Week 11: Ethical Hacking, Being a Hacker for Good

The article I read this week was talking about Ethical hacking, which is also called by its second name white hat hacking. Ethical hacking is all about thinking like a criminal hacker, meaning you are allowed to go on the offensive, but with permission, with the goal of helping organizations. They go into the infrastructure of the organization and they find and fix security holes before the bad guys can abuse them. These professionals probe systems, networks, and even applications, and they use hacking techniques that criminal hackers use to find vulnerabilities. After which they discover these vulnerabilities, they report them back to the organization along with defenses the organization can take to improve its defense. Unlike black or grey hats, ethical hackers operate and hack a system with good intentions and that is with full consent as well. They test the system and see what places need to be improved, they don't trash it.

Source:

EC-Council. “What Is Ethical Hacking.” Cybersecurity Exchange, 9 July 2025, www.eccouncil.org/cybersecurity-exchange/ethical-hacking/what-is-ethical-hacking/.



Comments

Post a Comment

Popular posts from this blog

Week 1: Enhancing Security with Multi-Factor Authentication (MFA)

 Multi-Factor Authentication which is also known as MFA, is a security process that requires users to verify their identity using two or more factors. As explained by the article I read this week, OneLogin explains factors as something they know such as a password, something they have which could be a smartphone. It can also be a security token or something they are, which can be a person's face or fingerprint. The way Multi-Factor Authentication works is in layers, and since it works in such a layered approach, it makes it significantly harder for attackers to gain unauthorized access. Even if one factor is compromised by attackers, as long as the other ones hold up attackers will not have access. As cybersecurity threats continue to grow, MFA stands in front of it as a simple yet powerful counter to enhance digital protection. It is best for all if not most companies to adopt Multi-Factor Authentication, as not only is it simple to implement, but it will help companies and busine...
Read more

Week 2: Defending Against Phishing Attacks

 Phishing attacks to this day remain as a great threat in the cybersecurity world, it often exploits human vulnerabilities in order to gain unauthorized access to sensitive data. The article I read today, NCSC, outlines a comprehensive, multi layered defensive strategy that companies and corporations can implement to reduce such risks The approach discussed includes implementing anti-spoofing controls in order to prevent attackers from impersonating legitimate email addresses. While also educating users to recognize and report any suspicious email they may come across. The NCSC also recommends deploying technical measures such as filtering or blocking incoming phishing attempts. Ensuring that everyone is made aware of the necessity for incident response planning, making all the individuals in the company capable of acting quickly if any breaches are likely to occur. If the layers were to be enforced within an organization, then they would be capable of significantly enhancing their...
Read more

Week 6: How Cloud Security Keeps Our Stuff Safe

 We see, as we browse online, how everything companies and individuals do involves the cloud. That is from saving photos to running entire businesses on the cloud. The question is, how safe is the cloud really? We see many people using it, are they right to trust their apps and businesses to cloud security? To answer this question, I read an article by CrowdStrike, which talks about how cloud security is all about protecting data, apps, and servers that live on the internet instead of on your local computer. Cloud providers have strong protections that were made for users, but security will always be a shared job between the provider and the user. Leaving storage open to the public and weak access controls are something that comes from the user, and the provider cannot do much if that's how attackers access the Cloud. However, tools like encryption, multi-factor authentication, and constant monitoring all work together in order to ensure that cloud environments are secure. It goes ...
Read more