In last chapters of this series, we brought into picture the basics of SECURITY Testing where we covered Information, Mobile and Network Security Introduction. In order to elaborate these topics more, it is important to understand what exactly is Hacking. This will help us understand the importance of Security Testing.
- We will be discussing in detail about HACKING in order to be able to create a base for better understanding of TESTING. Which helps us create a secured environment for negligible data breaches in future.
- Why it is important to discuss about this is just because of the fact that we need to test our systems, applications, server and database in advance to protect them from any type of outside/inside exploitation or attack.
- We also need to perform different types of attacks on the system under test while performing Security Tests
There are different classes of Hackers and out of these classes, one class is called as White Hats. Before moving onto the details of Hackers’ classes. Let’s see the definition of Vulnerability.
“A vulnerability, in information technology (IT), is a flaw in code or design that creates a potential point of security compromise for an endpoint or network. Vulnerabilities create possible attack vectors, through which an intruder could run code or access a target system’s.”
All of the above content easily tells that the motive of Hackers is not good. Below I have mentioned few such motives.
Motive of Hackers
- Data Manipulation
- Disrupting Business Continuity
- Information Theft
- Creating Fear and Chaos
- Damaging Reputation of the Target
- Ransomware / Cyber attacks
After discussing the motives of Hackers, we can check upon the types of Hackers which comes under Hacker Classes.
Hacker Classes
As we can see in above section that there are so many types of Hackers and they can threat the information in various ways. Before closing this chapter let’s conclude it with few Information Security Threats overall picture once again. This is just the review of last three Chapters.
Information Security Threats
Regular assessment is the right approach to identify the threats.
- Vulnerability assessment is an audit of the properties and attributes of a system in control and applications.
- Network and Communication are also the part of same.
- Assessment objective is to assess the current security applied policies.
- This assessment helps us to see that where we are standing and if everything is alright in the system with respect to the security then what more advanced methods can we apply to be more secured and withstand.
There are terms like Security Audit, Vulnerability Assessment and Penetration Testing.
- Security Audit: Audit as the word implies always verify and validate the adherence of set of policies and procedures as per the standards.
- Vulnerability Assessment: Assessment, The word automatically implies that the focus is just on discovering and assessing vulnerabilities.
- Penetration Test : In the above two, we are just validating and verifying the procedures on various aspects of security and just discovering the flaws. But in PEN TEST, we simulate attacks and exploit the vulnerabilities.
- This helps us to identify the exact measure of vulnerability and if the same occurs then what will be the damage.
- Under this category, Black Box, White Box & Grey Box Tests are performed
- Black Box : No prior knowledge at all
- White Box : All what is needed for the testing is known prior to designing, creating and executing the test
- Grey Box : Knowledge will be there but limited
This is all about Introduction to hackers and in next chapter. We will be covering the Phases of Hacking.
Happy Reading : …. Cheers 🙂