Chapter 21

Ten Deadly Mistakes

Several deadly mistakes can wreak havoc on your ethical hacking outcomes and even your career. In this chapter, I discuss the potential pitfalls to be keenly aware of.

Not Getting Prior Approval

Getting documented approval in advance, such as an e-mail, an internal memo, or a formal contract for your ethical hacking efforts — whether it’s from management or from your client — is an absolute must. It’s your Get Out of Jail Free card.

warning_bomb.eps Allow no exceptions here — especially when you’re doing work for clients: Make sure you get a signed copy of this document for your files and for your lawyer.

Assuming That You Can Find All Vulnerabilities during Your Tests

So many security vulnerabilities exist — known and unknown — that you won’t find them all during your testing. Don’t make any guarantees that you’ll find all the security vulnerabilities in a system. You’ll be starting something that you can’t finish.

tip.eps If you did well studying probability and statistics in high school or college, you may consider putting together some confidence intervals to show what you truly expect to find.

Stick to the following tenets:

check.png Be realistic.

Use good tools.

Get to know ...

Get Hacking For Dummies, 4th Edition now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.