Ethical hack

From Wikipedia, the free encyclopedia

This article is orphaned as few or no other articles link to it. Please help introduce links in articles on related topics. (May 2008)

Ethical hack or penetration test is performed on enterprise applications by a third party to find vulnerabilities in the application so that they can be remidiated before a new application goes live in production. This is also done on existing applications, typically on a yearly basis, to find out vulnerabilities so that they can be fixed.

Contents 1 Introduction 1.1 When is it done 2 Tools for Ethical hack Testing 3 See also 4 External links

[edit] Introduction

Ethical hacking is essentially the act of unearthing vulnerabilities in a web based application before going live so that they can be fixed before being accessed by anyone. People who do it are IT professionals, not by hackers with darker intentions. Many companies use different third party providers for ethical hacking services. For example, one large bank or large internet vendor might utilize outside professional services yearly to test their major applications yearly, using a different firm each time. The idea is to get a different perspective, because methodologies differ from firm to firm, not to mention the different habits of the people performing the test.

[edit] When is it done

For new web applications, the penetration testing is typically done before it is moved to production. Typically the system will be deployed on a pre-production environment where the penetration testing on it will be done and an EH report published. The EH report for this report has to be thoroughly analyzed and all concerns have to remidiated or addressed before the system is moved to production. For existing applications, typically the penetration testing is done once a year based on which an EH report is produced with issues and remidiation steps.

It might be noted here that remediating the findings, specially in a large enterprise with thousands of applications spread across hundreds of servers is a fairly complex and involved process.

[edit] Tools for Ethical hack Testing

• DeepSource - a comprehensive methodology for EH testing by Primeon
• HP Application Security Products - HP Application Security Resource Library

[edit] See also

• Software inspection
• Debugging
• Software testing
• Static code analysis
• Performance analysis

[edit] External links

• Ethical hacking - Introduction to Ethical Hacking
• Web Application hacking - Basics of Web Application Ethical Hacking
• Vulnerability Assessment Executive Summary WebPower Application - Shows EH testing within the Framework of Application VA testing
• Ethical hacking: The other side of the fence - Discusses the process of evaluating outside firm for EH testing
• The Ethical Hack - A Framework for Business value Penetration Testing, Book by James S. Tiller