The goal of The Ethical Hacker’s Handbook is to “produce highly skilled security professionals” committed to defending against hacking that crosses the boundary into the malicious realm, say the authors. They more than meet this objective.

The book strives for simplicity, with a step-by-step approach that could greatly aid novice readers’ understanding of the subject matter. Technical jargon is used sparingly and is explained adequately. In addition, the authors do a superb job of making the material even more accessible with their use of informal, lively language.

But make no mistake; this book is not for the faint of heart. While the authors do not explicitly identify their target audience, the book is clearly intended as a practical guide for professionals working directly in IT security. Due to the research and practice required to explore, understand, and test the concepts discussed, the reader must have adequate time and motivation to make full use of this resource.

The authors have done an excellent job of extracting the relevant material to help the reader get the job done. Well-thought-out examples are provided and explained in great depth. Throughout the book, screen shots help the reader in following along with the authors’ examples. The reader can benefit most from the material by setting up a virtual machine and installing the book’s tools, then walking through its vulnerability, malware analysis, and exploit examples.

The text provides credible, noteworthy references for the reader to examine for better understanding of particular topics. That type of follow-up is essential for the reader to gain the substantive knowledge needed to fully comprehend some topics, such as zero-day exploits.

This book is a must-have for the security professional who is ready to move to the next level or greatly expand his or her knowledge and play some serious defense against malicious hackers.

(Gray Hat Hacking: The Ethical Hacker’s Handbook, Second Edition, by Shon Harris et al, is published by McGraw-Hill/Osborne Media;www.mhprofessional.com (Web); 550 pages; $49.99.)

Reviewers: Thomas McElroy, CPP, PCI, is Director of InfoSec Incident Response for Hilton Hotels Corp. in Memphis, Tennessee. He is chairman of ASIS’s Memphis Chapter and vice chairman of the ASIS Information Technology Security Council. Sanitra Angram, CISSP (Certified Information Systems Security Professional), GSEC (Global Information Assurance Certification Security Essentials Certification), is an information security professional with Hilton specializing in incident response and an instructor at ITT Technical Institute in Memphis.