Chapter 21
Ten Deadly Mistakes
Several deadly mistakes can wreak havoc on your ethical hacking outcomes and even your career. In this chapter, I discuss the potential pitfalls to be keenly aware of.
Not Getting Prior Approval
Getting documented approval in advance, such as an e-mail, an internal memo, or a formal contract for your ethical hacking efforts — whether it’s from management or from your client — is an absolute must. It’s your Get Out of Jail Free card.
Allow no exceptions here — especially when you’re doing work for clients: Make sure you get a signed copy of this document for your files and for your lawyer.
Assuming That You Can Find All Vulnerabilities during Your Tests
So many security vulnerabilities exist — known and unknown — that you won’t find them all during your testing. Don’t make any guarantees that you’ll find all the security vulnerabilities in a system. You’ll be starting something that you can’t finish.
If you did well studying probability and statistics in high school or college, you may consider putting together some confidence intervals to show what you truly expect to find.
Stick to the following tenets:
Be realistic.
Use good tools.
Get to know ...
Get Hacking For Dummies, 4th Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
