Introduction to ETHICAL HACKING
Hacking and ethical hacking are often subject to much misinterpretation.
We've tried to deconstruct some of those myths and introduce readers to
some of the basic concepts of ethical hacking.
The book itself can be divided into three parts, the Introduction,
Information Security, and Hacking the web / network.
In the Introduction to this book, we have tried to give readers a clearer
idea of what exactly constitutes hacking. We explore the ethical lines of
hacking, and the dissonance between ethical as a legal or moral binding.
We question why the term even needs the prefi x “ethical”. We also take
a look at the terms Black Hat hacker and White Hat hacker and how to
distinguish between them.
In our second section on Information Security we deal with some of
the most basic devices for security and access control: Passwords. In the
chapter “Access Denied” we look at exactly what does it take for a password
to be secure? We look at what makes a strong password strong and some of
the technical limits to cracking password. We also look at brute force and
dictionary attacks as means of password cracking.
In the second chapter on “Social Engineering” we explore the social
engineering, as a concept of using social means for fi nding passwords
instead of purely electronic means. Here we will look at some of the
popular modes of social engineering.
In the chapter “The ethical bit” we explore the ethical uses of knowing
how to crack passwords. We see how knowing the processes by which
passwords are hacked can help us pick better uncrackable passwords. We
look at how one can have a password which is easy to remember and strong
at the same time.
In “Hashes” we look at some of the uses of hashes in information
security and how they can be cracked to reveal a password. The “What
the #!” chapter then deals with what exactly a hash is, how it relates to
passwords and how can it be hacked. We explore all these questions and
explore the basic function and operation of hashes.
In “Of Rainbows and Salt” we look at hash chains, and rainbow tables, which are popular means of deciphering hashes. We look at salts, which
offer some protection against such means of hacking hashes.
The third section in this Fast Track could actually be looked at as two
sections, on “Hacking the network” and “Hacking the web”. It is as such
divided into two parts. Hacking over the network, and hacking websites
are some of the most common attacks. We look at what goes behind an
attack and how one can be stopped.
In the “Network hacking” part we look at hacking network
infrastructure and the steps that need to be taken before a successful
attack can be made. We divide the process into four steps of “Footprinting”,
which is the preliminary research conducted based on freely available
information; “Scanning”, which involves poking and prodding network
systems for information on vulnerable systems; “Enumeration / Banner
Grabbing”, where we actually connect to systems which are attackable and
gather relevant system data; “Penetration”, is the fi nal step of exploiting
vulnerabilities and constructing attacks based on the information gathered
in the previous steps.
In the “Web Application Hacking” part we look at ten of the most
common attacks that plague the internet today. The list of attacks is as
featured by “OWASP Top 10 for 2010” and we use a framework called
WebGoat for studying a few of these attacks.
Over the course of this section we will cover in detail: “Injection”,
“Cross-Site Scripting”, “Broken Authentication and Session Management”,
“Insecure Direct Object References”, “Cross Site Request Forgery (CSRF)”,
“Security Misconfi guration”, “Insecure Cryptographic Storage”, “Failure
to Restrict URL Access”, “Insufficient Transport Layer Protection”, and
“Unvalidated Redirects and Forwards”.
In concluding, with “Hacking… Anything” we look at how the world
of hacking is not limited to only computers. We look at the advantages of
hacking and how a hackable application is not always a bad thing.
This Fast Track also includes a few appendices which contain some
further information relevant to for those starting their hacking activities.
Please comment about how you felt the articles was and any better suggestions, whatever you want to tell or ask.
If you liked this article then please Follow Us on Facebook
Please comment about how you felt the articles was and any better suggestions, whatever you want to tell or ask.
If you liked this article then please Follow Us on Facebook
By Amrut Deshmukh
nice job friend
ReplyDeleteThanks ... !
Delete