Book Review: Ninja Hacking by Thomas Wilhelm and Jason Andreas

Every now and then I share with the readers my views on a specific security related book. This time the title I scanned through is "Ninja Hacking: Unconventional Penetration Testing Tactics and Techniques". In a nutshell, this is a book for those who would like to get introduced into the world of security and insecurity. Especially those who also enjoy martial arts. However, this book does not target specifically at technical IT security professionals. Here you are a biased and telegraphic view:

chapter 1
It starts with the disclaimer that this is not a usual pen testing book. It includes
a reference to ancient feudal Japanese tradition: ninjas and samurais, the documented and the undocumented side of war and military strategy. It mentions how the public image of ninjas was negative. Stealthy reconaissance was a ninja technique. The authors establish a parallel between ninja codes and weapons and unusual pen testing.

chapter 2
This chapter links pen testing with Ninjitsu. They mention arts such as espionage and unconventional warfare. The authors propose that while white hats use methodologies to perform pen tests, ninjas take alternative paths. Important detail: ninjas move undetected.

The difference between white and black hacking is system owner permission. The description of grey hat hackers in this book is somehow confusing: they use illegal attack methods without hacking the spirit of the law?

All in all, 17 chapters for those readers willing to get an initial flavour of what insecurity means today. A light appetizer for a non-technical audience before embarking on more robust references.

Ninja "security" turtles?