Skip to main content

How do White Hat Hackers Hack a System?

By Sai Rohith Karanam

 

Who are White Hat Hackers: 

White hat hackers are legal security professionals who work for protecting organizations from cyber threats.

Remember, the only difference between black hat hackers and white hat hackers is the intention behind the hack. Both hack the computer systems, but white hat hackers hack for protecting the organization from cyber threats whereas black hat hackers hack for their own benefit illegally.

In the previous post, we have discussed how do black hat hackers hack a system. If you haven't seen it yet, I suggest you read that before reading this.
How do Black Hat Hackers Hack a System?

Now lets finally get into our topic - How do White Hat Hackers Hack a System?

Step-1: Legal Documentation

White hat hackers make sure they sign Memorandum of Understanding (MOU), which is a document that describes the testing activity and the steps that will be taken, on a legal paper. 
Along with MOU, there is another document called the Non-Disclosure Agreement (NDA), which is signed by both the parties (White hats and Organization). NDA is proof that white hat hackers will not disclose any details of the activity, cost and vulnerabilities of the organization to third parties.
Finally, A Financial Agreement is made which puts the cost to perform the activity on a legal paper.

Step-2: Scope Assessment

White hat hackers and the organizational client decides the scope of the audit and also the time required for the audit.
For example, if the client has a website, white hat hackers discuss which part of the website is to be tested (Scope) and the time required to perform the activity.

Step-3: Information Assessment

White hat hackers gather the information from the client and from various data mining tools like Maltego etc.
For example, if a part of the website is to be tested, then they collect information like on which server the website is running, alternate domain addresses for the website etc.

Step-4: Vulnerability Assessment

After gathering the required information in Step-2, white hat hackers scan for vulnerabilities from the gained information using manual and automated tools.
All the vulnerabilities found during this process will be documented in a clear and precise way.

Step-5: Penetration Testing and Gaining Access

After finding the vulnerabilities, the white hat hacker performs malicious activities implicitly to check the level of system compromise and documents every detail of the activity and writes Proof of Concept (POC).

Step-6: Report Generation

Now after completing the penetration testing of the system, a clear report is been made with vulnerabilities found, their impact on the organization and measures to be taken to avoid exploiting those vulnerabilities.

Step-7: Patch Assistance

After showing the report of vulnerabilities and their impact on the organization, the client decides which vulnerability should be patched and which should leave behind depending on the cost and effort to patch. Now the developer starts patching.

Step-8: Revalidation

After the developer patches the vulnerabilities, white hat hackers revalidate the system if it's been properly patched.

Now after reading the two posts, you've known the difference between black hat hackers and white hat hackers and the procedure followed by black hat hackers and white hat hackers to hack a system.

Comments

Post a Comment

Popular posts from this blog

First post!

By Sai Rohith Karanam
Hello World, My name is Sai Rohith Karanam, currently pursuing BTech Computer Science Engineering at Lovely Professional University, Punjab. I am a tyro in writing blogs. I'm just exploring a new field in my life. Actually, I would like to share something that happened before writing this blog. From the past 5 days, I was constantly trying to write a blog and was searching like hell all over the internet. All the questions in my mind like, where to publish my blog? what to write in my blog? These type of questions kept flashing through my mind honestly till today afternoon. I then saw some videos of "how to own a domain name and buy web hosting for a cheaper price", the cheaper price I finally got is 6000 INR, but I don't want to take a risk by affording money as I am still a novice. If at all I want to afford the money, let me gain a little bit of experience by writing here and then afford it later. Then, all of a sudden, an idea flashed through my mind and s...
1 comment
Read more

10 lessons I have learnt in 2020...

By Sai Rohith Karanam
2020 is a year of shocks, surprises, learnings and a lot of introspection for me. I know with the arise of corona pandemic, many people have lost their lives, lost their jobs, lost their own families but still, there are a lot of things we need to be grateful for. For example, at this moment, you are alive, you are reading this, your senses are working properly and above all, your health is perfectly alright in spite of the pandemic.  Now tell me, how many good things are there that we need to be grateful for amidst of corona chaos? Every year is an experience we gain for the future, experience from the mistakes that we've done, experience from the way we have responded in a particular situation and experience from our self-fulfilling prophecies. So like everyone else, this year has really taught me some valuable lessons which I believe are the first step to achieving my goals. So I thought, why not share my experience of this year with people so that they may learn something out o...
2 comments
Read more

Purpose in Life vs Purpose of Life

By Sai Rohith Karanam
A gentle disclaimer, This post is only written on the basis of my thoughts and perspectives. It is not intended to hurt anyone's beliefs and traditions. Okay, let's start. We study at prestigious universities, we get the highest paying jobs, we get lots of money which is well enough to buy every single thing for our own comfort, our parents will be very proud of everything we have achieved and a lot more praise from the society. Are these enough for your life to be successful? If you said no, you're on the right path. But if you said yes, Think again! Today we are in the year 2020, let's move a 1000 years back. Because you were born in the 20th or 21st century, you are struggling to become a doctor or an IT professional. What if you were born 1000 years ago? Well, you might opt fishing as your career, right? What did this symbolise?  Our purpose in life, which means it is the purpose which we should fulfil to make a living for our life keeps on varying.  Today, you are ...
6 comments
Read more