Tips for Successful Ethical Hacking
13/08/2011 09:36
Whether you're performing ethical hacking against a customer's systems or your own, you must be prudent and pragmatic to succeed. These tips for ethical hacking can help you succeed as an information security professional:
~Get permission in writing to perform your tests.
~Set goals and develop a plan before you get started.
~Have access to the right tools for the tasks at hand.
~Test at a time that's best for the business.
~Keep the key players in the loop during your testing.
~Understand that it's not possible to detect every security vulnerability.
~Study malicious hacker and rogue insider behaviors and tactics. The more you know about how the bad guys work, the better ~you'll be at testing your systems for security vulnerabilities.
~Don't overlook nontechnical security issues; they're often exploited first.
~Make sure that all your testing is aboveboard.
~Treat other people's confidential information at least as well as you would treat your own.
~Bring vulnerabilities you find to the attention of management and implement the appropriate countermeasures.
~Don't treat every vulnerability discovered in the same manner. Not all weaknesses are bad. Evaluate the context of the issues found before you declare that the sky is falling.
~Show management and customers that security testing is good business. Ethical hacking is an investment to meet business goals, find what really matters, and comply with the various laws and regulations, not silly hacker games.