Let’s begin with Ethical Hackers. First of all that actually sounds like the world’s coolest job ever. Perhaps it’s because it has the word ‘hacker’ in it and all that Hollywood mumbo-jumbo that is related to these people. Everybody wanted to be an awesome hacker at one point of his life. And if there is actually a job like that, wow, count me in!
What ethical hackers actually do is hacking in its pure form. It’s just that they are doing so legally, as their job for a certain company. They are checking if their employers hardware and software is safe from their, let’s say, evil twins. That also sound kind of cool. And no, I ain’t lame, I’m sure of it, I’ve asked my mother more than once.
And what are penetration testers doing? Pretty much the same in the means of security testing. Let’s get a bit deeper.
What does a Penetration Test mean by itself? The process of elimination various security issues from the computer system and evaluating it from a foul, malicious source. The process is about some active analysis of the system itself in order to locate all of the potential vulnerabilities (as much as possible). They may take place due to various reasons such as:
- Poor or improper configurations of the system
- Known or unknown hardware flaws
- The same as the previous bullet yet the flaws occur in software
- Operational weakness
This is something an Ethical Hacker would be doing as well, thus a testers job is officially even cooler than it was from this day and forth! We do test to find some both known as well as unknown hardware and software flaws and operational weaknesses, right? Security, as we all know is a crucial element nowadays as apps do have lots of safety responsibilities due the fact they contain lots of user information. That definitely requires some testing involved.
Let’s look on a certain example. Let’s try using a bit of SQL injections inside the input field on an un-expecting web app. We know how the entered value will be used. It will be used as a parameter in the mentioned SQL query. So if everything works as planned (not the right way it’s supposed to, but according to our vicious little plan) the entered sting has the potential of deleting all of the data. We are aware of the data behind. Thus entering a valid DELETE query right inside the field is not a problem. The app caught and returned the error. Our hacking attempt failed, so we win. We win as Ethical Hackers of a sort. Enjoy this knowledge!