Tips for Successful Ethical Hacking
Part of the Hacking For Dummies Cheat Sheet
Whether you're performing ethical hacking against a customer's systems or your own, you must be prudent and pragmatic to succeed. These tips for ethical hacking can help you succeed as an information security professional:
Set goals and develop a plan before you get started.
Get permission to perform your tests.
Have access to the right tools for the tasks at hand.
Test at a time that's best for the business.
Keep the key players in the loop during your testing.
Understand that it's not possible to detect every security vulnerability on every system.
Study malicious hacker and rogue insider behaviors and tactics. The more you know about how the bad guys work, the better you'll be at testing your systems for security vulnerabilities.
Don't overlook nontechnical security issues; they're often exploited first.
Make sure that all your testing is aboveboard.
Treat other people's confidential information at least as well as you would treat your own.
Bring vulnerabilities you find to the attention of management and implement the appropriate countermeasures as soon as possible.
Don't treat every vulnerability discovered in the same manner. Not all weaknesses are bad. Evaluate the context of the issues found before you declare that the sky is falling.
Show management and customers that security testing is good business and you're the right professional for the job. Ethical hacking is an investment to meet business goals, find what really matters, and comply with the various laws and regulations. Ethical hacking is not about silly hacker games.