By sunny sundeep

JNTUK, university college of engineering

Abstract.

What is hacking and ethical hacking.

Why do we need ethical hacking.

Types of hackers.

Types of attacking.

Ethical hacking- commandments

The explosive growth of the Internet has brought many good things such as E-commerce-banking, E-mail, Cloud Computing, but there is also a Dark side such as Hacking, Backdoors etc. Hacking is the first big problem faced by Governments, companies, and private citizens around the world , Hacking includes reading others e-mail, steal their credit card number from an on-line shopping site, secretly transmitting secrets to the open Internet. An Ethical Hacker can help the people who are suffered by this Hackings. This Paper Describes about Ethical Hackers, Their Skills, Their Attitudes, and How They Go About Helping Their Customers Find and Plug up Security Holes.

The state of security on the Internet is bad and becoming worse. One reaction to this state of affairs is a behavior termed "Ethical Hacking" which attempts to proactively increase security protection by identifying and patching known security vulnerabilities on systems owned by other parties. Ethical hackers may beta test unreleased software, stress test released software, and scan networks of computers for vulnerabilities. Previous work has emphasized ethical hacking as an altruistic behavior but we find ethical hackers act rationally, in self-interest, to secure systems that are within their own community (sometimes for pay)-networked systems are only as secure as the weakest system within perimeter defenses.

What is Hacking ???

Hacking is unauthorized use of computer and network resources. (The term "hacker"

originally meant a very gifted programmer. In recent years though, with easier access

to multiple systems, it now has negative implications

What is Ethical Hacking ??

Ethical hacking – defined “methodology adopted by ethical hackers to discover the

harmed existing in information systems’ of operating environments.”

In their search for a way to approach the problem,organizations came to realize that one

of the best ways to evaluate the unwanted threat to their interests would be to have

independent computer security professionals attempt to break into their computer

systems

Why – Ethical Hacking

Source: CERT/CCTotal Number of Incidents Incidents

Protection from possible External Attacks

Viruses, Trojan Horses,

and Worms

SocialEngineering

AutomatedAttacks

Accidental Breaches in

Security Denial ofService (DoS)

OrganizationalAttacks

RestrictedData

There are two types of hackers

White hackers

Black hackers

Web File Query Browser Page Caching Cookies and URLs SQL injection

Cross Site Scripting attacks

Web File Query

A hacker tests for HTTP (80) or HTTPS (443)

Does a “View Source” on HTML file to detect directory hierarchy

Can view sensitive information left by system administrators or programmers

Database passwords in /include files6

Browser Page Caching

Be aware of differences between browsers!

Pages with sensitive data should not be cached: page content is easily accessed using browser’s history

Cookies and URLs

Sensitive data in cookies and URLs

Issues that arise are:

Information is stored on a local computer (as files or in the browser’s history) Unencrypted data can be intercepted on the network and/or logged into unprotected web log files

SQL Injection Attacks

SQL injection is a security vulnerability that occurs in the database layer of an application. Its source is the incorrect escaping of dynamically-generated string literals embedded in SQL statements.

Cross-Site Scripting (XSS) Attacks

Malicious code can secretly gather sensitive data from user while using authentic website (login, password, cookie)

Working Ethically

Trustworthiness

Misuse for personal gain

Respecting Privacy

• Not Crashing the Systems