can you plz provide me the tools for ethical hacking.
Need a latest tools in ethical hacking and I need a complete information based on new technology on ethical hacking
Posts: 8,059
Threads: 1
Joined: Mar 2014
tools for ethical hacking
What Is ethical hacking?
Computer hacking is a practice with many nuances. Intent, whether benign or malicious, is often in the eyes of the beholder. When examining the root cause of a website hack or application exploit, it pays to follow the money. A hacker will be motivated by whomever or whatever is sponsoring his or her actions. The computer security industry coined the term “ethical hacking” to describe a hacker who benevolently attacks a network or other security system – whether private or public – on behalf of its owners. Ethical hackers are also called white hat hackers, as distinguished from the black-hatted bad guys.
One grey area in ethical hacking is hacktivism, where the hacker detects and reports (but sometimes exploits) security vulnerabilities as a form of social activism. In these cases, the motivation isn’t money, but rather to call attention to an issue or injustice the hacker believes merits social change. However, the victim of the hack may not be so receptive to this message. Ethical hacking should always be undertaken with the express advance consent of the targeted organisation – as many black hat hackers claim to be ethical hackers when caught.
Why use ethical hacking?
Why pay someone to hack into your own application or website? To expose its vulnerabilities. Any law enforcement officer will tell you that to prevent crime, you should think like a criminal. To test a security system, ethical hackers use the same methods as their malicious brethren, but report problems uncovered to their client instead of taking advantage of them. Ethical hacking is commonplace in the Federal Government, where the practice initiated in the 1970s, and many large companies today employ white hat teams within their information security practice. Other online and internet slang terms for ethical hackers include “sneakers,” red teams and tiger teams. Computer programmers can even learn ethical hacking techniques from a variety of certification authorities.
In the world of application security, online ethical hacking takes the form of penetration testing. “Pen tests” are performed in as realistic scenarios as possible to ensure that the results accurately mimic what an intruder could potentially achieve. Manual application testing employs human experts – ethical hackers – who attempt to compromise the app and report what they find. Typically, a variety of tests are performed, from simple information-gathering exercises to outright attacks that would cause damage if actualised. A full blown ethical hack might even include social engineering techniques such as emailing staff to dupe them into revealing passwords and other account details.
Veracode and ethical hacking: automated tools to expose vulnerabilities
Penetration testing exposes software coding errors and other vulnerabilities that threaten critical data, user accounts and other application functionality. Not all pen tests are performed manually, however. Ethical hackers may employ automated tools such as static analysis and dynamic analysis. Veracode performs both dynamic and static code analysis and finds security vulnerabilities such as malicious code or insufficient encryption that may lead to security breaches. Using Veracode, penetration testers and other ethical hackers can spend more time prioritising and remediating problems and less time finding them.
Ethical Hacker's Guide to Tools and Resources
Stay up-to-date with the latest and greatest ethical hacking tools and resources. Finesse your ethical hacking skills by visiting these sites for security, tools, resources, and more.
Bluetooth
BlueScanner
Bluesnarfer
BlueSniper Rifle
Blooover
Bluejacking community site
BTScanner for XP
Car Whisperer
Detailed presentation on the various Bluetooth attacks
NIST Special Publication 800-48
Smurf
Certifications
Certified Ethical Hacker
Certified Information Security Manager
Certified Information Systems Security Professional
Certified Wireless Security Professional
CompTIA Security+
SANS GIAC
Databases
Advanced Access Password Recovery
Advanced SQL Password Recovery
AppDetectivePro
Elcomsoft Distributed Password Recovery
Microsoft SQL Server Management Studio Express