When a penetration tester conducts a vulnerability assessment, they tend to follow these steps:7
1. Planning and Reconnaissance
An ethical hacker will begin by making a plan for how to hack their target system. They will study the technology used by the business or owner and consider ways into the system. They may specifically look through search engines, web services, email systems, social networking sites and local network tech.
2. Scanning
Once the target point is identified, more active measures are used to gain insights on potential weak points in the target system. Scanning the target system provides the attacker with technical knowledge that would otherwise not be available by passive means.
3. Gaining Access
When the hacker gets an idea of how the application or program or system runs both while it is down and while it is functioning, they will begin to attack it using various methods such as SQL injections, scripting and finding back doors. They will use the vulnerabilities they detected during scanning and exploit them.
Sometimes, this means they will steal or intercept traffic to the site or application. Other times, they can interfere with privileges in order to assess how much damage could be caused by a malicious hacker.
4. Maintaining Access
Once the hacker is inside the system or application, they will test to see how persistent they can be and for how long. This allows them to assess what it would take to steal sensitive information. They may also time how long they can stay within a system in order to spread a virus inside the network or to gain access to a larger level of information, such as a server.
5. Analysis
Finally, the ethical hacker will analyze the results. They will put together a report about the vulnerabilities they discovered and what they were able to access. This report will let the owner of the targeted application or system know how long it took to gain access, as well as how long they were able to remain unnoticed in the system. All of this information can be used to create a plan to fix the problems.
Now that you’re familiar with the ethical hacking definition and concepts like ethical hacking vs. penetration testing, you may decide you’d like to pursue a career in cybersecurity. The Bachelor of Science in Software Development degree program at Grand Canyon University’s College of Science, Engineering and Technology can provide you with the opportunity to explore competencies in computer programming and web technologies. Fill out the form on this page to learn more about becoming a student at GCU.