By: William Sikkens
Host, User Friendly 2.0 Saturday’s at 5:00 p.m.
Ethical hackers use their knowledge to secure and improve the technology of organizations. They provide an essential service to these organizations by looking for vulnerabilities that can lead to a security breach.
An ethical hacker reports the identified vulnerabilities to the organization. Additionally, they provide remediation advice. In many cases, with the organization’s consent, the ethical hacker performs a re-test to ensure the vulnerabilities are fully resolved.
Malicious hackers intend to gain unauthorized access to a resource (the more sensitive the better) for financial gain or personal recognition. Some malicious hackers deface websites or crash backend servers for fun, reputation damage, or to cause financial loss. The methods used and vulnerabilities found remain unreported. They aren’t concerned with improving the organization’s security posture.
Ethical hackers identify problems before the bad guys find them.
While assessing the security of an organization’s IT asset(s), ethical hacking aims to mimic an attacker. In doing so, they look for “attack vectors” against the target. (An attack vector is a pathway or method used by a hacker to illegally access a network or computer in an attempt to exploit system vulnerabilities.) The initial goal is to perform reconnaissance, gaining as much information as possible.
Once the ethical hacker gathers enough information, they use it to look for vulnerabilities against the asset. They perform this assessment with a combination of automated and manual testing. Even sophisticated systems may have complex countermeasure technologies which may be vulnerable.
They don’t stop at uncovering vulnerabilities. Ethical hackers use exploits against the vulnerabilities to prove how a malicious attacker could exploit it.
Some of the most common vulnerabilities discovered by ethical hackers include:
- Injection attacks
- Broken authentication
- Security misconfigurations
- Use of components with known vulnerabilities
- Sensitive data exposure
After the testing period, ethical hackers prepare a detailed report. This documentation includes steps to address the discovered vulnerabilities and steps to patch or mitigate them.
If you want the challenge and have the skill to hack, then this might be the way to do it legally. The first step is to look at the certifications. These include:
- EC Council: Certified Ethical Hacking Certification
- Offensive Security Certified Professional (OSCP) Certification
- CompTIA Security+
- Cisco’s CCNA Security
- SANS GIAC
It can be well worth doing. According to Comparably.com the pay range in the US for this discipline is between $35,160 to $786,676. The average is around $160,000 per year. Not a bad paycheck for the opportunity to test your intellectual skills and prowess within the realm of technology.
Article includes information from Synopsys and Comparably.com.
William (Bill) Sikkens has been an on-air technology expert since 2014. With an expertise in I.T., cyber security and software design he has had more than 20 years’ experience with advanced technology. Sikkens conceptualizes and designs custom applications for many professional industries from health care to banking and has the ability to explain the details in a way all can understand. Article edited by Gretchen Winkler, who along with Jeremy Winkler are the co-hosts of User Friendly 2.0 here on The Answer Saturdays at 5:00 p.m.
Links and brand/store information provided are for information only and are not endorsed by Salem Media Group, KPAM or the show’s hosts.
Got a technology question or comment for Bill? Follow him on Twitter @sikkensw