Ethical hacking is an authorized attempt to gain unauthorized access to a computer system, application, or data using the strategies and actions of malicious attackers. This practice helps identify security vulnerabilities that can then be resolved before a malicious attacker has the opportunity to exploit them.
Ethical hackers are security experts who perform these proactive security assessments to help improve an organization’s security posture. With prior approval from the organization or owner of an IT asset, the mission of an ethical hacker is the opposite of malicious hacking.
This guide details the benefits of pen testing, what to look for in a pen testing solution, and questions to ask potential vendors.
Hacking experts follow four key protocol concepts.
Ethical hackers use their knowledge and skills to secure and improve the technology of organizations. They provide an essential service by looking for vulnerabilities that can lead to a security breach, and they report the identified vulnerabilities to the organization. Additionally, they provide remediation advice. In many cases, ethical hackers also perform a retest to ensure the vulnerabilities are fully resolved.
The goal of malicious hackers is to gain unauthorized access to a resource (the more sensitive the better) for financial gain or personal recognition. Some malicious hackers deface websites or crash back-end servers for fun, reputation damage, or to cause financial loss. The methods used and vulnerabilities found remain unreported. They aren’t concerned with improving the organizations security posture.
An ethical hacker should have a wide range of computer skills. They often specialize, becoming subject matter experts on a particular area within the ethical hacking domain.
All ethical hackers should have
Some of the most well-known and acquired certifications include
Ethical hacking aims to mimic an actual attack to look for attack vectors against the target. The initial goal is to perform reconnaissance, gaining as much information as possible.
Once an ethical hacker gathers enough information, they use it to look for vulnerabilities. They perform this assessment using a combination of automated and manual testing. Even sophisticated systems can have complex countermeasure technologies that may be vulnerable.
In addition to uncovering vulnerabilities, ethical hackers use exploits against the vulnerabilities to prove how a malicious attacker could exploit it.
Some of the most common vulnerabilities discovered by ethical hackers include
After the testing period, ethical hackers prepare a detailed report that includes additional details on the discovered vulnerabilities along with steps to patch or mitigate them.
Black Duck offers managed penetration testing, also known as pen tests, for web applications and services. This security testing technique simulates a real-world attack on a system to identify vulnerabilities and weaknesses in systems and code. Using a blend of manual and tool-based testing, Black Duck managed penetration testing services provides a comprehensive assessment of a runtime environment with accurate results and actionable remediation guidance.
By opting for a managed penetration testing service provider, companies get access to security testing experts who can help them understand their security risks, meet compliance requirements, and enable in-house security teams to focus on other objectives.
- This glossary was verified by Chai Bhat.
Get insights into the current state of security for web-based apps and systems
Download the reportLearn how to gain visibility and secure your apps across the enterprise
Download the white paperGet the trends and recommendations to help improve your software security program
Download the reportThree steps to consolidate your effort, insight, and tools
Download the guide