Practical foundations in ethical hacking

Chapter 6: Practical foundations in ethical hacking

This chapter helps students develop a practical and professional understanding of who are ethical hackers and what they do, and the benefits and risks of ethical hacking

Ethical hacking is the cornerstone of security verification within organizations. This chapter helps students develop a practical and professional understanding of who are ethical hackers and what they do. This chapter frames penetration testing as professional ethical hacking, a process involving authorized/contractual vulnerability discovery, exploitation, and mitigation.

Most vulnerabilities exploited by penetration testing fall into the following categories: Misconfigurations (particularly, insecure default settings), kernel flaws, buffer overflows, insufficient input validation, symbolic links, file descriptors, race conditions, and incorrect file and directory permissions (NIST SP 800-115, 2008, pp. 5-4-5-5).

The professional ethics of ethical hackers are defined by legal compliance, contractual obligations, moral responsibility, and adherence to industry standards. Unlike grey or black hat hackers, ethical hackers must successfully navigate complex ethical and legal landscapes to preserve their professional and reputational standing. By following established frameworks and maintaining public trust, ethical hackers play a crucial role in defending digital systems against malicious threats.