When it comes to penetration testing and ethical hacking, there is no doubt that the hands-on approach and practical experience are king. However, it is always handy to keep an expert reference and a guide by your side at all times. These are our quick reviews of six of the best and most popular pentesting books around (in no particular order) as of 2020:

Penetration Testing: A Hands-On Introduction to Hacking Paperback, by Georgia Weidman – 4 out of 5This is a very good book for beginners and experts alike. The author explains all the required labs in detail and she always tries to provide tips on how to obtain information. Even though some of the labs might be outdated by now, you can always find the actual upgraded tools online without any huge effort. Such is the nature of penetration testing, I’m afraid. The author is working on her second edition of the book as of this writing.

https://www.amazon.com/Penetration-Testing-Hands-Introduction-Hacking-ebook/dp/B00KME7GN8 Hacking : The Art of Exploitation, 2nd Edition, by Jon Erickson – 4.5 out of 5

For beginners the information presented can be quite daunting at first, but this tome successfully clarifies the basics well and you will find many stimulating insights. It is also a decent overview of mid-range programming, but it can be a bit abstract for beginners. The basics of C programming language are very well described and elaborated upon.

https://www.amazon.com/Hacking-Art-Exploitation-Jon-Erickson/dp/1593271441 Black Hat Python: Python Programming for Hackers and Pentesters, by Justin Seitz – 4.5 out of 5

Black Hat Python is a charming “little” book for aspiring penetration testers, even if it is a bit advanced for the general populace. The code is mostly geared towards Python 2, but it shouldn’t be very hard to convert the code to Python 3. Some of the libraries are a bit dated at this time. Plenty of examples are scattered in the book.

https://www.amazon.com/Black-Hat-Python-Programming-Pentesters-ebook/dp/B00QL616DW OSCP Survival Guide, by Anas Aboureada – 3.5 out of 5

This mini book is a merely a quick reference guide to “commonly used techniques, commands, and tools needed to pass the OSCP”. Note that it is only included here because of how raw it is in providing the specific essentials to pass the exam, but it also works as a quick and “dirty” guide to cram up if required, not that we recommend that.

https://www.amazon.com/OSCP-Survival-Guide-Anas-Aboureada-ebook/dp/B07XF2YMWH The Hacker Playbook 3: Practical Guide To Penetration Testing, by Peter Kim – 4.5 out of 5

A great resource but not for the faint of heart or novices, sorry. The focus on creating practical situations makes it very worthwhile. You need to brush up on your research skills before and while using this book, and a good understanding of Linux is very useful. Be persistent and patient with this book, and you’ll soon find out why it is one of the best resources currently available for pentesting.

https://www.amazon.com/Hacker-Playbook-Practical-Penetration-Testing-ebook/dp/B07CSPFYZ2 The Web Application Hacker’s Handbook: Finding and Exploiting Security Flaws, by Dafydd Stuttard – 4.5 out of 5

Let’s face it, most of the hacking you will be doing comprises web applications. They are the face of the internet and a book dedicated to attacking them (ethically of course!) is a very good idea. If you’re a web application developer, you will find this book a valuable investment of your time, even if your main job doesn’t involve security or cyber assurance. The companion site is also a very good tracking resource while completing the book’s exercises.

https://www.amazon.com/Web-Application-Hackers-Handbook-Exploiting/dp/1118026470