Open in app

Sign in

Write

Sign in

Ethical Hacking

Umayanga Vidunuwan
2 min readMay 30, 2021

What is ethical hacking?

Ethical hacking involves an authorized attempt to gain unauthorized access to a computer system, application, or data. Carrying out an ethical hack involves duplicating strategies and actions of malicious attackers. This practice helps to identify security vulnerabilities that can then be resolved before a malicious attacker has the opportunity to exploit them.

Also known as “white hats,” ethical hackers are security experts that perform these assessments. The proactive work they do helps to improve an organization’s security posture. With prior approval from the organization or owner of the IT asset, the mission of ethical hacking is opposite from malicious hacking

Key concepts of ethical hacking

Stay legal. Obtain proper approval before accessing and performing a security assessment

Define the scope. Determine the scope of the assessment so that the ethical hacker’s work remains legal and within the organization’s approved boundaries.

Report vulnerabilities. Notify the organization of all vulnerabilities discovered during the assessment. Provide remediation advice for resolving these vulnerabilities.

Respect data sensitivity. Depending on the data sensitivity, ethical hackers may have to agree to a non-disclosure agreement, in addition to other terms and conditions required by the assessed organization.

What skills and certifications should an ethical hacker obtain?

An ethical hacker should have a wide range of computer skills. They often specialize, becoming subject matter experts (SME) on a particular area within the ethical hacking domain.

All ethical hackers should have:

  • Expertise in scripting languages.
  • Proficiency in operating systems.
  • A thorough knowledge of networking.
  • A solid foundation in the principles of information security.

What are some limitations of ethical hacking?

  • Limited scope. Ethical hackers cannot progress beyond a defined scope to make an attack successful. However, it’s not unreasonable to discuss out of scope attack potential with the organization.
  • Resource constraints. Malicious hackers don’t have time constraints that ethical hackers often face. Computing power and budget are additional constraints of ethical hackers.
  • Restricted methods. Some organizations ask experts to avoid test cases that lead the servers to crash (e.g., Denial of Service (DoS) attacks).

--

--

Umayanga Vidunuwan

Written by Umayanga Vidunuwan

29 Followers

| Software Engineering Undergraduate| University Of Kelaniya | Sri Lankan|

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams