Introduction

An Ethical Hacker is a technology expert; typically employed by an organization to assess the security system of the organization in order to discover vulnerabilities that can be exploited. Ethical hackers may use the same methods as the black hat hackers, but report the problems instead of taking advantage of them.

This course on Ethical Hacking for Beginners goes deep down into the depths of networking, systems, web applications and actual exploitation and helps beginners to take their confident first step towards information security field. This course is designed to give the participants the real world exposure in information security by hands on experience in tools and techniques.

Why should you attend this course?

One of the greatest highlights of this course is that it is built by experts who do penetration testing on a regular basis. Since it is built by practitioners in the field, it is regularly updated with the latest tools, techniques, and real-world scenarios.

The lab setup for the course will give beginners a very good practical hands on experience of ethical hacking rather than just plain theory explanation. The participants will get to break into vulnerable applications and systems that have been set up to create levels of challenges and sharpen their skills.

Who should attend this course?

Anyone looking to build a career in information security is most welcome to join the course. If you’re already in this field, but want to learn the professional concepts of hacking, then this is the course for you. Instead of burdening you with a huge amount of courseware, this course provides a systematic practical approach towards learning and helps to take your confident first step towards ethical hacking; focusing on the real-world practical tools and techniques of hacking.

A Professional Ethical Hacker SHOULD:

• Obtain prior written approval from senior management before testing the security of organization
• STRICTLY work within the project scope boundaries as defined in the engagement letter
• Carry out responsible disclosure; means whatever weaknesses are discovered during the penetration testing, they are dutifully informed to senior management and technical team
• Carry out security scans ONLY during scheduled time (usually during non-peak business hours). They should NEVER be done before or after.
• Point out potential security risks that may impact business operations. They must be rated properly on severity levels
• Put forward the recommendations to address those potential security risks
• Respect the individual’s or company’s privacy and only go looking for security issues.
• Report all security vulnerabilities responsibly you detect to the company, not leaving anything open for you or someone else to come in at a later time.
• Let the software developer or hardware manufacturer know of any security vulnerabilities you locate in their software or hardware if not already known by the company.
• Dynamically update the knowledge and encourage transferring the same to the peers to build a secured environment

A Professional Ethical Hacker SHOULD NOT:

• Proceed with security testing until prior written approval is obtained from senior management
• Exceed project scope boundaries as defined in engagement letter
• Carry out direct testing on production data for any service or application
• Carry out exploitation on discovered vulnerabilities until he/she gets explicit approval from the senior management
• Take advantage of discovered vulnerabilities for any personal profit or competitive gain
• Disclose any sensitive corporate design or information to anyone if that is found during testing. The same should be reported to senior management at the earlies
• Report any vague/ incorrect findings to senior management or to the technical team. The findings must not stand ambiguous in context.
• Report any finding(s) without “sufficient” and necessary proof(s)
• Make any vague / incorrect recommendation(s) to address potential security risks.