Ethical Hacking

BEthical hacking, also known as penetration testing, is an advanced, offensive form of security testing designed to provide a deep technical analysis of a target environment’s vulnerability to exploitation and attack. Ethical hacking goes beyond basic risk assessment and automated techniques and relies on a skilled security professional. An ethical hacking test target might include anything from web or client-server applications to infrastructure components to hosting environments.

A skilled professional follows the test process below to uncover vulnerabilities in a target. The outcome of the testing process is a detailed report with recommendations for securing the target environment.

A high-level methodology as shown below:

  • Reconnaissance – The tester will attempt to find out as much information as possible about the target environment through available repositories such as search engines, DNS, mailing lists, etc.
  • Scanning – The tester will use port and vulnerability scanners to discover and fingerprint open ports and services in the environment, as well as identify potential vulnerabilities in those services.
  • Application Testing – The tester will use both automated and manual testing to probe in-scope applications in the environment. The tester may use provided credentials to emulate an authorized user.
  • Exploitation – Vulnerabilities detected during testing will be exploited to determine the impact and scope of the vulnerability. If possible, the tester will leverage any advantage gained through exploitation to penetrate further into the environment within the defined scope.

Report of Findings

At the conclusion of the agreed-upon test window, the tester will provide a report of findings that includes a list of all vulnerabilities found and validated during the test. Each vulnerability will be assigned a severity level and ranked relative to other vulnerabilities discovered in the environment. A description of the impact of the vulnerability and recommendations for remediation will also be included.

Who should use this type of ethical hacking service?

IT Security Ethical Hacking should be requested by any organization in the world with a digital presence. The frequency of the testing is based upon on factors such as the impact of a breach in the environment, history of prior incidents, sensitivity of data stored or transmitted, and scope of usage in the digital organization.