“Who Was That Masked Man?”: System Penetrations—Friend or Foe?
This chapter explores a range of hacking techniques that can be used for either malicious or good purposes. It focuses on the role of the penetration tester, also known as a white hat hacker, or an ethical hacker. The discussion highlights the need to employ ethical hackers to expose system vulnerabilities so that they can be addressed before they are exploited by criminals or other threat actors. Because the techniques and methods used by ethical hackers are largely the same as those used by malicious hackers, there are some risks that need to be considered. Moreover, that there is a need for improving the standard of professionalism amongst ethical hackers, through certification, education and validation. Professionals in this area of IT assist organizations to mitigate cyber threats, not only by testing systems, but also in reviewing policies, procedures and controls. Ethical hackers are thus, an integral component of a mature security program.
KeywordsPenetration testing Ethical hacking White hat hacking Hackers
- Burmeister OK (2017) Professional ethics in the information age. J Inf Commun Ethics Soc 15(2)Google Scholar
- Cisco (2015) Mitigating the cybersecurity skills shortage: top insights and actions from Cisco Security Advisory Services, 2015, 2. Viewed May 15, 2017. http://www.cisco.com/c/dam/en/us/products/collateral/security/cybersecurity-talent.pdf
- Engebretson P (2013) The basics of hacking and penetration testing: ethical hacking and penetration testing made easy. Elsevier, WalthamGoogle Scholar
- Granger S (1994) The hacker ethic. In: Proceedings of the conference on Ethics in the computer age, ACM, pp 7–9Google Scholar
- Graves K (2010) CEH: certified ethical hacker study guide. Wiley, IndianapolisGoogle Scholar
- “Kali Tools” (n.d.) Viewed June 5, 2017. http://tools.kali.org/tools-listing
- Morris RG (2010) Computer hacking and the techniques of neutralization: an empirical assessmentGoogle Scholar
- “NVD – CVSS” (n.d.) Viewed May 19, 2017. https://nvd.nist.gov/vuln-metrics/cvss
- Telstra (2016) Telstra cyber security report 2016. Viewed April 28, 2016. http://exchange.telstra.com.au/2016/02/23/telstra-cyber-security-report-2016/
- Thomas G (2017) An ethical hacker can help you beat a malicious one. The Conversation. Viewed May 19, 2017. https://theconversation.com/an-ethical-hacker-can-help-you-beat-a-malicious-one-77788
- Thomas G, Burmeister OK, Low G (2017a) Issues of Implied Trust in Ethical Hacking. In: Proceedings of The 28th Australasian Conference on Information Systems, December 4–6, Hobart, AustraliaGoogle Scholar
- Thomas G, Duessel P, Meier M (2017b) Ethical issues of user behavioral analysis through machine learning. J Inf Syst Secur 13(1):11Google Scholar
- Verizon (2016) 2016 data breach investigations report. Viewed May 24, 2017. http://www.verizonenterprise.com/verizon-insights-lab/dbir/2016/