Introduction to Ethical Hacking
• Ethical hackers
▫ Employed by companies to perform penetration tests
• Penetration test
▫ Legal attempt to break into a company’s network to
find its weakest link
▫ Tester only reports findings
• Security test
▫ More than an attempt to break in; also includes
analyzing company’s security policy and procedures
▫ Tester offers solutions to secure or protect the network
The Role of Security and Penetration
▫ Access computer system or network without
▫ Breaks the law; can go to prison
▫ Break into systems to steal or destroy data
▫ U.S. Department of Justice calls both hackers
• Ethical hacker
▫ Performs most of the same activities but with
• White box model
▫ Tester is told everything about the network topology
▫ Tester is authorized to interview IT personnel and
▫ Makes tester job a little easier
• Black box model
▫ Company staff does not know about the test
▫ Tester is not given details about the network
Burden is on the tester to find these details
▫ Tests if security personnel are able to detect an attack
• Gray box model
▫ Hybrid of the white and black box models
▫ Company gives tester partial information
Ethical Hacking in a Nutshell
• What it takes to be a security tester
▫ Knowledge of network and computer technology
▫ Ability to communicate with management and IT
▫ Understanding of the laws
▫ Ability to use necessary tools
Some questions to assess the Penetration testing knowledge
Questions & answers
• Q. What is XSS or Cross Site Scripting?
Ans. XSS or cross site scripting is type of vulnerability
that hackers used to attack web applications.
into a web page which can steal the confidential
information from the cookies and returns to the hackers.
It is one of the most critical and common technique
which needs to be prevented.
• Q. What is a honeypot?
Ans. Honeypot is fake computer system which behaves
like a real system and attracts hackers to attack on it.
Honeypot is used to find out loop holes in the system
and to provide solution for these kinds of attacks.
Questions & answers (cont.)
• Q. What type of tools are there out there for
Ans. Wireshark is probably the most common
packet sniffing tool. This program can help you find
odd traffic across the network or identify a program
that is sending traffic silently from a host.
• Q. Which tools are you using in Performing
automatic vulnerability testing?
Ans. There are many tools to do so , the most
famous tools are Acunitix , IBM Appscan , Burb
suite , ZAP.