Ethical hacking (or penetration testing) is the exploitation of an IT system with the permission of its owner to determine its vulnerabilities and weak points. It is an effective way of testing and validating an organisation’s cyber security position. The results of ethical hacking are typically used to recommend preventive and corrective countermeasures that mitigate the risk of a cyber attack.
Protecting systems and networks requires a broad understanding of attack strategies and in-depth knowledge of criminal hackers’ tactics, tools and motivations. Effective ethical hacking is based on knowledge of the system network, equipment, user interaction, policies, procedures, physical security and business culture. The rise of social engineering attacks demands that every tester is also aware of the organisation and habits of its IT users (staff).