Making the wrong choices in your security testing can wreak havoc on your work, possibly even your career. In this chapter, I discuss ten potential pitfalls to be keenly aware of when performing your security assessment work.

Not Getting Prior Approval

Getting documented approval in advance, such as an e-mail, an internal memo, or a formal contract for your ethical hacking efforts — whether it’s from management or from your client — is an absolute must. It’s your “Get Out of Jail Free” card.

Allow no exceptions here — especially when you’re doing work for clients: Make sure you get a signed copy of this document for your files to make sure you’re protected.

Assuming You Can Find All Vulnerabilities During Your Tests

So many security vulnerabilities exist — known and unknown — that you won’t find them all during your testing. Don’t make any guarantees that you’ll find all the security vulnerabilities in a system. You’ll be starting something that you can’t finish.

Stick to the following tenets:

• Be realistic.
• Use good tools.
• Get to know your systems and practice honing your techniques.

I cover each of these in various depths in Chapters 5 through 16.

Assuming You Can Eliminate All Security Vulnerabilities

When it comes to networks, computers, and applications, 100 percent, ironclad security is not attainable. You can’t possibly prevent all security ...