Ethical hacking for WebApp - Part #1
Hello friends,
one week ago I wrote a post about Ethical hacking for WebApp saying that I will be publishing some HowTo articles to learn the basic of Pentesting.
Today I want to give a brief introduction to the Ethical Hacking/Pentester world, basic concepts and basic procedures. A good way to do it, is to answer some basic questions: What? Where? When? Who?
What is a Pentest?
We can say a Pentest is a group of techniques and skills that you implement against a target (computer/s or application) to gain unauthorized access and show the company which is hiring you as a Ethical Hacker the weakness of the system and how to fix it.
An Ethical Hacker is someone who uses his advanced computer skills to analyze vulnerabilities and patch them. These hackers work for the good of the society and try to solve problems in the network.
Where a Pentest takes place?
Depending on which kind of pentest you are performing, you can work remotely or local. There are two options that will determine where you will be located:
- External Pentest: You will test the external network of the customer and perform data collection in the internet.
- Internal Pentest: You need to be at customer's place since you need to be connected to his local network.
Anyway today is possible to perform an Inter Pentest from your own office or home, you just need your customer to provide a VPN connection to the network he want to test.
When a Pentest start?
There are different opinions about the time when the Pentest should take place and it will rely on pentester's imagination. Why I have said imagination? It is simple, we need to understand, that each customer is different. It can be a big infrastructure with critical applications or a small customer with one webserver who doesn't care about a down time.
From my own experience, the best time to perform a Pentest is during the night, or when the services have lower load. Also it is good to ask your client, when do they have the lowest number of visitors, so in case of a mistake (hopefully not) the impact will not be critical. It is important to consider this fact when you crash the customer's application, because you can cause huge loses from thousands to millions of dollars(USD$).
Who performs the Pentest?
Before, we were talking about the term Ethical Hacker. In this section I will explain how important it is to know, how skillful your Pentester is?
The best way to know your Pentester is through references. If a friend with a company can give you the name of a good Pentester or Pentesting Firm, it will be useful because you know from direct source the quality of the service, one should not only rely on what papers say (Certificates). From my side I could recommend OSCP (Offensive Security Certified Professional) and you can ask me Why? and the answer is simple, this is a program that pushes the student to have a real Hacking experience, the person develops hacking instincts and is successful. In short, it is a hands on certification, which can tell a lot about Pentester. On the other side you have certifications like CEH (Certified Ethical Hacker) it is one of the most important certifications for an Ethical Hacker, this one is more about theory.
DISCLAIMER: It is important to understand that all the knowledge I'm sharing is just for educational purpose, to enrich the platform and readers. There is no intention to educate people to perform harmful actions with the knowledge posted here.
Please friends, keep following my posts about Information Security if you want to keep learning. For my next post I will talk about the first techniques for Pentesting.
Thanks for reading and all the best,
Alejandro Betancor
Congratulations! This post has been upvoted from the communal account, @minnowsupport, by jrswab from the Minnow Support Project. It's a witness project run by aggroed, ausbitbank, teamsteem, theprophet0, someguy123, neoxian, followbtcnews/crimsonclad, and netuoso. The goal is to help Steemit grow by supporting Minnows and creating a social network. Please find us in the Peace, Abundance, and Liberty Network (PALnet) Discord Channel. It's a completely public and open space to all members of the Steemit community who voluntarily choose to be there.
If you would like to delegate to the Minnow Support Project you can do so by clicking on the following links: 50SP, 100SP, 250SP, 500SP, 1000SP, 5000SP. Be sure to leave at least 50SP undelegated on your account.
Great work @alebeta! Keep working hard and making quality posts!
Congratulations @alebeta! You have completed some achievement on Steemit and have been rewarded with new badge(s) :
Click on any badge to view your own Board of Honor on SteemitBoard.
For more information about SteemitBoard, click here
If you no longer want to receive notifications, reply to this comment with the word
STOP@originalworks
The @OriginalWorks bot has determined this post by @alebeta to be original material and upvoted(1.5%) it!
To call @OriginalWorks, simply reply to any post with @originalworks or !originalworks in your message!
Congratulations @alebeta! You have completed some achievement on Steemit and have been rewarded with new badge(s) :
Click on any badge to view your own Board of Honor on SteemitBoard.
For more information about SteemitBoard, click here
If you no longer want to receive notifications, reply to this comment with the word
STOP