Ethical Hacking

Hansika Herath — Sun, 30 May 2021 04:54:34 +0000

🔘What is ethical hacking?

Ethical hacking, also known as penetration testing or pen testing, is legally breaking into computers and devices to test an organization’s defenses. It involves an authorized attempt to gain unauthorized access to a computer system, application, or data. Thus, unlike malicious hacking, this process is planned, approved, and more importantly, legal.

Ethical hackers improve the security posture of an organization. Ethical hackers use the same tools, tricks, and techniques that malicious hackers used, but with the permission of the authorized person. The purpose of ethical hacking is to improve the security and to defend the systems from attacks by malicious users.

Ethical hackers are often referred to as white-hat hackers. Ethical hackers learn and perform hacking in a professional manner and they are hired by organizations to look into the vulnerabilities of their systems and networks and develop solutions to prevent data breaches.
Types of ethical hacking

We can define hacking into different categories, based on what is being hacked:
· Web application hacking
· Social engineering
· System hacking
· Hacking wireless networks
· Web server hacking

🔘The process of ethical hacking

There is a six-step process that is usually performed by ethical hackers in ethical hacking.

▪ Reconnaissance
It is the principal stage. Here the white-hat hacker attempts to gather information about the objective. It incorporates Identifying the Target, discovering the objective’s IP Address Range, DNS records, Network, and so on.

▪ Scanning
In the stage of scanning, the hacker starts to effectively test an objective machine or organization for weaknesses that can be abused.

▪ Gaining Access
In this stage, the hacker plans the outline of the organization of the objective and concludes that they have a few alternatives to access the organization.

▪ Maintaining Access
In this stage, the hacker has effectively gotten entrance into a framework and introduces a few secondary passages to go into the framework when he needs access in this possessed framework in the future.

▪ Clearing Track
In this stage, hackers clear their track. This step ensures that the attackers leave no clues or evidence behind that could be traced back.

▪ Reporting
In this last stage of the process, the ethical hacker create a report on the findings like weaknesses found in the system and the work that was done.

🔘There are some limitations of ethical hacking=>

💫Limited scope. Ethical hackers cannot progress beyond a defined scope to make an attack successful. However, it’s not unreasonable to discuss out of scope attack potential with the organization.

💫Resource constraints. Malicious hackers don’t have time constraints that ethical hackers often face. Computing power and budget are additional constraints of ethical hackers.

💫Restricted methods. Some organizations ask experts to avoid test cases that lead the servers to crash (e.g., Denial of Service (DoS) attacks).

🔘Benefits of ethical hacking

▪ Implementing a secure computer network that prevents security breaches.
▪ Discovering vulnerabilities from an attacker’s point of view, so that weak points can be fixed.
▪ Helps in taking preventive actions against hackers.
▪ Helps in building a system which prevents any kinds of penetration by hackers.
▪ Gaining the trust of customers and investors by ensuring the security of their products and data.

Thank you very much for reading. Hope you get an idea about Ethical hacking.

SDLC Methods and Their Advantages & Disadvantages.

Hansika Herath — Fri, 20 Nov 2020 07:37:34 +0000

What is SDLC?

SDLC Stands for Software Development Life Cycle. SDLC is a process used by the software industry to design, develop, and maintain the quality of software. This framework defining tasks containing 6 steps. The SDLC aims to produce high-quality software that reaches customer expectations, with completion within times and lower cost.

The following shows a graphical representation of the stages of SDLC.

Let's look at SDLS Methodologies

⚫Waterfall Model

This is a linear sequential flow. Progress is seen as flowing steadily downwards (like a waterfall) through the phases of software implementation. This means any phase in the development process begins only if the previous phase is complete. The waterfall approach is most widely known that was used for software development.

⚫V-Shaped Model

Mainly V-shaped model planning the early test. In this model, Software requirements clearly defined and known.
Software development technologies and tools are also well-known.

⚫Prototyping Model

This method is to create prototypes of software applications which can occur in software development and It used to visualize some component of the software to limit the gap of misunderstanding the customer requirements. It has some types, such as:
Throwaway prototyping
Evolutionary prototyping
Incremental prototyping
Extreme prototyping

⚫Spiral Model

The spiral model is used for large, expensive, and complicated projects. This model uses many of the same phases as the waterfall model shown in the figure.

⚫Iterative and Incremental Model

This model starts with initial planning and ends with deployment with the cyclic interactions in between. Basically, this method is to develop a system through repeated cycles (iterative) and in smaller portions at a time (incremental), From that software developers can take advantage of what was learned during the development earlier.

⚫Agile Model

This is based on iterative and incremental development. It can be used with any type of project. Also, we can use it when the customer needs to have some functional requirements and the requirements are not clear enough.

DEV Community: Hansika Herath

Ethical Hacking

SDLC Methods and Their Advantages & Disadvantages.