Chapter 20. Ten Deadly Mistakes
In This Chapter
Not obtaining written approval
Assuming that you can find and fix everything
Testing only once
Having bad timing
Several deadly mistakes â when properly executed, of course â can wreak havoc on your ethical hacking outcomes and even your career. In this chapter, I discuss the potential pitfalls that you need to be keenly aware of.
Not Getting Prior Approval in Writing
Getting documented approval for your ethical hacking efforts â whether it's from upper management or from your client â is an absolute must. It's your "Get Out of Jail Free" card.
Obtain documented approval that includes the following:
Your plan, your schedule, and the systems being tested.
An authorized decision-maker's signature agreeing to the terms of your plan and agreeing not to hold you liable for malicious use or other bad things that can happen unintentionally.
Warning
No exceptions here! And make sure you get a signed copy of this document for your files.
Assuming that You Can Find All Vulnerabilities during Your Tests
So many security vulnerabilities exist â some known and just as many or more unknown â that you won't be able to find them all during your testing. Don't make any guarantees that you'll find all the security vulnerabilities in a system. You'll be starting something that you can't finish.
Stick to the following tenets:
Be realistic.
Use good tools.
Get to know your systems and practice honing your techniques.
Assuming That You Can Eliminate All Security ...
Get Hacking For Dummies®, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.