xiv Foreword many other sexy topics (that again being completely honest.got most of us hot about getting into security in the first place),and shows us w where it all fits in the grand sche e of the en pe.So inst ead of what the future o to ics,he oe for the reader su Chapter 3,Authorization and Access Control,where he discusses the con- fused deputy problem with real-world examples of CSRF and clickjacking. Chapter 4,Auditing and Accountability,with the coverage of vulnerability assessments and penetration testing and the difference between the two,an important concept not seen in many introductory security tomes. C oter 5 C hy,with the ugg estion of trying buildi g a DIY project by ir own Enigma machine to cra ck ermany's secret code World during ■ Chapter 8,Network Security,and Chapter 9,Operating System Security where the reader doesn't just read about the concepts but is shown actual screenshots of hacking tools such as Wireshark,Kismet,Nmap,and Metasploit to get the job done. I wasn't sure why lason asked me.the editor-in-chief of an online hacking agazine.to w te the fore ord to a security book that clearly is int in nature. Then as I read the book a nd eve entually shared the les abc t became clear that Jason not only had a s ncere desire to shar nowle ge of information security,but he also wanted to impart the mindset of a hacker. In a word,a hacker is a tinkerer.A hacker is someone who just can't help him self from exploring and getting more out of the object of his attention,whether that be a car,a toaster,a computer,or a network.If you can grasp half of the mindset that Jason shows in this book,you'll be well on your way. Inspiring inspiring inspiring.Each step along the way,Jason brilliantly gem of al-worl applicatic s.In doi only inspires the read rbut also slyly helps you determine e path of your career.Certain tidbits will grab your eye.Many examples will make you jot quick note to explore the topic further.There will even be times when you feel like you can't help but put the book down and research the hell out of what you just read.If Jason makes you do that at any point in this book,please take a moment to really process what it is that made your blood flow.It's a sure sign that this is a topic or irer cou be iDon'take thatyou were in a classroom with him,he wouldn't let you you waiti ing for?Dive into this book,get the foundation you need the hacker mindset in yourself and discover whers your passion li Good luck! Donald C.Donzal,CISSP,MCSE,Security SME Editor-in-Chief The Ethical Hacker Networkxiv Foreword many other sexy topics (that, again being completely honest, got most of us hot about getting into security in the first place), and shows us where it all fits in the grand scheme of the entire information security landscape. So instead of just covering the required topics, he avoids the boredom by giving glimpses of what the future could be for the reader such as in n Chapter 3, Authorization and Access Control, where he discusses the con￾fused deputy problem with real-world examples of CSRF and clickjacking. n Chapter 4, Auditing and Accountability, with the coverage of vulnerability assessments and penetration testing and the difference between the two, an important concept not seen in many introductory security tomes. n Chapter 5, Cryptography, with the suggestion of trying a DIY project by building your own Enigma machine to crack Germany’s secret codes during World War II. n Chapter 8, Network Security, and Chapter 9, Operating System Security, where the reader doesn’t just read about the concepts but is shown actual screenshots of hacking tools such as Wireshark, Kismet, Nmap, and Metasploit to get the job done. I wasn’t sure why Jason asked me, the editor-in-chief of an online hacking magazine, to write the foreword to a security book that clearly is introductory in nature. Then, as I read the book and eventually shared the examples above, it became clear that Jason not only had a sincere desire to share his knowledge of information security, but he also wanted to impart the mindset of a hacker. In a word, a hacker is a tinkerer. A hacker is someone who just can’t help him￾self from exploring and getting more out of the object of his attention, whether that be a car, a toaster, a computer, or a network. If you can grasp half of the mindset that Jason shows in this book, you’ll be well on your way. Inspiring, inspiring, inspiring. Each step along the way, Jason brilliantly peppers the foundational topics with gems of real-world applications. In doing so, he not only inspires the reader but also slyly helps you determine the path of your InfoSec career. Certain tidbits will grab your eye. Many examples will make you jot down a quick note to explore the topic further. There will even be times when you feel like you can’t help but put the book down and research the hell out of what you just read. If Jason makes you do that at any point in this book, please take a moment to really process what it is that made your blood flow. It’s a sure sign that this is a topic for which a career could be imminent. Don’t take that lightly. I know if you were in a classroom with him, he wouldn’t let you. So what are you waiting for? Dive into this book, get the foundation you need, find the hacker mindset in yourself and discover where your passion lies. Good luck! Donald C. Donzal, CISSP, MCSE, Security  SME Editor-in-Chief The Ethical Hacker Network