SlideShare a Scribd company logo

Presentation1

Download as PPTX, PDF
A
Abhishek Malhotra
1 of 19
1
What is Ethical Hacking ? Ethical Hacking - Process Why – Ethical Hacking ? Reporting Ethical Hacking – Commandments 2
What is Ethical Hacking ?? Also Called – Attack & Penetration Testing, White-hat hacking, Red teaming. Process of breaking into systems for :-  Personal or Commercial Gains.  Malicious Intent – Causing sever damage to Information & Assets. 3
SOMEONE WHO LIKES TO TINKER WITH SOFTWARE OR ELECTRONIC SYSTEMS 4
WHITE-HAT HACKERS BLACK-HAT HACKERS GRAY-HAT HACKERS 5
6 It is Legal. Permission is obtained from the target. Part of an overall security program. Identify vulnerabilities visible from Internet a particular point of time. Ethical hackers possesses same skills, mindset and tools of a hacker but the attacks are done in a non- destructive manner.
7
8 Defacement Statistics for Indian Websites June 01, 2004 to Dec.31, 2014 Domains No of Defacements .com 922 .gov.in 24 .org 53 .net 39 .biz 12 .co.in 48 .ac.in 13 .info 3 .nic.in 2 .edu 2 other 13 Total 1131 Source: CERT-India
9
10 Viruses, Trojan Horses, and Worms Social Engineering Automated Attacks Accidental Breaches in Security Denial of Service (DoS) Organizational Attacks Restricted Data Protection from possible External attacks
11 Will have same mind set & tools as do hackers have but in a non destructive manner. Will have permissions to enter into the target network. To find the vulnerability. To report the vulnerability to the organization.
12  Preparation.  Foot-printing.  Enumeration & Fingerprinting.  Identification of Vulnerabilities  Attack – Exploit the Vulnerabilities.  Clearing tracks.
13 Specific systems to be tested. Risks that are involved. When the tests are to be performed & the overall time. Amount of knowledge of the systems. What is to be done when vulnerability is discovered.
14 Collecting as much information about the target DNS Servers IP Ranges Administrative Contacts Problems revealed by administrators oInformation Sources oSearch engines oForums oDatabases – whois, ripe, arin, apnic Tools – PING, whois, Traceroute, DIG, nslookup, samspade.
15 Specific targets determined Identification of Services / open ports. To find other hosts in the entire network. Tools :-Nmap, FScan, Hping, Firewalk, netcat, tcpdump, ssh, telnet, SNMP Scanner.
16  Insecure Configuration.  Weak Passwords – Default Passwords, Brute force, Social Engineering, Listening to Traffic.  Insecure Programming – SQL Injection, Listening to Traffic. Weak Access Control – Using the Application Logic, SQL Injection Weak Access Control. VULNERABILITIES :-
17 Application Specific Attacks Exploiting implementations of HTTP, SMTP protocols. Gaining access to application Databases. SQL Injection. Spamming
18 •Helps in closing the open holes in the system network. •Provides security to banking and financial establishments. •Prevents website defacements . •“To catch a thief you have to think like a thief”. •All depends upon the trustworthiness of the ethical hacker. •Hiring professionals is expensive.
19

Recommended

Ethical hacking by shivam
Ethical hacking by shivamEthical hacking by shivam
Ethical hacking by shivamShivam Ðreamchazer
 
Web hacking 1.0
Web hacking 1.0Web hacking 1.0
Web hacking 1.0Q Fadlan
 
Ethical hacking-ppt-download4575
Ethical hacking-ppt-download4575Ethical hacking-ppt-download4575
Ethical hacking-ppt-download4575Gopal Rathod
 
Introduction to the advanced persistent threat and hactivism
Introduction to the advanced persistent threat and hactivismIntroduction to the advanced persistent threat and hactivism
Introduction to the advanced persistent threat and hactivismGlobal Micro Solutions
 
Extracting the Malware Signal from Internet Noise
Extracting the Malware Signal from Internet NoiseExtracting the Malware Signal from Internet Noise
Extracting the Malware Signal from Internet NoiseAshwini Almad
 
Hacking and Ethical Hacking
Hacking and Ethical HackingHacking and Ethical Hacking
Hacking and Ethical HackingMasih Karimi
 
Ethical hacking introduction to ethical hacking
Ethical hacking introduction to ethical hackingEthical hacking introduction to ethical hacking
Ethical hacking introduction to ethical hackingMissStevenson1
 
Security protection On banking systems using ethical hacking.
Security protection On banking systems using ethical hacking.Security protection On banking systems using ethical hacking.
Security protection On banking systems using ethical hacking.Rishabh Gupta
 

Recommended

Ethical hacking by shivam
Ethical hacking by shivamEthical hacking by shivam
Ethical hacking by shivamShivam Ðreamchazer
 
Web hacking 1.0
Web hacking 1.0Web hacking 1.0
Web hacking 1.0Q Fadlan
 
Ethical hacking-ppt-download4575
Ethical hacking-ppt-download4575Ethical hacking-ppt-download4575
Ethical hacking-ppt-download4575Gopal Rathod
 
Introduction to the advanced persistent threat and hactivism
Introduction to the advanced persistent threat and hactivismIntroduction to the advanced persistent threat and hactivism
Introduction to the advanced persistent threat and hactivismGlobal Micro Solutions
 
Extracting the Malware Signal from Internet Noise
Extracting the Malware Signal from Internet NoiseExtracting the Malware Signal from Internet Noise
Extracting the Malware Signal from Internet NoiseAshwini Almad
 
Hacking and Ethical Hacking
Hacking and Ethical HackingHacking and Ethical Hacking
Hacking and Ethical HackingMasih Karimi
 
Ethical hacking introduction to ethical hacking
Ethical hacking introduction to ethical hackingEthical hacking introduction to ethical hacking
Ethical hacking introduction to ethical hackingMissStevenson1
 
Security protection On banking systems using ethical hacking.
Security protection On banking systems using ethical hacking.Security protection On banking systems using ethical hacking.
Security protection On banking systems using ethical hacking.Rishabh Gupta
 
Ethical Hacking PPT (CEH)
Ethical Hacking PPT (CEH)Ethical Hacking PPT (CEH)
Ethical Hacking PPT (CEH)Umesh Mahawar
 
Penetration testing
Penetration testing Penetration testing
Penetration testing PTC
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingBharat Sabne
 
Advanced persistent threat (apt)
Advanced persistent threat (apt)Advanced persistent threat (apt)
Advanced persistent threat (apt)mmubashirkhan
 
Hacking
HackingHacking
HackingInsane Gamer
 
Introduction ethical hacking
Introduction ethical hackingIntroduction ethical hacking
Introduction ethical hackingVishal Kumar
 
Sophisticated Attacks vs. Advanced Persistent Security
Sophisticated Attacks vs. Advanced Persistent SecuritySophisticated Attacks vs. Advanced Persistent Security
Sophisticated Attacks vs. Advanced Persistent SecurityPriyanka Aash
 
Ethical hacking : Its methodologies and tools
Ethical hacking : Its methodologies and toolsEthical hacking : Its methodologies and tools
Ethical hacking : Its methodologies and toolschrizjohn896
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingS Sai Karthik
 
Introduction To Ethical Hacking
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical HackingRaghav Bisht
 
Cyber Security-Ethical Hacking
Cyber Security-Ethical HackingCyber Security-Ethical Hacking
Cyber Security-Ethical HackingViral Parmar
 
Ethical hacking a research paper
Ethical hacking a research paperEthical hacking a research paper
Ethical hacking a research paperBilal Hameed
 
Types of Attack in Information and Network Security
Types of Attack in Information and Network SecurityTypes of Attack in Information and Network Security
Types of Attack in Information and Network Securitypadmeshagrekar
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingVishesh Singhal
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingRishabha Garg
 
Ethical Hacking Powerpoint
Ethical Hacking PowerpointEthical Hacking Powerpoint
Ethical Hacking PowerpointRen Tuazon
 
Virus and hacker (2)mmm
Virus and hacker (2)mmmVirus and hacker (2)mmm
Virus and hacker (2)mmmandynova
 
Common Techniques To Identify Advanced Persistent Threat (APT)
Common Techniques To Identify Advanced Persistent Threat (APT)Common Techniques To Identify Advanced Persistent Threat (APT)
Common Techniques To Identify Advanced Persistent Threat (APT)Yuval Sinay, CISSP, C|CISO
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingNitheesh Adithyan
 
Ethical hacking presentation
Ethical hacking presentationEthical hacking presentation
Ethical hacking presentationSuryansh Srivastava
 
Ethical hacking & Information Security
Ethical hacking & Information SecurityEthical hacking & Information Security
Ethical hacking & Information SecurityAjay Dhamija
 
ethical hacking tips
ethical hacking tips ethical hacking tips
ethical hacking tipsmathewjose228
 

More Related Content

What's hot

Ethical Hacking PPT (CEH)
Ethical Hacking PPT (CEH)Ethical Hacking PPT (CEH)
Ethical Hacking PPT (CEH)Umesh Mahawar
 
Penetration testing
Penetration testing Penetration testing
Penetration testing PTC
 
Advanced persistent threat (apt)
Advanced persistent threat (apt)Advanced persistent threat (apt)
Advanced persistent threat (apt)mmubashirkhan
 
Introduction ethical hacking
Introduction ethical hackingIntroduction ethical hacking
Introduction ethical hackingVishal Kumar
 
Sophisticated Attacks vs. Advanced Persistent Security
Sophisticated Attacks vs. Advanced Persistent SecuritySophisticated Attacks vs. Advanced Persistent Security
Sophisticated Attacks vs. Advanced Persistent SecurityPriyanka Aash
 
Ethical hacking : Its methodologies and tools
Ethical hacking : Its methodologies and toolsEthical hacking : Its methodologies and tools
Ethical hacking : Its methodologies and toolschrizjohn896
 
Introduction To Ethical Hacking
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical HackingRaghav Bisht
 
Cyber Security-Ethical Hacking
Cyber Security-Ethical HackingCyber Security-Ethical Hacking
Cyber Security-Ethical HackingViral Parmar
 
Ethical hacking a research paper
Ethical hacking a research paperEthical hacking a research paper
Ethical hacking a research paperBilal Hameed
 
Types of Attack in Information and Network Security
Types of Attack in Information and Network SecurityTypes of Attack in Information and Network Security
Types of Attack in Information and Network Securitypadmeshagrekar
 
Ethical Hacking Powerpoint
Ethical Hacking PowerpointEthical Hacking Powerpoint
Ethical Hacking PowerpointRen Tuazon
 
Virus and hacker (2)mmm
Virus and hacker (2)mmmVirus and hacker (2)mmm
Virus and hacker (2)mmmandynova
 
Common Techniques To Identify Advanced Persistent Threat (APT)
Common Techniques To Identify Advanced Persistent Threat (APT)Common Techniques To Identify Advanced Persistent Threat (APT)
Common Techniques To Identify Advanced Persistent Threat (APT)Yuval Sinay, CISSP, C|CISO
 

What's hot (18)

Ethical Hacking PPT (CEH)
Ethical Hacking PPT (CEH)Ethical Hacking PPT (CEH)
Ethical Hacking PPT (CEH)
 
Penetration testing
Penetration testing Penetration testing
Penetration testing
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Advanced persistent threat (apt)
Advanced persistent threat (apt)Advanced persistent threat (apt)
Advanced persistent threat (apt)
 
Hacking
HackingHacking
Hacking
 
Introduction ethical hacking
Introduction ethical hackingIntroduction ethical hacking
Introduction ethical hacking
 
Sophisticated Attacks vs. Advanced Persistent Security
Sophisticated Attacks vs. Advanced Persistent SecuritySophisticated Attacks vs. Advanced Persistent Security
Sophisticated Attacks vs. Advanced Persistent Security
 
Ethical hacking : Its methodologies and tools
Ethical hacking : Its methodologies and toolsEthical hacking : Its methodologies and tools
Ethical hacking : Its methodologies and tools
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Introduction To Ethical Hacking
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical Hacking
 
Cyber Security-Ethical Hacking
Cyber Security-Ethical HackingCyber Security-Ethical Hacking
Cyber Security-Ethical Hacking
 
Ethical hacking a research paper
Ethical hacking a research paperEthical hacking a research paper
Ethical hacking a research paper
 
Types of Attack in Information and Network Security
Types of Attack in Information and Network SecurityTypes of Attack in Information and Network Security
Types of Attack in Information and Network Security
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Ethical Hacking Powerpoint
Ethical Hacking PowerpointEthical Hacking Powerpoint
Ethical Hacking Powerpoint
 
Virus and hacker (2)mmm
Virus and hacker (2)mmmVirus and hacker (2)mmm
Virus and hacker (2)mmm
 
Common Techniques To Identify Advanced Persistent Threat (APT)
Common Techniques To Identify Advanced Persistent Threat (APT)Common Techniques To Identify Advanced Persistent Threat (APT)
Common Techniques To Identify Advanced Persistent Threat (APT)
 

Viewers also liked

Ethical hacking & Information Security
Ethical hacking & Information SecurityEthical hacking & Information Security
Ethical hacking & Information SecurityAjay Dhamija
 
ethical hacking tips
ethical hacking tips ethical hacking tips
ethical hacking tipsmathewjose228
 
Ethical hacking 2016
Ethical hacking 2016 Ethical hacking 2016
Ethical hacking 2016 arohan6
 
Parag presentation on ethical hacking
Parag presentation on ethical hackingParag presentation on ethical hacking
Parag presentation on ethical hackingparag101
 
php&mysql with Ethical Hacking
php&mysql with Ethical Hackingphp&mysql with Ethical Hacking
php&mysql with Ethical HackingBCET
 
PPT on Ethical Hacking
PPT on Ethical HackingPPT on Ethical Hacking
PPT on Ethical HackingVishnu Kumar
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingtozsuer
 
Ethical hacking ppt_presentation_way2project_in
Ethical hacking ppt_presentation_way2project_inEthical hacking ppt_presentation_way2project_in
Ethical hacking ppt_presentation_way2project_inmuhamedwaseem09
 
Cse ethical hacking ppt
Cse ethical hacking pptCse ethical hacking ppt
Cse ethical hacking pptshreya_omar
 
Ethical hacking/ Penetration Testing
Ethical hacking/ Penetration TestingEthical hacking/ Penetration Testing
Ethical hacking/ Penetration TestingANURAG CHAKRABORTY
 

Viewers also liked (20)

Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Ethical hacking presentation
Ethical hacking presentationEthical hacking presentation
Ethical hacking presentation
 
Ethical hacking & Information Security
Ethical hacking & Information SecurityEthical hacking & Information Security
Ethical hacking & Information Security
 
ethical hacking tips
ethical hacking tips ethical hacking tips
ethical hacking tips
 
Ethical hacking 2016
Ethical hacking 2016 Ethical hacking 2016
Ethical hacking 2016
 
Parag presentation on ethical hacking
Parag presentation on ethical hackingParag presentation on ethical hacking
Parag presentation on ethical hacking
 
php&mysql with Ethical Hacking
php&mysql with Ethical Hackingphp&mysql with Ethical Hacking
php&mysql with Ethical Hacking
 
Ethical hacking front page
Ethical hacking front pageEthical hacking front page
Ethical hacking front page
 
PPT on Ethical Hacking
PPT on Ethical HackingPPT on Ethical Hacking
PPT on Ethical Hacking
 
How to hack or what is ethical hacking
How to hack or what is ethical hackingHow to hack or what is ethical hacking
How to hack or what is ethical hacking
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Ethical hacking ppt_presentation_way2project_in
Ethical hacking ppt_presentation_way2project_inEthical hacking ppt_presentation_way2project_in
Ethical hacking ppt_presentation_way2project_in
 
Cse ethical hacking ppt
Cse ethical hacking pptCse ethical hacking ppt
Cse ethical hacking ppt
 
hacking
hackinghacking
hacking
 
Ethical hacking.
Ethical hacking.Ethical hacking.
Ethical hacking.
 
Hacking
HackingHacking
Hacking
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Ethical hacking/ Penetration Testing
Ethical hacking/ Penetration TestingEthical hacking/ Penetration Testing
Ethical hacking/ Penetration Testing
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 

Similar to Presentation1

Ethical Hacking: Safeguarding Systems through Responsible Security Testing
Ethical Hacking: Safeguarding Systems through Responsible Security TestingEthical Hacking: Safeguarding Systems through Responsible Security Testing
Ethical Hacking: Safeguarding Systems through Responsible Security Testingchampubhaiya8
 
324515851-Ethical-Hacking-Ppt-Download4575.ppt
324515851-Ethical-Hacking-Ppt-Download4575.ppt324515851-Ethical-Hacking-Ppt-Download4575.ppt
324515851-Ethical-Hacking-Ppt-Download4575.pptssuserde23af
 
324515851-Ethical-Hacking-Ppt-Download4575.ppt
324515851-Ethical-Hacking-Ppt-Download4575.ppt324515851-Ethical-Hacking-Ppt-Download4575.ppt
324515851-Ethical-Hacking-Ppt-Download4575.pptssuserde23af
 
324515851-Ethical-Hacking-Ppt-Download4575A.ppt
324515851-Ethical-Hacking-Ppt-Download4575A.ppt324515851-Ethical-Hacking-Ppt-Download4575A.ppt
324515851-Ethical-Hacking-Ppt-Download4575A.pptssuserde23af
 
Introduction to ethical hacking
Introduction to ethical hackingIntroduction to ethical hacking
Introduction to ethical hackingHassanAhmedShaikh1
 
Cyber Defense - How to be prepared to APT
Cyber Defense - How to be prepared to APTCyber Defense - How to be prepared to APT
Cyber Defense - How to be prepared to APTSimone Onofri
 
Top 6 Sources for Identifying Threat Actor TTPs
Top 6 Sources for Identifying Threat Actor TTPsTop 6 Sources for Identifying Threat Actor TTPs
Top 6 Sources for Identifying Threat Actor TTPsRecorded Future
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingRohan Raj
 
Računalna forenzika i automatizirani odgovor na mrežne incidente
Računalna forenzika i automatizirani odgovor na mrežne incidenteRačunalna forenzika i automatizirani odgovor na mrežne incidente
Računalna forenzika i automatizirani odgovor na mrežne incidenteDamir Delija
 
Extracting the Malware Signal from Internet Noise
Extracting the Malware Signal from Internet NoiseExtracting the Malware Signal from Internet Noise
Extracting the Malware Signal from Internet NoiseEndgameInc
 
Footprintig(Haching)
Footprintig(Haching)Footprintig(Haching)
Footprintig(Haching)Asif Iqbal
 
Footprintig (Haching)
Footprintig (Haching)Footprintig (Haching)
Footprintig (Haching)Asif Iqbal
 

Similar to Presentation1 (20)

Ethical Hacking: Safeguarding Systems through Responsible Security Testing
Ethical Hacking: Safeguarding Systems through Responsible Security TestingEthical Hacking: Safeguarding Systems through Responsible Security Testing
Ethical Hacking: Safeguarding Systems through Responsible Security Testing
 
324515851-Ethical-Hacking-Ppt-Download4575.ppt
324515851-Ethical-Hacking-Ppt-Download4575.ppt324515851-Ethical-Hacking-Ppt-Download4575.ppt
324515851-Ethical-Hacking-Ppt-Download4575.ppt
 
324515851-Ethical-Hacking-Ppt-Download4575.ppt
324515851-Ethical-Hacking-Ppt-Download4575.ppt324515851-Ethical-Hacking-Ppt-Download4575.ppt
324515851-Ethical-Hacking-Ppt-Download4575.ppt
 
324515851-Ethical-Hacking-Ppt-Download4575A.ppt
324515851-Ethical-Hacking-Ppt-Download4575A.ppt324515851-Ethical-Hacking-Ppt-Download4575A.ppt
324515851-Ethical-Hacking-Ppt-Download4575A.ppt
 
ETHICAL HACKING
ETHICAL HACKING ETHICAL HACKING
ETHICAL HACKING
 
Chapter 2
Chapter 2Chapter 2
Chapter 2
 
Ethical h
Ethical hEthical h
Ethical h
 
Ethical h
Ethical hEthical h
Ethical h
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Introduction to ethical hacking
Introduction to ethical hackingIntroduction to ethical hacking
Introduction to ethical hacking
 
ethical hacking
ethical hackingethical hacking
ethical hacking
 
Cyber Defense - How to be prepared to APT
Cyber Defense - How to be prepared to APTCyber Defense - How to be prepared to APT
Cyber Defense - How to be prepared to APT
 
Top 6 Sources for Identifying Threat Actor TTPs
Top 6 Sources for Identifying Threat Actor TTPsTop 6 Sources for Identifying Threat Actor TTPs
Top 6 Sources for Identifying Threat Actor TTPs
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Računalna forenzika i automatizirani odgovor na mrežne incidente
Računalna forenzika i automatizirani odgovor na mrežne incidenteRačunalna forenzika i automatizirani odgovor na mrežne incidente
Računalna forenzika i automatizirani odgovor na mrežne incidente
 
Extracting the Malware Signal from Internet Noise
Extracting the Malware Signal from Internet NoiseExtracting the Malware Signal from Internet Noise
Extracting the Malware Signal from Internet Noise
 
Footprintig(Haching)
Footprintig(Haching)Footprintig(Haching)
Footprintig(Haching)
 
Footprintig (Haching)
Footprintig (Haching)Footprintig (Haching)
Footprintig (Haching)
 

Presentation1

  • 1. 1
  • 2. What is Ethical Hacking ? Ethical Hacking - Process Why – Ethical Hacking ? Reporting Ethical Hacking – Commandments 2
  • 3. What is Ethical Hacking ?? Also Called – Attack & Penetration Testing, White-hat hacking, Red teaming. Process of breaking into systems for :-  Personal or Commercial Gains.  Malicious Intent – Causing sever damage to Information & Assets. 3
  • 4. SOMEONE WHO LIKES TO TINKER WITH SOFTWARE OR ELECTRONIC SYSTEMS 4
  • 6. 6 It is Legal. Permission is obtained from the target. Part of an overall security program. Identify vulnerabilities visible from Internet a particular point of time. Ethical hackers possesses same skills, mindset and tools of a hacker but the attacks are done in a non- destructive manner.
  • 7. 7
  • 8. 8 Defacement Statistics for Indian Websites June 01, 2004 to Dec.31, 2014 Domains No of Defacements .com 922 .gov.in 24 .org 53 .net 39 .biz 12 .co.in 48 .ac.in 13 .info 3 .nic.in 2 .edu 2 other 13 Total 1131 Source: CERT-India
  • 9. 9
  • 10. 10 Viruses, Trojan Horses, and Worms Social Engineering Automated Attacks Accidental Breaches in Security Denial of Service (DoS) Organizational Attacks Restricted Data Protection from possible External attacks
  • 11. 11 Will have same mind set & tools as do hackers have but in a non destructive manner. Will have permissions to enter into the target network. To find the vulnerability. To report the vulnerability to the organization.
  • 12. 12  Preparation.  Foot-printing.  Enumeration & Fingerprinting.  Identification of Vulnerabilities  Attack – Exploit the Vulnerabilities.  Clearing tracks.
  • 13. 13 Specific systems to be tested. Risks that are involved. When the tests are to be performed & the overall time. Amount of knowledge of the systems. What is to be done when vulnerability is discovered.
  • 14. 14 Collecting as much information about the target DNS Servers IP Ranges Administrative Contacts Problems revealed by administrators oInformation Sources oSearch engines oForums oDatabases – whois, ripe, arin, apnic Tools – PING, whois, Traceroute, DIG, nslookup, samspade.
  • 15. 15 Specific targets determined Identification of Services / open ports. To find other hosts in the entire network. Tools :-Nmap, FScan, Hping, Firewalk, netcat, tcpdump, ssh, telnet, SNMP Scanner.
  • 16. 16  Insecure Configuration.  Weak Passwords – Default Passwords, Brute force, Social Engineering, Listening to Traffic.  Insecure Programming – SQL Injection, Listening to Traffic. Weak Access Control – Using the Application Logic, SQL Injection Weak Access Control. VULNERABILITIES :-
  • 17. 17 Application Specific Attacks Exploiting implementations of HTTP, SMTP protocols. Gaining access to application Databases. SQL Injection. Spamming
  • 18. 18 •Helps in closing the open holes in the system network. •Provides security to banking and financial establishments. •Prevents website defacements . •“To catch a thief you have to think like a thief”. •All depends upon the trustworthiness of the ethical hacker. •Hiring professionals is expensive.
  • 19. 19