Chapter 21. Ten Deadly Mistakes
Several deadly mistakes â when properly executed, of course â can wreak havoc on your ethical hacking outcomes and even your career. In this chapter, I discuss the potential pitfalls to be keenly aware of.
Not Getting Prior Approval in Writing
Getting documented approval, such as an e-mail, an internal memo, or a formal contract for your ethical hacking efforts â whether it's from management or your client â is an absolute must. It's your Get Out of Jail Free card.
Obtain documented approval that includes the following:
Your plan, your schedule, and the systems to test.
An authorized decision-maker's signature agreeing to the terms of your plan and agreeing not to hold you liable for malicious use or other bad things that can happen unintentionally.
Warning
No exceptions here â especially when you're doing work for clients: Make sure you get a signed copy of this document for your files.
Assuming That You Can Find All Vulnerabilities during Your Tests
So many security vulnerabilities exist â known and unknown â that you won't find them all during your testing. Don't make any guarantees that you'll find all the security vulnerabilities in a system. You'll be starting something that you can't finish.
Stick to the following tenets:
Be realistic.
Use good tools.
Get to know your systems and practice honing your techniques.
Assuming That You Can Eliminate All Security Vulnerabilities
When it comes to computers, maintaining 100 percent, ironclad security ...
Get Hacking For Dummies® 3rd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
