ETHICAL HACKING

Submitted To- DR
Submitted By-
PUSHPINDER SINGH
Abhinav Gupta
PATHEJA
Importance of Ethical Hacking
The literal definition of the term ‘hacking’ implies finding vulnerabilities in the system firewall and
exploiting them to gain illegal access to perform malicious activities. Hackers who can bypass the
security can delete or steal sensitive information that can damage the company or individual.

Ethical Hacking, however, is a legal variation of hacking. Companies hire computer experts to test
system security, identify vulnerabilities, and provide analysis on how to improve the firewall. It is also
a way for government agencies to identify and locate potential threats to national security.

Individuals who have permission to hack the computer systems are referred to as ‘ethical hackers.’
They are certified to hack as per the client's instructions. After the vulnerabilities are identified, the
hackers present a ‘maturity scorecard, which states the level of risk, the number of loopholes in the
security, and suggests improvements.
Ethical Hacking is defined as the method of penetrating data by a person or a company for determining the potential
threat on the computer network to save the system from potential data loss. And so, Learning Ethical Hacking
includes studying the tools, concentrating on the mindset of a Hacker and the techniques used by them to identify
and rectify the vulnerabilities in the Computer System or the Software. Moreover, for those who are looking for a job
in Ethical Hacking or add a new skill can seize the benefit from Ethical Hacking Training and Certification.

With more and more companies entering the e-commerce ecosystem and adopting new technologies like cloud
computing, the threat from imminent security breaches is clearly demanding the need for efficient information
security systems. The rising threat from cyber-attacks has exposed the severe shortage of talent in this sector.

Additionally, with the exponential rise of cybercrimes, agencies and businesses also need a way to counter the
growing threat. Vulnerabilities in security leave the company systems susceptible to malware. Viruses, ransomware,
worms, and malware are doubling in number, with the advancing technology, making ethical hacking a necessity.

Each year, millions of new pieces of malware are created, often making use of new vulnerabilities that have been
discovered. Since 2005, there has not been a year without at least 10 million data records compromised. In the year
2017, nearly 200 million records were compromised.
● In the existing industry, there are many jobs for ethical hacking. In the organization, to test the security
systems, ethical hacking is really useful. Ethical hacking ensures that all the systems are secure and not
vulnerable to black hat hackers. These days, there are a lot of hacking attacks. That's why the demand for
ethical hackers is huge.

● Ethical hacking is used to secure important data from enemies. It works as a safeguard of your
computer from blackmail by the people who want to exploit the vulnerability. Using ethical hacking, a
company or organization can find out security vulnerability and risks.
● Governments use State-sponsored hacking to prevent intelligence information about influence politics,
an enemy state, etc. Ethical hacking can ensure the safety of the nation by preventing cyber-terrorism
and terrorist attacks.
● In an organization, ethical hacking can identify the weakness of your software security. Using the
hacker's perspective, you can look at your security and fix any anomalies before making a problem in
the company's success.
● Hackers can think from an attacker's perspective and find the potential entry point and fix them before
any attacks.
● Via real-world testing, one can enhance digital network security and prevent security breaches.

● Improved security ensures the safety of client products and data and builds clients and investors trust.
● Ethical hackers develop many tools and methods and quality assurance tester to eliminate all the system's
vulnerabilities.

● We hear that attackers are hacked the big companies and big systems. Sometimes ago, a hacker hacked
the Uber website. Due to this, the important information of around 50 million users was exposed. Many
big companies like Google, Yahoo, Instagram, Facebook, Uber, they hire hackers. The hackers try to hack
their systems. After hacking the system, they tell all the places where they found the weakness so that the
company can fix it. Many companies also perform bug bounty programs. In this program, all the hackers
around the world try to hack the website or web of that company. If the hacker finds any bug, the company
will pay them a reward for the bug.
● Hackers can think from an attacker's perspective and find the potential entry point and fix them before
any attacks.
● In a company, the trained ethical hackers are the main strength. To ensure the functions of software
aptly, ethical hackers can apply quick security tests under extreme and standard conditions.
● Ethical hackers develop many tools and methods and quality assurance tester to eliminate all the
system's vulnerabilities.
● The prime purpose of ethical hacking is to prevent sensitive data from falling into enemy hands. It
safeguards your company from blackmail by those willing to exploit the vulnerabilities.
● Via real-world testing, you can enhance your digital network security and prevent security breaches.
● Improved security ensures the safety of client products and data and builds clients’ and investors’ trust.
● Ethical hacking can prevent cyber-terrorism and terrorist attacks, ensuring the safety of the nation.
● Hackers can identify potential entry points from an attackers’ perspective, allowing you the chance to
fix them before an attack.
● It also opens up employment opportunities for those wanting a new role or hoping to impress their
organizations.
● With swift development cycles, quality assurance and security testing are often overlooked. Trained
ethical hackers are an asset to the company. They can perform quick security tests to ensure the
software functions aptly under standard and extreme conditions.
● Ethical hackers and other quality assurance testers have developed tools and methods to speed up the
identification and elimination of all vulnerabilities in the system.
● Ethical Hackers are employed in an organization to use the hacking tools and strategies to test the security measures of the
company in a safe and controlled environment. With the help of these hacking techniques, the ethical hackers are able to
determine what all security measures are effective and what all security measures need to be updated. With the data
obtained from these tests, the management is able to make certain decisions on how to make improvements in the
information security and what are the areas where it needs improvement.

● Ethical Hackers perform a complete analysis of the security system of the company after they have completed the task, they
submit a detailed report to the company that covers the details of the vulnerabilities and system flaws. For example, the
system administrators provide passwords to an unauthorized person, or the system lacks sufficient password encryption etc.
Therefore, these weaknesses in the system enable the management to implement highly secured procedures to restrict the
intruders from exploiting either the computer networks or the mistakes of their own personnel.

● Ethical Hackers have complete knowledge of the techniques that can be used by an unethical hacker to penetrate the system
security. Ethical Hackers demonstrate these strategies and techniques to the management, which can help the management
to figure out how unauthorized persons, or terrorists etc can penetrate their system and cause serious damages to their
businesses. When the management is completely aware of the strategies and techniques used by the unethical hackers, they
can get prepared to restrict any intrusion and prevent unauthorized access to their systems, thereby securing critical
information of their business intact.
Function of Ethical Hacking
Penetration Testing
Penetration testing is a type of security testing that is used to test the insecurity of an application. It is conducted to find the
security risk which might be present in the system.
If a system is not secured, then any attacker can disrupt or take authorized access to that system. Security risk is normally
an accidental error that occurs while developing and implementing the software. For example, configuration errors, design
errors, and software bugs, etc.

Why is Penetration Testing Required?

Penetration testing normally evaluates a system’s ability to protect its networks, applications, endpoints and users from
external or internal threats. It also attempts to protect the security controls and ensures only authorized access.
Penetration testing is essential because −
● It identifies a simulation environment i.e., how an intruder may attack the system through white hat attack.
● It helps to find weak areas where an intruder can attack to gain access to the computer’s features and data.
● It supports to avoid black hat attack and protects the original data.
● It estimates the magnitude of the attack on potential business.
● It provides evidence to suggest, why it is important to increase investments in security aspect of technology

When to Perform Penetration Testing?

Penetration testing is an essential feature that needs to be performed regularly for securing the functioning of a system. In
addition to this, it should be performed whenever −
● Security system discovers new threats by attackers.
● You add a new network infrastructure.
● You update your system or install new software.
● You relocate your office.
● You set up a new end-user program/policy.
How is Penetration Testing Beneficial?
Penetration testing offers the following benefits −
● Enhancement of the Management System − It provides detailed information about the security threats. In addition to
this, it also categorizes the degree of vulnerabilities and suggests you, which one is more vulnerable and which one
is less. So, you can easily and accurately manage your security system by allocating the security resources
accordingly.
● Avoid Fines − Penetration testing keeps your organization’s major activities updated and complies with the auditing
system. So, penetration testing protects you from giving fines.
● Protection from Financial Damage − A simple breach of security system may cause millions of dollars of damage.
Penetration testing can protect your organization from such damages.
● Customer Protection − Breach of even a single customer’s data may cause big financial damage as well as
reputation damage. It protects the organizations who deal with the customers and keep their data intact.
Planning & Preparation
Planning and preparation starts with defining the goals and objectives of the penetration testing.
The client and the tester jointly define the goals so that both the parties have the same objectives and understanding. The
common objectives of penetration testing are −
● To identify the vulnerability and improve the security of the technical systems.
● Have IT security confirmed by an external third party.
● Increase the security of the organizational/personnel infrastructure.

Reconnaissance
Reconnaissance includes an analysis of the preliminary information. Many times, a tester doesn’t have much information
other than the preliminary information, i.e., an IP address or IP address block. The tester starts by analyzing the available
information and, if required, requests for more information such as system descriptions, network plans, etc. from the client.
This step is the passive penetration test, a sort of. The sole objective is to obtain a complete and detailed information of the
systems.
Discovery
In this step, a penetration tester will most likely use the automated tools to scan target assets for discovering
vulnerabilities. These tools normally have their own databases giving the details of the latest vulnerabilities. However,
tester discover
● Network Discovery − Such as discovery of additional systems, servers, and other devices.
● Host Discovery − It determines open ports on these devices.
● Service Interrogation − It interrogates ports to discover actual services which are running on them.

Types of Pen Testing

Following are the important types of pen testing −
● Black Box Penetration Testing
● White Box Penetration Testing
● Grey Box Penetration Testing
Thank You