-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
1 changed file
with
31 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,31 @@ | ||
| # Ethical Hacking | ||
| ## What is Ethical Hacking | ||
| Ethical hacking involves an authorized attempt to gain unauthorized access to a computer system, application, or data. Carrying out an ethical hack involves duplicating strategies and actions of malicious attackers. | ||
| This practice helps to identify security vulnerabilities which can then be resolved before a malicious attacker has the opportunity to exploit them. | ||
|
|
||
| ## Who are Ethical Hacker | ||
| An Ethical Hacker is as a person who is hired and permitted by an organization to attack its systems for the purpose of identifying vulnerabilities, which an attacker might take advantage of. | ||
|
|
||
| ## What is a Vulnerability | ||
| A vulnerability is an exploitable weakness in a system or its design. Vulnerabilities can be found in protocols, operating systems, applications, hardware, and system designs. | ||
|
|
||
| ## What is a threat | ||
| A threat is any potential danger to an asset. Vulnerabilities are threat, but not every threat is a vulnerability. | ||
|
|
||
| ## What is an Exploit | ||
| An exploit is software or a sequence of commands that takes advantage of a vulnerability in order to cause harm to a system or network. | ||
|
|
||
| ## What is a Penetration Testing | ||
| A penetration test, or "pen test," is a security test that launches a mock cyberattack to find vulnerabilities in a computer system. | ||
| Penetration testers are security professionals skilled in the art of ethical hacking, which is the use of hacking tools and techniques to fix security weaknesses rather than cause harm. | ||
| Companies hire pen testers to launch simulated attacks against their apps, networks, and other assets. | ||
|
|
||
| ## PEN TESTING METHODOLOGIES | ||
| Penetration testing, is a valuable tool that your organization can use to find IT vulnerabilities and secure its network. However, it can be challenging to decide which pen testing techniques and standards to apply in your organization. | ||
| - OSSTMM = The Open Source Security Testing Methodology Manual (OSSTMM) is a peer-reviewed pen testing methodology (Institute for Security and Open Methodologies, 2010). | ||
| - OWASP = The Open Web Application Security Project (OWASP) Foundation (2020, 2021, 2022) maintains pen testing methodologies and comprehensive guides for testing web, mobile, and firmware devices. | ||
| - NIST = The National Institute of Standards and Technology (NIST; 2022) is an agency within the U.S. Department of Commerce. NIST’s goal regarding information security standards is not to establish one specific methodology but rather to create a series of pen testing standards. | ||
| - PTES = The Penetration Testing Execution Standard (PTES; 2014) framework is a pen testing methodology that encompasses seven sections. | ||
|
|
||
| ## PENTESTING LIFECYCLE | ||
| <p align="center"><img src="https://github.com/AungZayMyo/Ethical-Hacking/assets/154745254/61e7ad3f-6f34-43a1-b3aa-d306f8db8947" width="400px" height="400px"><br> Figure (1): PENTEST LIFECYCLE</p> |