What is ethical hacking?
Ethical hacking, also known as penetration testing or pen testing, is legally breaking into computers and devices to test an organization’s defenses. It’s among the most exciting IT jobs any person can be involved in. You are literally getting paid to keep up with the latest technology and get to break into computers without the threat of being arrested.
Companies engage ethical hackers to identify vulnerabilities in their systems. From the penetration tester’s point of view, there is no downside: If you hack in past the current defenses, you’ve given the client a chance to close the hole before an attacker discovers it. If you don’t find anything, your client is even happier because they now get to declare their systems “secure enough that even paid hackers couldn’t break into it.” Win-win!
I’ve been in computer security for over 30 years, and no job has been more challenging and fun than professional penetration testing. You not only get to do something fun, but pen testers often are seen with an aura of extra coolness that comes from everyone knowing they could break into almost any computer at will. Although now long turned legit, the world’s former most notorious uber hacker, Kevin Mitnick, told me that he gets the exact same emotional thrill out of being paid to legally break into places as he did for all those years of illegal hacking. Mitnick said, the only difference “is the report writing.”
What do ethical hackers do?
Scope and goal setting
It is essential for any professional pen tester to document agreed upon scope and goals. These are the kinds of questions regarding scope you need to ask:
What computer assets are in scope for the test?
Does it include all computers, just a …