Several deadly mistakes — when properly executed, of course — can wreak havoc on your ethical hacking outcomes and even your career. In this chapter, I discuss the potential pitfalls to be keenly aware of.
Getting documented approval, such as an e-mail, an internal memo, or a formal contract for your ethical hacking efforts — whether it's from management or your client — is an absolute must. It's your Get Out of Jail Free card.
Obtain documented approval that includes the following:
Your plan, your schedule, and the systems to test.
An authorized decision-maker's signature agreeing to the terms of your plan and agreeing not to hold you liable for malicious use or other bad things that can happen unintentionally.
No exceptions here — especially when you're doing work for clients: Make sure you get a signed copy of this document for your files.
So many security vulnerabilities exist — known and unknown — that you won't find them all during your testing. Don't make any guarantees that you'll find all the security vulnerabilities in a system. You'll be starting something that you can't finish.
Stick to the following tenets:
Use good tools.
Get to know your systems and practice honing your techniques.
When it comes to computers, maintaining 100 percent, ironclad security is not attainable. ...