Ethical Hacking
Ethical hacking involves an authorized attempt to gain unauthorized access to a computer system, application, or data. Carrying out an ethical hack involves duplicating strategies and actions of malicious attackers. This practice helps to identify security vulnerabilities which can then be resolved before a malicious attacker has the opportunity to exploit them.
Also known as “white hats,” ethical hackers are security experts that perform these assessments. The proactive work they do helps to improve an organization’s security posture. With prior approval from the organization or owner of the IT asset, the mission of ethical hacking is opposite from malicious hacking.
Key concepts of Ethical Hacking:
Hacking experts follow four key protocol concepts:
Stay legal -Obtain proper approval before accessing and performing a security assessment.
Define the scope - Determine the scope of the assessment so that the ethical hacker’s work remains legal and within the organization’s approved boundaries.
Report vulnerabilities - Notify the organization of all vulnerabilities discovered during the assessment. Provide remediation advice for resolving these vulnerabilities.
Respect data sensitivity - Depending on the data sensitivity, ethical hackers may have to agree to a non-disclosure agreement, in addition to other terms and conditions required by the assessed organization.