The web portals open up the world to us but also leave us susceptible to malicious attacks. Uber is one of the most commonly used applications and in late 2016, two hackers broke into the company and stole personal data, including phone numbers, email addresses, and names of 57 million Uber users.
The hackers also stole license numbers of 6 lacs Uber drivers. Such threats are a risk to our privacy and through this article, we would tell you about the framework used to guard against them.
“Ethical hacking” – Sounds Paradoxical, Doesn’t It?
Before we delve into the concept of ethical hacking, let’s first answer the question:
What is Hacking and How Is it Done?
Hacking comprises any attempt to penetrate a private computer or network. From physically stealing passwords to deeply embedded worms, hackers employ a host of techniques to breach the defenses of private systems.
With the explosive increase in the number of web users, there has also been an exponential increase in the amount of sensitive data on the web and hackers have turned this movement for digital freedom into a veritable minefield of virtual threats. From social media accounts to phones, hackers have managed to find access to everything.
Things aren’t all bad because not all hackers seek to compromise the system and that’s where Ethical Hackers come into the picture (Robinhoods of the web world, eh?).
The next question is, how do we know which of our experts are actually the Robinhoods? To put it in simpler words:
How to Differentiate between an Ethical Hacker and “Just a Hacker”?
Imagine, if you knew there was a problem with a system. One response could be to manipulate the weakness for personal gain. The hackers who do this are called Black Hat hackers.
The other response could be to assess the weakness, and reveal it to the competent authorities so that they may employ the required remedies and prevent future loss. The hackers who do this are called White Hat hackers.
Well, that’s some information but a lot of you may wonder: How can hacking be legal?
All activities linked to hacking a system so that its weaknesses can be revealed to the organization in charge and subsequently fixed, when undertaken on the organization’s request or with its permission are legal. Ethical hacking is both professionally and socially rewarding while being a lot of fun too!
Now that we’re clear on the conscience part, let’s see what the process looks like.
Various Stages of Ethical Hacking:
IT security professionals or ethical hackers perform a security audit for the organization and provide audit reports of their findings. A ‘security audit’ is also called VAPT – Vulnerability Assessment and Penetration Testing.
We can further classify VAPT into following phases —
1. Information Gathering – The auditor here gathers as much information about the target as possible. This information could be technical or non-technical in nature.
2. Scanning – After gathering the above information, the hacker/auditor will segregate the technical information regarding systems such as IP Range, computer names, etc. After which, they will attempt to create a network map of the environment to better understand the network flow and design.
3. Vulnerability Scanning – The vulnerability scans will be done using automated tools like w3af, Sparta, etc. This will give the hacker/auditor the list of the probable vulnerabilities. The Penetration tests can then be based on the results of these vulnerability scans.
4. Penetration Testing – The penetration test is used to validate the vulnerability discovered in the vulnerability scan. Based on the classification of risks, the auditors will then try to exploit the vulnerabilities based on criticality.
5. Security – Based on the above assessments, the auditors will then provide possible solutions to mitigate the vulnerabilities.
Ever wished to be a superhero? Well, this is your chance to help fight crime. You will be responsible for safeguarding a website and make all the difference.
(Disclaimer: This is a guest post submitted on Techstory by Sarvesh Agrawal, the founder, and CEO, of Internshala – an internship and training platform (internshala.com). All the contents and images in the article have been provided to Techstory by the author of the article. Techstory is not responsible or liable for any content in this article.)
Image Credit: Flickr.com