DEV Community

Cover image for What is ethical hacking and penetration testing? Get paid to hack
Amanda Fawcett for Educative

Posted on • Originally published at educative.io

What is ethical hacking and penetration testing? Get paid to hack

Did you know you can get paid to hack computers? Ethical hacking involves legally breaking into computers to test an organization's security defenses.

There is a gap in supply-demand for penetration testing and ethical hacking. With increased concerns for cyber security, the need for professional hackers is growing. Not only is this industry important for the future of computing, it is also a career path that pays well. The average base salary reports at $121,000 per year.

If you’re completely new to the field of ethical hacking, you’re in the right place. I'll walk you thought the different types of hackers and how to get certified as a pen tester.

Today, we'll cover:


Start your career as a pen tester.

Take your first step and learn the best practices for preventing vulnerabilities.

Practical Security: Simple Practices for Defending Your Systems


What is ethical hacking and penetration testing?

An ethical hacker is an expert in information security who systematically tries to penetrate a network or computer system or network to locate security vulnerabilities that a malicious hacker could misuse. This job requires a similar set of skills as a malicious hacker, such as:

  • Send phishing emails
  • Brute-force password attacks
  • Breach perimeters
  • Exploit system misconfigurations

Ethical hackers are usually hired before a new system goes live, and often times, organizations will use a bounty scheme: a financial reward is provided to ethical hackers who demonstrate evidence of a system's flaw.

Penetration testing is a specific type of ethical hacking that involves hiring a certified professional to asses the strengths of a preexisting system. Usually, pen testers are given privileged information and use it to find exploitable flaws. These tests include:

  • Web application tests
  • Wireless network tests
  • External/internal network tests

These pen tests are typically more systematic and implemented at regular, preset times, i.e. before a major change to application is released.

Is ethical hacking legal?

Ethical hacking exists at an interesting legal gray area. Some of the laws on ethical hacking are ambiguous or don't account for all scenarios an ethical hacker faces.

The main difference between ethical and unethical hacking is consent. A hacker must be authorized to act, and an organization must have customer permission to give out confidential data.

The best way to keep parties safe is to sign a legal agreement that meets the following four conditions:

  1. A statement of work (SOW) is signed by both the hacker and the client. This describes the goal of the hacking and what actions the hacker is allowed to take.
  2. An NDA is signed to protect business information.
  3. Both parties have total transparency on expectations and every action taken.
  4. Both parties sign a liability release form to free the hacker of any responsibility of unintended outcomes.

Types of hackers and terminology

So, we know that ethical hackers use the skills of a malicious hacker to help a company. But what about other types of hackers? Let's investigate the different types of hackers out there and learn how they differ from an ethical hacker.

Alt Text

White hat hackers

Also called ethical hackers, these are the professional security specialists/analysts, and penetration testers who work with companies, industries, and computer systems to develop more robust security systems. They must understand the methodologies of malicious hackers as well as the legal frameworks in place that define current security protocols.

Black hat hackers

These are the malicious hackers who exploit weaknesses for gain. These are people we want to stop. They are hackers who look for data breaches with malicious intent, such as malware/virus distribution and malign data mining. Black hat hackers commonly commit banking fraud, extortion, blackmail, and identity theft on network users.

Gray hat hackers

These hackers may not use data for ill ends, but they do use unethical means to make a system safer. Gray hat hackers understand the ins and outs of hacking and may use it for self-serving means. For example, an unauthorized hacker breaks into a website and emails the CTO about the weakness they found. No, they aren't harming anyone. But yes, they are breaking the law.

Green hat hackers

These are hackers with limited understanding of the process and may use obvious methods to hack private data and passwords. They will commonly be found on social media, particularly online forums to trap unsuspecting users.

Blue hat hackers

These hackers are usually malicious towards one company or person. Hackers in this group use their skills to exploit specific people for the purpose of retaliating. A blue hat hacker may have political motivations.

Red hat hackers

These are the vigilante hackers. These hackers try to stop malicious hackers through things like viruses, initiate DoSing, or even destroy a computer from the inside out. Their excessive methods aim to shut down a black hat hacker altogether.

Script kiddies

These are hackers who have very limited practical knowledge on hacking but learn how to infiltrate network systems. They may be seeking knowledge on different architectures and rely on prewritten code or software to infiltrate networks.

What does an ethical hacker do?

Ethical hacking represents a wide field of responsibilities. Like every field, there are multiple domains that can take years to master. For example, some ethical hackers focus on vulnerability assessment (VA) while others focus on penetration testing.

In general, the following are some of the most common responsibilities that an ethical hacker will have:

  • Perform a VA and suggest repairs
  • Sniff networks or bypass a wireless encryption
  • Hijack web servers and web applications
  • Attempt to evade IDS (Intrusion Detection systems), IPS (Intrusion Prevention systems) and firewalls
  • Analyze patch installations
  • Employ social engineering techniques, like phishing emails, to train employees with sensitive information
  • Use port scanning tools to find open ports
  • Gain entry using SSH attacks, DoS attacks, MAC address spoofing, or SQL injections
  • Work with a team to test a specific product using real-world invasion (called Red Teaming)
  • Cover tracks to avoid detection
  • Create an in-depth report of your hacking experience
  • and more

Want to learn more about the most common breaches, attacks, and vulnerabilities? Check out our Guide to Cyber Security
for an introduction.

What tools does an ethical hacker use?

Other than basic programming skills, there are hundreds of tools that ethical hackers use to test sites and applications. Many of the most popular tools are open source and require advanced programming skills. Let's take a look at the top tools used by ethical hackers.

  • Programming languages: As an ethical hacker, it's important to know multiple languages. The most popular for hacking are HTML, Java, JavaScript, Python, PHP, SQL, C/C++, and Ruby.

  • Code security and analysis: Kiuwan is a common application security too used to analyze code and code security. For example, you can use this to create action plans for remedying a vulnerability.

  • Create custom plugins: Ettercap is a cross-platform tool for creating custom plugins. This helps with overall network security for man-in-the-middle attacks.

  • Port scanner: Nmap is a security and port scanner that can be used to explore networks. It is popular for detecting hosts on a network and any packet filters.

  • Mimic a hacker: Netsparker is ideal for ethical hackers. It mimics a hacker's move to identify SQL injections and cross-site scripting.

  • Vulnerability management: Acunetix can identify over 4,500 web application vulnerabilities. It is a web crawler that can integrate with other tools and platforms.

  • Scan a web server: Nikto can be used to scan a web server for dangerous files, version issues, and more. It can check for over 6,700 dangers.

  • Password cracker: The most popular password cracker is Jack the Ripper. It detects weak UNIX passwords and can perform dictionary attacks.

How to get certified as an ethical hacker

So, we know what an ethical hacker is, and we understand what the job entails. But how do you actually become an ethical hacker or pen tester?

Here's what you'll need at a glance:

  • Expert in multiple programming languages
  • Solid knowledge of computer networking and system design
  • UNIX/LIUX
  • Understanding of cryptography
  • Knowledge of operating systems and databases
  • CEH Certification
  • Mastery over hacking tools

Step 1: Basic knowledge

To become an ethical hacker, you need to know multiple programming languages, understand computer networking, OS, databases, and system design concepts.

To be a white hat hacker, you need a strong grasp on networking concepts, network architecture, internet protocols, and ports.

It's important to have a solid understanding of MySQL and SQL. Start by making your own database.

Linux is the most common operating system for hacking. Most hackers use the Linux kernel. Without learning UNIX/LINUX, it is not possible to become a hacker.

Step 2. Learn cryptography and cybersecurity

Once you get the computer science basics down, you should move onto cryptography, such as encryption and decryption. These are essential processes for any hacking job. To be a good hacker, you need to deeply understand how cryptography works. You also need knowledge of cybersecurity, such as concepts like TCP/IP, proxies, and UDP protocols.

Step 3. Start using hacking tools

Ethical hackers use a lot of software and hardware. It's important to have knowledge of these tools. I mentioned a few above. Explore online courses and sites that allow you to explore these tools with hands-on practice or games. Some practice environments are Burp Suite, Ettercap, Wireshark, DVWA, and Linux Distro.

Step 4: Get your CEH Certification

The main certification you'll need is the CEH (Certified Ethical Hacker). You can take online classes for this certificate, and the actual test takes around 4 hours. You usually don't need prerequisite knowledge of ethical hacking.

This is commonly compulsory for applying to an ethical hacker or pen tester position. Other, more specialized certifications are:

  • CHFI — (Computer Hacking and Forensic investigator)
  • OSCP — (Offensive Security Certified Professional)
  • OSCE — (Offensive Security Certified Expert)
  • CISM — (Certified Information Security Manager)

Step 4. Apply to jobs

Once you get your CEH V9 or CEH V10, you can apply for pen tester or ethical hacker jobs. There is a wide variety of jobs out there for ethical hackers and pen testers. Take a look at a few:

  • Cybercrime investigator
  • Cybersecurity analyst
  • Cyber Security Engineer
  • IT auditor
  • Information Security Manager
  • and more

What to learn next

Congrats! You've just learned the basics of ethical hacking and penetration testing. You're ready to move onto the next step. Where you go next largely depends on what knowledge you already have.

If you are new to programming, I recommend learning a programming language like Python, HTML, JavaScript, or Java. Educative's blog has many free beginner guides to most of these languages. Take a look to get started.

Or, if you already know some popular languages, get started with a course on cybersecurity, like Educative's Practical Security: Simple Practices for Defending Your Systems.

If you already have some knowledge of practical security, consider learning about web application security and HTTP cookies. I recommend Educative's course Web Application Security for the Everyday Software Engineer.

No matter your experience, it's time to take that step and begin your career as an ethical hacker!

Happy learning!

Continue reading about hacking and cybersecurity

Top comments (2)

Collapse
 
samuleduke profile image
samuleduke

I've read your blog post and it's been very informative! I recommend to concern penetration testing company for the best penetration testing.

Some comments may only be visible to logged-in visitors. Sign in to view all comments.