avatarDineshchandgr - A Top writer in Technology

Free AI web copilot to create summaries, insights and extended knowledge, download it at here

4311

Abstract

rbTQVHVfbJAdJ1BrtQg.jpeg"><figcaption>Image Source: <a href="https://eduinput.com/wp-content/uploads/2023/03/image-of-types-of-cyber-security.jpg">https://eduinput.com/wp-content/uploads/2023/03/image-of-types-of-cyber-security.jpg</a></figcaption></figure><h1 id="b3af">What is Hacking?</h1><p id="1b23">The act of compromising digital landscapes through unauthorized access is generally referred to as Hacking. Hacking may not be malicious always but it is highly associated with Cyber Crime and the persons who hack the systems are called <b>Hackers or Cyber Criminals</b>.</p><figure id="4fdc"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/1*Ckv2K_zZaqVDA9oZLqCy9w.jpeg"><figcaption>Image Source: <a href="https://dicc.in/blog/wp-content/uploads/2021/08/types-of-hackers-min.jpg">https://dicc.in/blog/wp-content/uploads/2021/08/types-of-hackers-min.jpg</a></figcaption></figure><p id="a44f">There are 3 types of Hackers as shown above</p><p id="27c3"><b>Black Hat:</b> They are the illegal hackers / Cyber Criminals who have bad intentions to hack the systems by making use of existing Cyber Attacks or by introducing a new type of attack</p><p id="1454"><b>White Hat:</b> White hat hackers are cyber security experts been given permission or certification to hack the systems. By doing so, they will explore the vulnerability in the system and they will be of good help to governments and organizations</p><p id="e806"><b>Grey Hat:</b> They are a mix of both Black and White Hat hackers. They might find vulnerabilities in the system without the permission of the organization and some organizations would disregard the Grey Hat hackers as they are not bound by Ethical hacking Policies. However, they do not have malicious intent like Black Hat Hackers.</p><h1 id="8dbd">What is Ethical Hacking</h1><figure id="b6af"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/1*rZp0fyrfDUYCnEog5ooMwA.jpeg"><figcaption>Image Source: <a href="https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcSP4pa9sPo-yjGu7aKxMRWmma0SaOH9BmzVAEtdNZSO8Q&amp;s">https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcSP4pa9sPo-yjGu7aKxMRWmma0SaOH9BmzVAEtdNZSO8Q&amp;s</a></figcaption></figure><p id="0115"><b>Ethical Hacking</b> also called <b>White Hat Hacking</b>, involves authorized personnel who are experts in Cyber Security. They will understand the entire digital landscape of the organization and attempt to simulate cyber attacks on systems, applications, networks, etc. They use various techniques, tools, and methodologies to prevent the system from potential attacks.</p><h1 id="798b">VAPT — Vulnerability Assessment and Penetration Testing</h1><p id="f06c"><b>Security Testing</b> is one of the major roles and responsibilities of an Ethical Hacker in organizations. Though there are many types of Security Testing, the most commonly and widely used testing mechanism is <b>VAPT</b> which stands for <b>Vulnerability Assessment and Penetration Testing. </b>It<b> </b>is a technique to protect an organization against external and internal threats by identifying security threats using various tools and techniques.</p><h2 id="f332">Stages in Penetration Testing</h2><figure id="5bc5"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/1*4JAaCm_o1g1spXnSXrmiMA.png"><figcaption>Image Source: <a href="https://successive.cloud/wp-content/uploads/2022/09/penetration-testing-stages-768x403.png">https://successive.cloud/wp-content/uploads/2022/09/penetration-testing-stages-768x403.png</a></figcaption></figure><ol><li><b>Planning and Reconnaissance</b>: The first stage of the Pen Test involves identifying goals and the scope. It also includes understanding the system and collecting data to understand the vulnerabilities.</li><li><b>Scanning</b>: This step works on identifying the vulnerability of the systems using two ways namely —<b>DAST and SAST</b> which will be take a look in the next section.</li><li><b>Gaining Access</b>: This step involves using web application attacks to simulate vulnerabilities like cross-site scripting(XSS), SQL injection, etc, and assess the damage.</li><li><b>Maintaining Access</b>: To replicate real-world scenarios, Penetration Testers will try to maintain the system access for a long time using some backdoor entries and see how

Options

a hacker can exploit it. Persistent threats stay in the system for months and this step works to overcome such situations.</li><li><b>Analysis</b>: A report has to be prepared and provided to the security team and it includes specific vulnerabilities, sensitive data access, access duration, and a few recommendations. Based on the reported issues, follow-up action will be taken to prevent the system.</li></ol><p id="bedc">Penetration Testing is generally recommended whenever there is a new application added or if the infrastructure is modified.</p><h1 id="2c7c">Scanning in Penetration Testing — DAST and SAST</h1><p id="fac0">We saw in Stage 3 about DAST and SAST. Now let's look at this in detail</p><h2 id="39c0">DAST — Dynamic Application Security Testing</h2><p id="639e"><b>Dynamic analysis</b> sees the application’s code in a running state to get a real-time perspective and various tools are used to perform the Dynamic scan. <b>DAST</b> is also called <b>Black Box testing</b> as there is no visibility on the source code for the Penetration Tester. Some common tools used for DAST are listed below</p><figure id="506c"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/1*QFlEenmRYdLLco5XncOITA.jpeg"><figcaption>Image Source: <a href="https://www.appsecsanta.com/wp-content/uploads/2021/12/DAST-tools2-1-767x493.png">https://www.appsecsanta.com/wp-content/uploads/2021/12/DAST-tools2-1-767x493.png</a></figcaption></figure><p id="a494"><b>Advantages of DAST</b></p><ul><li><i>Real World Simulation</i></li><li><i>Comprehensive Coverage</i></li><li><i>Effective for Web Applications</i></li><li><i>External Perspective of a Hacker</i></li></ul><h2 id="893b">SAST — Static Application Security Testing</h2><p id="7072"><b>Static Analysis</b> involves identifying the vulnerabilities in the source code. <b>SAST</b> is performed in the SDLC cycle of Software Development and hence the vulnerabilities can be identified even before the application is released. It is also called<b> White Box texting </b>as there is visibility on the source code for the Penetration Tester. There are various tools to perform Static Code Analysis as follows</p><figure id="a241"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/1*VuNS8vgMEbXOP2pF7AwAlA.png"><figcaption>Image Source: <a href="https://expertinsights.com/insights/wp-content/uploads/2023/09/The-Top-10-Static-Application-Security-Testing-SAST-Tools-.001.png">https://expertinsights.com/insights/wp-content/uploads/2023/09/The-Top-10-Static-Application-Security-Testing-SAST-Tools-.001.png</a></figcaption></figure><p id="9a35"><b>Advantages of SAST</b></p><ul><li><i>Early detection of vulnerability</i></li><li><i>Complete Code Analysis</i></li><li><i>Integration into SDLC</i></li><li><i>Reduced False Positives when compared to Dynamic Testing</i></li></ul><h1 id="8ad3">Comparison between Ethical Hacking and Penetration Testing</h1><p id="a1bc">Having seen Ethical Hacking and Penetration Testing in detail, the following table will give a clear idea of the differences between them.</p><figure id="47e8"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/1*TI9g4SIT0Cn3LCFDxy0qXw.png"><figcaption></figcaption></figure><h1 id="728b">Summary</h1><p id="2a56">In this article, we saw about <b>CyberSecurity</b> and different types of Cyber attacks. We then looked at <b>Hacking</b> and its different types. Later we did a deep dive into <b>Ethical Hacking and VAPT (Vulnerability Assessment and Penetration Testing)</b>. We then looked into various techniques used in Penetration Testing like <b>DAST, SAST</b>, etc. We have concluded the article by looking at the differences between <b>Ethical Hacking and Penetration Testing</b>.</p><p id="856e">Hope you liked this article and thanks for reading this!!!</p><div id="a8a9"><pre><span class="hljs-keyword">If</span> you <span class="hljs-built_in">like</span> <span class="hljs-keyword">to</span> <span class="hljs-keyword">get</span> more updates <span class="hljs-keyword">from</span> <span class="hljs-keyword">me</span>, please follow <span class="hljs-keyword">me</span> <span class="hljs-keyword">on</span> Medium <span class="hljs-built_in">and</span> subscribe <span class="hljs-keyword">to</span> the email alerts.</pre></div></article></body>

CyberSecurity, Ethical Hacking, and Penetration Testing — Everything you need to know

Hello everyone. Wish you all a Happy 2024. In this article, we are going to see what is CyberSecurity and different types of Cyber Attacks. We will then look at Hacking and its different types. Later we will dive into Ethical Hacking and VAPT (Vulnerability Assessment and Penetration Testing). We will look into various techniques used in Penetration Testing like DAST, SAST, etc. We will conclude the article by looking at the differences between Ethical Hacking and Penetration Testing. Let's get started.

Image Source: https://www.techopedia.com/wp-content/uploads/2023/02/dreamstime_m_123641233-1.jpg

What is CyberSecurity?

Image Source: https://media.licdn.com/dms/image/D5612AQE0r5WC8r0HQg/article-cover_image-shrink_720_1280/0/1657711469335?e=2147483647&v=beta&t=y46kqfqImgi-IbshBGRs3lMz1HCTBvL8RjFAILShitg

Cyber Security is the practice of safeguarding computer systems, networks, and data from unauthorized persons or bots to ensure the reliability and security of digital systems. It comprises various Technologies, Tools, Controls, and Processes to prevent systems, networks, programs, devices, and data from Cyber Attacks done by Cyber Criminals or Hackers.

CIA Triad

The CIA triad is a common model that forms the basis for the development of security systems.

Image Source: https://media.licdn.com/dms/image/D5612AQE0XhZvyDdeeQ/article-cover_image-shrink_600_2000/0/1675657882603?e=2147483647&v=beta&t=nQVJ3EBswHUKneHUsCqZGrDAJiH8Gc1w81_tYEAgDZg
  1. Confidentiality: To ensure that sensitive information is always protected from unauthorized access.
  2. Integrity: To ensure that information is accurate, trustworthy, and not corrupted
  3. Availability: Ensuring that the network/system is available to users always and everything is maintained safely

Types of CyberAttacks

There are various types of Cyber Attacks and some of the common ones are listed below. Even though new types of attacks are increasing, the old types of attacks like DDoS and Ransomware are still used by hackers to exploit the systems.

Image Source: https://assets-global.website-files.com/5ff66329429d880392f6cba2/622b1df712adfa4ebff027a5_types%20of%20cyber%20attack.jpg

With the advent of IOT devices and their increased usage, IOT-based Attacks are increasing now.

Types of CyberSecurity

To mitigate the risk of different types of Cyber Attacks, there are different types of Cyber Security as follows. Cyber Security is not just about preventing an application or a network but about protecting the entire digital landscape like Endpoints, Cloud, IoT, Application, Network, and also the information.

Image Source: https://eduinput.com/wp-content/uploads/2023/03/image-of-types-of-cyber-security.jpg

What is Hacking?

The act of compromising digital landscapes through unauthorized access is generally referred to as Hacking. Hacking may not be malicious always but it is highly associated with Cyber Crime and the persons who hack the systems are called Hackers or Cyber Criminals.

Image Source: https://dicc.in/blog/wp-content/uploads/2021/08/types-of-hackers-min.jpg

There are 3 types of Hackers as shown above

Black Hat: They are the illegal hackers / Cyber Criminals who have bad intentions to hack the systems by making use of existing Cyber Attacks or by introducing a new type of attack

White Hat: White hat hackers are cyber security experts been given permission or certification to hack the systems. By doing so, they will explore the vulnerability in the system and they will be of good help to governments and organizations

Grey Hat: They are a mix of both Black and White Hat hackers. They might find vulnerabilities in the system without the permission of the organization and some organizations would disregard the Grey Hat hackers as they are not bound by Ethical hacking Policies. However, they do not have malicious intent like Black Hat Hackers.

What is Ethical Hacking

Image Source: https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcSP4pa9sPo-yjGu7aKxMRWmma0SaOH9BmzVAEtdNZSO8Q&s

Ethical Hacking also called White Hat Hacking, involves authorized personnel who are experts in Cyber Security. They will understand the entire digital landscape of the organization and attempt to simulate cyber attacks on systems, applications, networks, etc. They use various techniques, tools, and methodologies to prevent the system from potential attacks.

VAPT — Vulnerability Assessment and Penetration Testing

Security Testing is one of the major roles and responsibilities of an Ethical Hacker in organizations. Though there are many types of Security Testing, the most commonly and widely used testing mechanism is VAPT which stands for Vulnerability Assessment and Penetration Testing. It is a technique to protect an organization against external and internal threats by identifying security threats using various tools and techniques.

Stages in Penetration Testing

Image Source: https://successive.cloud/wp-content/uploads/2022/09/penetration-testing-stages-768x403.png
  1. Planning and Reconnaissance: The first stage of the Pen Test involves identifying goals and the scope. It also includes understanding the system and collecting data to understand the vulnerabilities.
  2. Scanning: This step works on identifying the vulnerability of the systems using two ways namely —DAST and SAST which will be take a look in the next section.
  3. Gaining Access: This step involves using web application attacks to simulate vulnerabilities like cross-site scripting(XSS), SQL injection, etc, and assess the damage.
  4. Maintaining Access: To replicate real-world scenarios, Penetration Testers will try to maintain the system access for a long time using some backdoor entries and see how a hacker can exploit it. Persistent threats stay in the system for months and this step works to overcome such situations.
  5. Analysis: A report has to be prepared and provided to the security team and it includes specific vulnerabilities, sensitive data access, access duration, and a few recommendations. Based on the reported issues, follow-up action will be taken to prevent the system.

Penetration Testing is generally recommended whenever there is a new application added or if the infrastructure is modified.

Scanning in Penetration Testing — DAST and SAST

We saw in Stage 3 about DAST and SAST. Now let's look at this in detail

DAST — Dynamic Application Security Testing

Dynamic analysis sees the application’s code in a running state to get a real-time perspective and various tools are used to perform the Dynamic scan. DAST is also called Black Box testing as there is no visibility on the source code for the Penetration Tester. Some common tools used for DAST are listed below

Image Source: https://www.appsecsanta.com/wp-content/uploads/2021/12/DAST-tools2-1-767x493.png

Advantages of DAST

  • Real World Simulation
  • Comprehensive Coverage
  • Effective for Web Applications
  • External Perspective of a Hacker

SAST — Static Application Security Testing

Static Analysis involves identifying the vulnerabilities in the source code. SAST is performed in the SDLC cycle of Software Development and hence the vulnerabilities can be identified even before the application is released. It is also called White Box texting as there is visibility on the source code for the Penetration Tester. There are various tools to perform Static Code Analysis as follows

Image Source: https://expertinsights.com/insights/wp-content/uploads/2023/09/The-Top-10-Static-Application-Security-Testing-SAST-Tools-.001.png

Advantages of SAST

  • Early detection of vulnerability
  • Complete Code Analysis
  • Integration into SDLC
  • Reduced False Positives when compared to Dynamic Testing

Comparison between Ethical Hacking and Penetration Testing

Having seen Ethical Hacking and Penetration Testing in detail, the following table will give a clear idea of the differences between them.

Summary

In this article, we saw about CyberSecurity and different types of Cyber attacks. We then looked at Hacking and its different types. Later we did a deep dive into Ethical Hacking and VAPT (Vulnerability Assessment and Penetration Testing). We then looked into various techniques used in Penetration Testing like DAST, SAST, etc. We have concluded the article by looking at the differences between Ethical Hacking and Penetration Testing.

Hope you liked this article and thanks for reading this!!!

If you like to get more updates from me, 
please follow me on Medium and subscribe to the email alerts.
Cybersecurity
Technology
Ethical Hacking
Hacking
Penetration Testing
Recommended from ReadMedium