A Challenging Career In Ethical Hacking

Whenever we use the word ‘ethical hacking’, different people have different kinds of understanding about it. Some think that it is bad, some think that it requires vast amount of knowledge in computers, some thinks that it can be done only by young techies and some think that it is useful to us.

Let us try to understand what ethical hacking actually is.

Ethical hacking involves finding non-conventional ways of entering into a protected system or a network or any electronic device which supports or controls any other electronic or electrical device etc., and informing this to the owner of the IT infrastructure in-order to prevent any internal or external attack. In other words, an ethical hacker is usually someone employed by an organization who trusts him or her to attempt to penetrate networks and/ or computer systems, using the same methods as a hacker, for the purpose of finding and fixing computer security vulnerabilities.

To understand this properly, let us take the designing of an application or programme. The designer designs certain conventional methods and ways to access their application or programme. They may not know or think that the same application or programme can be accessed in different non-conventional ways also. So, the hackers try to know these non-conventional ways and enter into the application or programme to take-away the vital data or make the application or programme malfunction.

In order prevent this, organizations employ ethical hacker or penetration tester who’s job is to think in the same way as a real hacker and find non-conventional ways of entering into the application or programme. Ethical hackers use the same tools and technique that the real hacker uses to hack. The designer will come to know about the vulnerabilities or flaws in the application or programme from the experiments and learning of the ethical hacker. Based on these, the designer can re-design the application or programme or they can create a suitable patch and prevent the real hacker from exploiting the vulnerability to break into the application or programme.

Ethical hacking is highly challenging as the ethical hacker must know all the methods and technologies used by real hackers and learn any new technology as soon as it is released. He/ she also must be in constant touch with real hackers as much as possible to know their thinking and the emerging technologies that they use to break into IT infrastructure.

Let me share a real case study with you in this context.

I was requested by a software company to do ethical hacking on a particular software application a few months back. They have invested huge amount of money and man power in developing this software application, which was meant to be used to prevent counterfeit medicines coming into the market. To begin with, the IT team took me through the details of the software and its architecture. During this exercise, I found that there were so many vulnerabilities like SQL injection, improper encryption of data, cross site scripting, etc. I prepared my plan of attack, based on the OSWAP frame work, and informed the company that I will do my attack on so and so dates. It is important to inform the days of attack as such attacks can bring the whole IT network down and the company needs to take precautionary measures to avoid potential loss to its business.

I cracked into the database and also made all the software related systems and applications not to respond properly, using different techniques and tools of hacking. After completing my attack, I recorded and reported all the flaws and vulnerabilities of the particular software to the company. Based on my report, they changed the software design and implemented many security measures by which the real attackers would’ve found it very difficult to break the security barriers. And, the IT infrastructure of the company has remained un-breached.

It was quit a challenging job for me as I had to spend few days (and nights) continuously to break into the network. In the end, I was very happy that I was able to help the company which was trying to protect the circulation of counterfeit medicines in the market. As a professional, I did my work successfully and I got rewarded for my job. The same process may continue in the coming years as the company may update their software and there will be some development in technology too. So, it’s a continuous process.

Since ethical hacking is a challenging job, the reward we get is high, compared to other professions. In some countries, ethical hackers are highly paid professionals. There are few cases of expert ethical hackers being offered senior level jobs in fortune 10 companies.

Authored by:

Deepak Raj Rao

Mentor – Information Security

iNurture Education Solutions

Source: www.theengineer.co.uk