Did you know you can get paid to hack computers? Ethical hacking involves legally breaking into computers to test an organization's security defenses.
There is a gap in supply-demand for penetration testing and ethical hacking. With increased concerns for cyber security, the need for professional hackers is growing. Not only is this industry important for the future of computing, it is also a career path that pays well. The average base salary reports at $121,000 per year.
If you’re completely new to the field of ethical hacking, you’re in the right place. I'll walk you thought the different types of hackers and how to get certified as a pen tester.
Today, we'll cover:
- What is ethical hacking and penetration testing?
- What does an ethical hacker do?
- How to get certified as an ethical hacker
- What to learn next
Start your career as a pen tester.
Take your first step and learn the best practices for preventing vulnerabilities.
An ethical hacker is an expert in information security who systematically tries to penetrate a network or computer system or network to locate security vulnerabilities that a malicious hacker could misuse. This job requires a similar set of skills as a malicious hacker, such as:
- Send phishing emails
- Brute-force password attacks
- Breach perimeters
- Exploit system misconfigurations
Ethical hackers are usually hired before a new system goes live, and often times, organizations will use a bounty scheme: a financial reward is provided to ethical hackers who demonstrate evidence of a system's flaw.
Penetration testing is a specific type of ethical hacking that involves hiring a certified professional to asses the strengths of a preexisting system. Usually, pen testers are given privileged information and use it to find exploitable flaws. These tests include:
- Web application tests
- Wireless network tests
- External/internal network tests
These pen tests are typically more systematic and implemented at regular, preset times, i.e. before a major change to application is released.
Ethical hacking exists at an interesting legal gray area. Some of the laws on ethical hacking are ambiguous or don't account for all scenarios an ethical hacker faces.
The main difference between ethical and unethical hacking is consent. A hacker must be authorized to act, and an organization must have customer permission to give out confidential data.
The best way to keep parties safe is to sign a legal agreement that meets the following four conditions:
- A statement of work (SOW) is signed by both the hacker and the client. This describes the goal of the hacking and what actions the hacker is allowed to take.
- An NDA is signed to protect business information.
- Both parties have total transparency on expectations and every action taken.
- Both parties sign a liability release form to free the hacker of any responsibility of unintended outcomes.
So, we know that ethical hackers use the skills of a malicious hacker to help a company. But what about other types of hackers? Let's investigate the different types of hackers out there and learn how they differ from an ethical hacker.
Also called ethical hackers, these are the professional security specialists/analysts, and penetration testers who work with companies, industries, and computer systems to develop more robust security systems. They must understand the methodologies of malicious hackers as well as the legal frameworks in place that define current security protocols.
These are the malicious hackers who exploit weaknesses for gain. These are people we want to stop. They are hackers who look for data breaches with malicious intent, such as malware/virus distribution and malign data mining. Black hat hackers commonly commit banking fraud, extortion, blackmail, and identity theft on network users.
These hackers may not use data for ill ends, but they do use unethical means to make a system safer. Gray hat hackers understand the ins and outs of hacking and may use it for self-serving means. For example, an unauthorized hacker breaks into a website and emails the CTO about the weakness they found. No, they aren't harming anyone. But yes, they are breaking the law.
These are hackers with limited understanding of the process and may use obvious methods to hack private data and passwords. They will commonly be found on social media, particularly online forums to trap unsuspecting users.
These hackers are usually malicious towards one company or person. Hackers in this group use their skills to exploit specific people for the purpose of retaliating. A blue hat hacker may have political motivations.
These are the vigilante hackers. These hackers try to stop malicious hackers through things like viruses, initiate DoSing, or even destroy a computer from the inside out. Their excessive methods aim to shut down a black hat hacker altogether.
These are hackers who have very limited practical knowledge on hacking but learn how to infiltrate network systems. They may be seeking knowledge on different architectures and rely on prewritten code or software to infiltrate networks.
Ethical hacking represents a wide field of responsibilities. Like every field, there are multiple domains that can take years to master. For example, some ethical hackers focus on vulnerability assessment (VA) while others focus on penetration testing.
In general, the following are some of the most common responsibilities that an ethical hacker will have:
- Perform a VA and suggest repairs
- Sniff networks or bypass a wireless encryption
- Hijack web servers and web applications
- Attempt to evade IDS (Intrusion Detection systems), IPS (Intrusion Prevention systems) and firewalls
- Analyze patch installations
- Employ social engineering techniques, like phishing emails, to train employees with sensitive information
- Use port scanning tools to find open ports
- Gain entry using SSH attacks, DoS attacks, MAC address spoofing, or SQL injections
- Work with a team to test a specific product using real-world invasion (called Red Teaming)
- Cover tracks to avoid detection
- Create an in-depth report of your hacking experience
- and more
Want to learn more about the most common breaches, attacks, and vulnerabilities? Check out our Guide to Cyber Security
for an introduction.
Other than basic programming skills, there are hundreds of tools that ethical hackers use to test sites and applications. Many of the most popular tools are open source and require advanced programming skills. Let's take a look at the top tools used by ethical hackers.
Code security and analysis: Kiuwan is a common application security too used to analyze code and code security. For example, you can use this to create action plans for remedying a vulnerability.
Create custom plugins: Ettercap is a cross-platform tool for creating custom plugins. This helps with overall network security for man-in-the-middle attacks.
Port scanner: Nmap is a security and port scanner that can be used to explore networks. It is popular for detecting hosts on a network and any packet filters.
Mimic a hacker: Netsparker is ideal for ethical hackers. It mimics a hacker's move to identify SQL injections and cross-site scripting.
Vulnerability management: Acunetix can identify over 4,500 web application vulnerabilities. It is a web crawler that can integrate with other tools and platforms.
Scan a web server: Nikto can be used to scan a web server for dangerous files, version issues, and more. It can check for over 6,700 dangers.
Password cracker: The most popular password cracker is Jack the Ripper. It detects weak UNIX passwords and can perform dictionary attacks.
So, we know what an ethical hacker is, and we understand what the job entails. But how do you actually become an ethical hacker or pen tester?
Here's what you'll need at a glance:
- Expert in multiple programming languages
- Solid knowledge of computer networking and system design
- Understanding of cryptography
- Knowledge of operating systems and databases
- CEH Certification
- Mastery over hacking tools
To become an ethical hacker, you need to know multiple programming languages, understand computer networking, OS, databases, and system design concepts.
To be a white hat hacker, you need a strong grasp on networking concepts, network architecture, internet protocols, and ports.
It's important to have a solid understanding of MySQL and SQL. Start by making your own database.
Linux is the most common operating system for hacking. Most hackers use the Linux kernel. Without learning UNIX/LINUX, it is not possible to become a hacker.
Once you get the computer science basics down, you should move onto cryptography, such as encryption and decryption. These are essential processes for any hacking job. To be a good hacker, you need to deeply understand how cryptography works. You also need knowledge of cybersecurity, such as concepts like TCP/IP, proxies, and UDP protocols.
Ethical hackers use a lot of software and hardware. It's important to have knowledge of these tools. I mentioned a few above. Explore online courses and sites that allow you to explore these tools with hands-on practice or games. Some practice environments are Burp Suite, Ettercap, Wireshark, DVWA, and Linux Distro.
The main certification you'll need is the CEH (Certified Ethical Hacker). You can take online classes for this certificate, and the actual test takes around 4 hours. You usually don't need prerequisite knowledge of ethical hacking.
This is commonly compulsory for applying to an ethical hacker or pen tester position. Other, more specialized certifications are:
- CHFI — (Computer Hacking and Forensic investigator)
- OSCP — (Offensive Security Certified Professional)
- OSCE — (Offensive Security Certified Expert)
- CISM — (Certified Information Security Manager)
Once you get your CEH V9 or CEH V10, you can apply for pen tester or ethical hacker jobs. There is a wide variety of jobs out there for ethical hackers and pen testers. Take a look at a few:
- Cybercrime investigator
- Cybersecurity analyst
- Cyber Security Engineer
- IT auditor
- Information Security Manager
- and more
Congrats! You've just learned the basics of ethical hacking and penetration testing. You're ready to move onto the next step. Where you go next largely depends on what knowledge you already have.
Or, if you already know some popular languages, get started with a course on cybersecurity, like Educative's Practical Security: Simple Practices for Defending Your Systems.
If you already have some knowledge of practical security, consider learning about web application security and HTTP cookies. I recommend Educative's course Web Application Security for the Everyday Software Engineer.
No matter your experience, it's time to take that step and begin your career as an ethical hacker!