Disclaimer
This guide is solely for educational purposes only. Any acts of hacking taught here is for Ethical Hacking. Any hacking actions done without permission of owner is considered an illegal act by the law. Hence, do practice on your own network structure and your own devices.
Introduction
Ethical hacking and ethical hacker are terms used to describe hacking performed by a company or individual to help identify potential threats on a computer or network.
Terms of Ethical Hacking:
>Penetration Test: Legal attempt to break into a company’s network to find its weakest link.
> Hackers: Someone who access computer system or network to identify flaws in security system, can be done with or without permission.
>Crackers: Someone who breaks into the systems to steal or destroy the data without permission.
Penetration Testing
Practice of testing a computer system, network or web application to find security vulnerabilities that an attacker could exploit.
Process:
- Scope of Test
> Extend of the testing
>What will be tested
>From where it will be tested
>By whom it will be tested - Performing Penetration Test
- Report and Deliver result
Methodologies:
- White Box Model
- Method where a white hat hacker has full knowledge of the system being attacked
- Black Box Model
- Method where an ethical hacker has no knowledge of the system being attacked
- Gray Box Model
- Testing of software with limited knowledge of its internal workings.