Using ethical hacking to ensure security

Wednesday, 9 July 2003, 2:51 PM EST

Ethical hacking, also known as internal security auditing, is an effective method to determine security vulnerabilities within IT architectures.

It is usually described as a controlled simulation of an attack against network resources in order to achieve a predetermined goal. That goal might be to find specific information on a server, determine if an outsider could disrupt operations for a significant period of time, or to modify Web content.

Ethical hacking is used to determine the reliability and strength of a firm's Internet security measures. Ethical hackers employ attacks, exploits and other techniques to audit and assess networks, servers and applications.

The practice first emerged within the U.S. intelligence community and military, when "tiger teams" or ethical hackers would simulate attacks against government IT assets to determine vulnerabilities. The teams would employ the same tools and techniques as malevolent intruders, but they would not cause any harm. Instead, they would evaluate the target systems' security and report back to the various departments with the vulnerabilities they found and instructions for how to remedy them.

[ Read more ]


Why vulnerability disclosure shouldn’t be a marketing tool

Brian Honan, CEO at BH Consulting, talks about a recent vulnerability disclosure trend – a trend that he believes may ultimately cause more harm than good: security vendors using vulnerability disclosure as a marketing tool with the goal of enhancing their company’s bottom line.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Wed, Jul 1st