In general hacking is the process of intruding into information without the user knowledge. This hacking can be defined into two major categories. They are
- Ethical/legal hacking
- Non ethical/illegal hacking
Ethical hacking is done with expert hackers by analyzing and attacking the security system of an organization to crack confidential data and take advantage. In common hackers get information from a particular source to take advantage. Unlike other hackers, legal hackers get permission from the authority to test the security system. This hacking technology has been in the field for a long while. This has gained much attention due to the increasing use of computer resources and internet technology. For example if an organization is working with ecommerce site and if they have more confidential data like credit card number, address and so on, they will have the fear of losing their security by the crackers. Due to increased fear of security, those organization approaches ethical hackers. These people check for the vulnerability possibilities and report it to the authority and recommend what has to be done to build safety firewall.
Major operations of legal hackers
- They have legal permission to intrude into the software system or database.
- They only check into the security system of the organization to intrude into it.
- They will be trained with running vulnerability testing assessment to check on the loopholes of the software.
- They check on the rate of weakness for the software which allows cyber criminals.
- This vulnerability test has to be done for every updates of the software to prevent unauthorized access of information.
These are just the external view of their work. In technical means, they proceed with the following test.
- Web application
- SQL server
- E-mail (All types)
- Terminal service
- Remote connection
Main testing is done with passwords access. Thus using types of encryption methods security o passwords are checked.
Their methodology of hacking involves five different phases. They are
- Gaining access
- Maintaining access
- Covering Tracks
This is a field to enlighten the customer as well as organization information security mainly in the developing ecommerce world.