{"id":188,"date":"2022-12-17T17:37:23","date_gmt":"2022-12-17T17:37:23","guid":{"rendered":"https:\/\/ecloudsoftware.in\/blog\/?p=188"},"modified":"2022-12-17T17:37:23","modified_gmt":"2022-12-17T17:37:23","slug":"what-is-ethical-hacking","status":"publish","type":"post","link":"https:\/\/ecloudsoftware.in\/blog\/2022\/12\/17\/what-is-ethical-hacking\/","title":{"rendered":"What Is Ethical Hacking?"},"content":{"rendered":"<p>Ethical hacking involves an authorized attempt to gain unauthorized access to a computer system, application, or data. Carrying out an ethical hack involves duplicating strategies and actions of malicious attackers. This practice helps to identify\u00a0security vulnerabilities which can then be resolved before a malicious attacker has the opportunity to exploit them. Also known as \u201cwhite hats,\u201d\u00a0ethical hackers\u00a0are security experts that perform these security assessments. The proactive work they do helps to improve an organization\u2019s security posture. With prior approval from the organization or owner of the IT asset, the mission of ethical hacking is opposite from malicious hacking.<\/p>\n<p>Hacking experts follow four key protocol concepts:<\/p>\n<ol>\n<li><b>Stay legal<\/b>. Obtain proper approval before accessing and performing a\u00a0security assessment.<\/li>\n<li><b>Define the scope<\/b>. Determine the scope of the assessment so that the ethical hacker\u2019s work remains legal and within the organization\u2019s approved boundaries.<\/li>\n<li><b>Report vulnerabilities<\/b>. Notify the organization of all vulnerabilities discovered during the assessment. Provide remediation advice for resolving these vulnerabilities.<\/li>\n<li><b>Respect data sensitivity<\/b>. Depending on the data sensitivity, ethical hackers may have to agree to a non-disclosure agreement, in addition to other terms and conditions required by the assessed organization.<\/li>\n<\/ol>\n<p>Ethical hackers use their knowledge to secure and improve the technology of organizations. They provide an essential service to these organizations by looking for vulnerabilities that can lead to a security breach.<\/p>\n<p>An ethical hacker reports the identified vulnerabilities to the organization. Additionally, they provide remediation advice. In many cases, with the organization\u2019s consent, the ethical hacker performs a re-test to ensure the vulnerabilities are fully resolved.<\/p>\n<p>Malicious hackers intend to gain unauthorized access to a resource (the more sensitive the better) for financial gain or personal recognition. Some malicious hackers deface websites or crash backend servers for fun, reputation damage, or to cause financial loss. The methods used and vulnerabilities found remain unreported. They aren\u2019t concerned with improving the organizations security posture.<\/p>\n<p>An ethical hacker should have a wide range of computer skills. They often specialize, becoming subject matter experts (SME) on a particular area within the ethical hacking domain.<\/p>\n<p>All ethical hackers should have:<\/p>\n<ul>\n<li>Expertise in scripting languages.<\/li>\n<li>Proficiency in operating systems.<\/li>\n<li>A thorough knowledge of networking.<\/li>\n<li>A solid foundation in the principles of information security.<\/li>\n<\/ul>\n<p>While assessing the security of an organization\u2019s IT asset(s), ethical hacking aims to mimic an attacker. In doing so, they look for attack vectors against the target. The initial goal is to perform reconnaissance, gaining as much information as possible.<\/p>\n<p>Once the ethical hacker gathers enough information, they use it to look for vulnerabilities against the asset. They perform this assessment with a combination of automated and manual testing. Even sophisticated systems may have complex countermeasure technologies which may be vulnerable.<\/p>\n<p>They don\u2019t stop at uncovering vulnerabilities. Ethical hackers use exploits against the vulnerabilities to prove how a malicious attacker could exploit it.<\/p>\n<p>Some of the most common vulnerabilities discovered by ethical hackers include:<\/p>\n<ul>\n<li>Injection attacks<\/li>\n<li>Broken authentication<\/li>\n<li>Security misconfigurations<\/li>\n<li>Use of components with known vulnerabilities<\/li>\n<li>Sensitive data exposure<\/li>\n<\/ul>\n<p>After the testing period, ethical hackers prepare a detailed report. This documentation includes steps to compromise the discovered vulnerabilities and steps to patch or mitigate them.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Ethical hacking involves an authorized attempt to gain unauthorized access to a computer system, application, or data. Carrying out an ethical hack involves duplicating.<\/p>\n","protected":false},"author":1,"featured_media":189,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"_links":{"self":[{"href":"https:\/\/ecloudsoftware.in\/blog\/wp-json\/wp\/v2\/posts\/188"}],"collection":[{"href":"https:\/\/ecloudsoftware.in\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ecloudsoftware.in\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ecloudsoftware.in\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/ecloudsoftware.in\/blog\/wp-json\/wp\/v2\/comments?post=188"}],"version-history":[{"count":1,"href":"https:\/\/ecloudsoftware.in\/blog\/wp-json\/wp\/v2\/posts\/188\/revisions"}],"predecessor-version":[{"id":190,"href":"https:\/\/ecloudsoftware.in\/blog\/wp-json\/wp\/v2\/posts\/188\/revisions\/190"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ecloudsoftware.in\/blog\/wp-json\/wp\/v2\/media\/189"}],"wp:attachment":[{"href":"https:\/\/ecloudsoftware.in\/blog\/wp-json\/wp\/v2\/media?parent=188"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ecloudsoftware.in\/blog\/wp-json\/wp\/v2\/categories?post=188"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ecloudsoftware.in\/blog\/wp-json\/wp\/v2\/tags?post=188"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}