In this article, we’ll discuss the ways that even complete beginners with no security background can get into ethical hacking. In case you are considering ethical hacking as a career, we will discuss important educational and experience-based considerations as you attempt to choose the right path to lead you to the ethical hacking career that suits you best. We’ll also discuss several careers that you definitely should consider as you get into ethical hacking.
What is ethical hacking?
Ethical hacking involves discovering security issues (referred to as vulnerabilities) and disclosing these to affected parties in a responsible fashion. The main difference between ethical hacking or “white hat” hacking and unethical or “black hat” hacking is consent. In ethical hacking, the hacker is given consent to proceed with the hacking activities while still adhering to a certain scope of attack. In unethical hacking, the hacker proceeds to hack without authorization and does not disclose the vulnerabilities identified and may even exploit them for personal gain.
There are many methods you can use for ethical hacking, depending on your relationship with the client. Here are some of the most common methods:
In penetration testing, the hacker is given consent to adhere to a certain scope in order to discover vulnerabilities, exploit them in a controlled fashion and then document and present them to the client along with recommendations to fix the discovered issues. A non-disclosure agreement is also involved, restricting the hacker from communicating the findings or private data with external parties.
Bug bounty hunting
In bounty hunting, the ethical hacker adheres to the given scope and identifies previously unknown vulnerabilities, reporting them to the vulnerable party participating in the bounty hunting program. Programs like these are good for aspiring ethical hackers, as they allow you to hone (Read more...)
*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Lester Obbayi. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/n0apFfZkTMY/