforts Be Flexible and Adaptable Chapter 21: Ten Reasons Hacking Is the Only Effective Way to Test The Bad Guys Think Bad Thoughts, Use Good Tools, and Develop New Methods IT Governance and Compliance Are More Than High-Level Audits Vulnerability and Penetration Testing Complements Audits and Security Evaluations Customers and Partners Will Ask How Secure Your Systems Are The Law of Averages Works Against Businesses Security Assessments Improve Understanding of Business Threats If a Breach Occurs, You Have Something to Fall Back On In-Depth Testing Brings Out the Worst in Your Systems Combined Vulnerability and Penetration Testing Is What You Need Proper Testing Can Uncover Overlooked Weaknesses Chapter 22: Ten Deadly Mistakes Not Getting Approval Assuming That You Can Find All Vulnerabilities Assuming That You Can Eliminate All Vulnerabilities Performing Tests Only Once Thinking That You Know It All Running Your Tests Without Looking at Things from a Hacker’s Viewpoint Not Testing the Right Systems Not Using the Right Tools Pounding Production Systems at the Wrong Time Outsourcing Testing and Not Staying Involved
12 Appendix: Tools and Resources Bluetooth Certifications Databases Denial of Service (DoS) Protection Exploits Firewall Rulebase Analyzers General Research and OSINT Tools Hacker and Security Testing Publications Internet of Things Keyloggers Laws and Regulations Linux Live Toolkits Log Analysis Messaging Miscellaneous Mobile Networks Password Cracking Patch Management Security Education and Learning Resources Security Frameworks Security Reports and Statistics Social