ETHICAL HACKING AND WEB

APPLICATION PENETRATION
TESTING

SUBMITTED BY
SURAJ SINGH
 Introduction
 What is Ethical Hacking
 Who are Hackers
 Types of Hackers
 Process of Hacking
 Ethical Hacking – Process
 Foot Printing
 Scanning
 Gaining Access
 Maintaining Access
 Why do you need Ethical Hacking
Ethical hacking also known as penetration
testing or white-hat hacking, involves the same
tools, tricks, and techniques that hackers use ,
but with one major difference that Ethical
hacking is legal.
 A person who enjoys learning details of a
programming language or system.

o Hacker –
 The person who hacks

o Cracker –
 System intruder/destroyer
BLACK HAT HACKERS
A black hat hackers use their knowledge and skill for their own
personal gains probably by hurting others.

WHITE HAT HACKERS

White hat hackers are those individuals professing hacker skills
and using them for defensive purposes.

GRAY HAT HACKER

These are individuals who work both offensively and defensively
at various times.
 Footprinting is the technique used for gathering
information about computer systems and the
entities they belong to.

• TOOLS
 WhoIs Lookup
 NS Lookup
 IP Lookup
 Scanning is the procedure of identifying active
hosts, ports and the services used by the target
application.

 TOOLS
 Port scanning
 Network Scanning
 Fire walking
 The process of extracting user names, machine
names, network resources, shares and services
from a system.

 TOOLS
 John the Ripper
 Metasploit
 Nmap
 Gaining Access is the process where hacker can
grant the access without owner permission

 TOOLS
 Password Attacks
 Social Engineering
 Viruses
 Hacker may just hack the system to show it was
vulnerable or he can be so mischievous that he
wants to maintain or persist the connection in the
background without the knowledge of the user.

 TOOLS
 Os BackDoors
 Trojans
 Microsoft: skills in operation, configuration and
management.

 Linux: knowledge of Linux/Unix; security

setting, configuration, and services.

 Firewalls: configurations, and operation of

intrusion detection systems.