Monday

Hacking

Ethical Hacking versus Malicious Hacking

• Tweet
• Sharebar

• Tweet

Question any developer if he has ever hacked. Question yourself if you ever been a hacker. The answers will probably be yes.We have all hacked, at one time or another, for one reason or another. Administrators hack to find shortcuts around configuration obstacles. Security professionals attempt to wiggle their way into an application/database through  nintentional (or even intentional) backdoors; they may even attempt to bring systems down in various ways. Security professionals hack into networks and applications because they are questioned to; they are questioned to find any weakness
that they can and then tell them to their employers.They are performing ethical hacking in which they have agreed to tell all findings back to the employer, and they may have signed nondisclosure agreements to verify that they will NOT tell this information to anyone else. But you don’t have to be a hired security professional to
go ethical hacking. Ethical hacking occurs anytime you are “hard the limits” of the code you have written or the code that has been written by a co-worker. Ethical hacking is done in an attempt to prevent malicious attacks from life successful.

Malicious hacking, on the other hand, is completed with no intention of disclosing weaknesses that have been learned and are exploitable. Malicious hackers are more likely to exploit a weakness than they are to report the weakness to the necessary people, thus avoiding having a patch/fix made for the weakness.Their intrusions could lead to theft, a DDoS attack, defacing of a Web site, or any of the other attack forms that are listed right through this chapter. Simply place, malicious hacking is done with the intent to cause harm. Somewhere in between the definition of an ethical hacker and a malicious hacker lies the argument of legal issues concerning any form of hacking. Is it ever truly okay for someone to scan your ports or poke around in some style in search of an exploitable weakness? Whether the intent is to report the findings or to exploit them., if a company hasn’t frankly requested attempts at an intrusion, then the “help” is unwelcome.

Working with Security Professionals

The latest trend in protection against an attack by an unsolicited hacker is to have a security professional on staff.This practice is now and again referred to as “hiring a hacker,” and to management, it may grow to be a drastic defense against potential attacks. It is a impeccably logical and intelligent solution to an ever-growing problem in Web  application enhancement. Security professionals may be brought on as full-time employees, but oftentimes they are contracted to go security audits, return results to the appropriate personnel, and make suggestions for improving the current security situation. In larger organizations, a security expert is more likely to be hired as a full-time employee, remaining on staff within the IT department.

A security professional is familiar with the methods used by hackers to attack both networks and Web applications. A security professional must offer the ability to not only notice everywhere an attack may recommend itself, but he must also be able to help in the enhancement of a security plot.Whether that means introducing security-all ears code reviews to the enhancement administer, having the developers learn the strategies most often employed by hackers, or even simply tightening up existing holes within applications, the end result will ultimately be better security.Of course, along with this proactive choice comes a security risk. How can you be sure that the tools you place in this employee’s hands will be used properly, and that the results of their investigations will be handled properly?