• Courses
  • Events
  • Blog
  • Shop
  • Contact
    Have any question?
    +919108167362
    info@pentesterclub.com.com
    RegisterLogin
    Cyber Security World
    • Courses
    • Events
    • Blog
    • Shop
    • Contact

      Uncategorized

      Home » Blog » Ethical Hacking and Penetration Testing

      Ethical Hacking and Penetration Testing

      • Posted by admin
      • Categories Uncategorized
      • Date July 30, 2022
      • Comments 0 comment

      Ethical hackers engage in sanctioned hacking—that is, hacking with permission from the system’s owner. In the world of ethical hacking, most tend to use the term pentester, which is short for penetration tester. Pentesters do simply that: penetrate systems like a hacker but for benign purposes.

      As an ethical hacker and future test candidate, you must become familiar with the lingo

      of the trade. Here are some of the terms you will encounter in pen testing:

      Hack Value This term describes a target that may attract an above‐average level of atten- tion from an attacker. Presumably because this target is attractive, it has more value to an attacker because of what it may contain.

      Target of Evaluation A target of evaluation (TOE) is a system or resource that is being evaluated for vulnerabilities. A TOE would be specified in a contract with the client.

      Attack This is the act of targeting and actively engaging a TOE. Exploit This is a clearly defined way to breach the security of a system.

      Zero Day This describes a threat or vulnerability that is unknown to developers and has not been addressed. It is considered a serious problem in many cases.

      Security This is a state of well‐being in an environment where only actions that are defined are allowed.

      Threat This is considered to be a potential violation of security.
      Vulnerability This is a weakness in a system that can be attacked and used as an entry

      point into an environment.

      Daisy Chaining This is the act of performing several hacking attacks in sequence with each building on or acting on the results of the previous action.

      As an ethical hacker, you will be expected to take on the role and use the mind‐set and skills of an attacker to simulate a malicious attack. The idea is that ethical hackers under- stand both sides, the good and the bad, and use this knowledge to help their clients. By understanding both sides of the equation, you will be better prepared to defend yourself successfully. Here are some things to remember about being an ethical hacker:

      You must have explicit permission in writing from the company being tested prior to starting any activity. Legally, the person or persons who must approve this activity or changes to the plan must be the owner of the company or their authorized representa- tive. If the scope changes, you must update the contract to reflect those changes before performing the new tasks.

      You will use the same tactics and strategies as malicious attackers.

      You have the potential to cause the same harm that a malicious attack will cause and should always consider the effects of every action you carry out.

      You must have knowledge of the target and the weaknesses it possesses.

      You must have clearly defined rules of engagement prior to beginning your assigned job.

      You must never reveal any information pertaining to a client to anyone but the client. If the client asks you to stop a test, do so immediately.

      You must provide a report of your results and, if asked, a brief on any deficiencies

      found during a test.

      You may be asked to work with the client to fix any problems that you find. As I
      will discuss several times in this text, never accept a verbal agreement to expand test parameters. A verbal agreement has no record, and there is a chance of getting sued if something goes wrong and there’s no record.

      Under the right circumstances and with proper planning and goals in mind, you can provide a wealth of valuable information to your target organization. Working with your client, you should analyze your results thoroughly and determine which areas need atten- tion and which need none at all. Your client will determine the perfect balance of security versus convenience

      • Share:
      author avatar
      admin

      Previous post

      What Are Your Responsibilities?
      July 30, 2022

      You may also like

      pexels-cottonbro-4709289
      What Are Your Responsibilities?
      30 July, 2022
      pexels-tima-miroshnichenko-5380649
      So, What Is an Ethical Hacker?
      30 July, 2022
      pexels-tima-miroshnichenko-5380642
      The Early Days of Hacking
      30 July, 2022

      Leave A Reply Cancel reply

      Your email address will not be published. Required fields are marked *

      Search

      Categories

      • Blog
      • Uncategorized
      cropped-logo-1.png
      +919108167362
      info@pentesterclub.com
      Facebook Twitter Google-plus Pinterest

      Company

      • About Us
      • Blog
      • Contact
      • Become a Teacher

      Links

      • Courses
      • Events
      • Gallery
      • FAQs

      © 2020-2022 - Pentester Club Private Limited. All Rights Reserved.

      • Privacy
      • Terms
      • Refund

      Become an instructor?

      Join thousand of instructors and earn money hassle free!

      Get started now

      Login with your site account

      Lost your password?

      Not a member yet? Register now

      Register a new account

      Are you a member? Login now