A security researcher identifies vulnerabilities, flaws, and malware in software applications to improve security measures, differing from programmers and hackers in their approach and expertise. Due to increasing cyber attacks, there is a growing demand for security researchers, who act proactively to safeguard systems, sometimes employing ethical hackers for penetration testing. Ethical dilemmas exist in responsible disclosure of vulnerabilities, as researchers must balance informing stakeholders while preventing malicious exploitation.

1. Security Researcher
A Security researcher is the one who used to find Security Vulnerabilities , flaws ,
Bugs and Malware in various software applications and simply report them to
company owners and take security actions.
Security researcher is the someone with extraordinary security skills who is an expert
in how to find, fix, and prevent vulnerabilities in software and operational
environments.
Due to the rise of cyber attacks and origins of new Malwares increases the demand
for Security Researchers.

2. Difference Between Hacker, Programmer and
Security Researcher
Programmer
A programmer is the
most skilled coder and
has expertise only in a
couple of programming
languages. The basic
function of a
programmer is to write
the codes for a smooth
and efficient application.
Both the Hackers and
Developers are
Programmers.
Security Researcher
Security researcher is the one
who find flaws , Bug, Malware,
Exploits in various software
applications and simply report
them to company owners and
take security actions. Unlike
Hackers, as I told you, hacker
may sell this same data or
could be used for wrong
associations.
Hacker
A hacker is defined as a
person who uses bugs or
any other form of error to
enter a computer system.
A Hacker does not makes
applications but makes
alterations in it to enter its
system. Hackers are
required in emergency
situations and are widely
known for their speed.

3. Necessary for Companies to Hire Hackers
as Security Researcher?
 “The rationale for hiring criminal hackers is based on the thinking that, ‘It takes a
thief to catch a thief.”
 Many companies find qualified cyber security professionals , because many job
applicants do not have the necessary experience to perform well on the job.
 It seems the shortage of cyber security experts might make it necessary for
companies to continue to hire hackers — regardless of what hat (black, white or
grey)they wear — for the foreseeable future .
 If you are breached, a hacker may be able to locate the vulnerability much faster,
preventing an ongoing attack.
 Security researcher provides a layer of defense against cyber attacks on your
network . In other words, they find vulnerabilities before hackers do, giving you an
opportunity to shore up your defenses before you have a problem.

4. Necessary for Companies to Hire Hackers
as Security Researcher?
 Google Hires A Star-Studded Team Of Hackers To Fix The Internet. Google also
hire ethical hackers for “penetration testing” which basically means that the
hackers have to try and hack the software made by Google to ensure there are
no security flaws.
 In 2011, Facebook welcomed 21-year-old George Hotz onto its development
team. Hotz had been involved in a months-long court battle against Sony
because he had hacked into the company’s Play station 3 platform.

5. Ethical Dilemmas For Security Researchers
 The most obvious is: Is it ethical to break into a system without permission, even
with good intentions?
 Another dilemma is: How can people responsibly inform potential victims of
security vulnerabilities without informing malicious hackers who would take
advantage of them?
Responsible security professionals do not announce security flaws to the public as soon
as they discover them. They inform the software company or system manager
responsible for the software and allow time for them to prepare patches (corrections)
or close security holes before making a public announcement.

6. Application Security Vulnerability
 An application security vulnerability is “a hole or a weakness in the application,
which can be a design flaw or an implementation bug, that allows an attacker to
cause harm to the stakeholders of an application.”
 Once an attacker has found a flaw, or application vulnerability, and determined
how to access it, the attacker has the potential to exploit the application
vulnerability to facilitate a cyber crime.

7. Types of Security Vulnerabilities
The most common computer vulnerabilities include:
 Bugs
 Weak passwords
 Missing data encryption
 Missing authorization
 URL redirection to untrusted sites

8. Types of Security Vulnerabilities
 SQL INJECTIONS
SQL injection is a type of web application security vulnerability in which an attacker
attempts to use application code to access or corrupt database content. SQL injection is
one of the most prevalent types of security vulnerabilities.
 CROSS SITE SCRIPTING (XSS)
XSS allows attackers to execute scripts in the victim's browser which can hijack user
sessions, deface websites or redirect the user to malicious sites.
 Privilege Escalation
Privilege escalation is the result of actions that allows an adversary to obtain a higher
level of permissions on a system or network.

9. What does a Security Researcher do
 Find bugs and flaws in Application
 Responsible Disclosure of Vulnerabilities
 Malware hunting
 Testing security Controls
 Testing Hardware devices and protocols (rules for transmitting data)
 Present technical findings in easily digestible format to the stake holders