Practical foundations in ethical hacking

Chapter 6: Practical foundations in ethical hacking

This chapter helps students develop a practical and professional understanding of who are ethical hackers and what they do, and the benefits and risks of ethical hacking

Ethical hacking is the cornerstone of security verification within organizations. This chapter helps students develop a practical and professional understanding of who are ethical hackers and what they do. This chapter frames penetration testing as professional ethical hacking, a process involving authorized/contractual vulnerability discovery, exploitation, and mitigation.

Most vulnerabilities exploited by penetration testing fall into the following categories: Misconfigurations (particularly, insecure default settings), kernel flaws, buffer overflows, insufficient input validation, symbolic links, file descriptors, race conditions, and incorrect file and directory permissions (NIST SP 800-115, 2008, pp. 5-4-5-5).