Hacking basics

Posted: October 5, 2012 in Application Security

What is ethical hacking?

Ethical hacking is also called as penetration testing or intrusion testing. It is a process of finding out the vulnerabilities or loopholes and breaking into the IT systems/applications and retrieving the information that is considered to be confidential.

Who are ethical hackers and hackers?

In general Ethical hacking is performed by Ethical hacker’s also known as white hat hackers. Ethical hacker is a skilled computer expert hired by the companies to use his programming skills to attack their networks and computer systems the same way a hacker would do. Ethical hacker uses the same techniques and tricks as those used by illegal hackers or black hat hackers.
So the only difference between the white hat hackers and black hat hackers is that the white hats hacks the system legally to protect or to increase the safety of their networks and systems from black hats. Whereas black hats perform it illegally to access the confidential data

Different kinds of attacks on web applications

According to the Open Web Application Security Project (OWASP) the most top 10 vulnerabilities in web applications are:

  •  SQL Injection (SQLI)
  •  Cross Site Scripting (XSS)
  •  Authentication and Session Management
  •  Insecure Direct Object References
  •  Cross Site Request Forgery (CSRF)
  •  Security Misconfiguration
  •  Insecure Cryptographic Storage
  •  Failure to Restrict URL Access
  •  Insufficient Transport Layer Protection
  •  Invalidated Redirects and Forwards

To know more about owasp : http://en.wikipedia.org/wiki/OWASP


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s