Course taster

Pen testing or ethical hacking

In the interconnected world we live in, networks are a vital part of every organisation. They are used to facilitate connectivity between critical assets. Testing the resilience of these networks is important to ensure that intellectual property and customer data are secure.

What is pen testing?

Pen (penetration) testing, or ethical hacking, can be defined as probing and testing a computer system or network with the owner's consent to locate and identify vulnerabilities and weak points that could be used by an attacker to gain access to the system. Organisations usually use pen testing to test for known and unknown problems to protect user data and user privacy. Upon completing their assessment, an ethical hacker shares their findings with the organisation, as well as provides advice on corrective measures that can be used to mitigate cyber-attacks (Harris et al., 2008).

An ethical hacker is a cybersecurity engineer with specialist knowledge in information security. Similar to or better than an attacker, they use their knowledge to test a functional system using a five-step approach: planning and reconnaissance, scanning, gaining access, maintaining access and covering tracks (Harris et al., 2008).

What are the conditions needed to perform pen testing?

  1. A contract between the pen tester and the client/organisation
  2. A non-disclosure agreement to protect user and business information, as well as the methods used during the pen test
  3. Transparency (a liability release)

A written agreement with a defined scope signed by the pen tester and the client will be the legal authority to proceed. It is important that prior to starting the process, the company checks if it is under any legal obligations to prevent an attack from accessing users' secure personal information. The contract should have the following:

  1. a statement of work (SOW)
  2. a non-disclosure agreement
  3. a liability release document

If you want to learn more, you can read about a real-life ethical hack of a power station.

System hardening practicesThe five steps of pen testing