Contents

Foreword

About the Author

Chapter 1 : What is Ethical Hacking? Chapter 2 : Finding Informations 2.2 WHOIS

Access information at www.internic.net/whois.html Access information at www.whois.net

Installing and Accessing Information from SAM... 2.3 Nslookup

2.4 ARIN 2.5 Neo Trace 2.6 VisualRoute

Chapter 3 : Identifying Weakness 3.2 NMAP

3.3 NetScan 3.4 Webcruiser 3.5 GFI LandGuard

3.6 What is Wireshark and Ethereal? Chapter 4 : Performing Attacks 4.2 Denial of Service

4.3 Password Cracking

4.4 Perform Phishing Attacks 4.7 Buffer Overflow

Chapter 5 : Ethical Hackers Important Tasks 5.1 Incident Forms

Foreword

This book is written based on practical usage and research on computer security and networks. Basically everyone has strong concern about computer security networks where by it can sabotage the business and operations. It will be worse if the entire business operations are running on the website or web hosting company.

This book covers practical approach on software tools for ethical hacking. Some of the software tools covered are SQL Injection, Password Cracking, port scanning, packet sniffing and etc. Performing ethical hacking requires certain steps and procedures to be followed properly. A good ethical hacker will find information, identify weakness and finally perform some attacks on the target machine. Then the most crucial part would be to produce a good security audit report for the clients to understand their computer

network conditions.

This book also explains and demonstrates step by step most of the

About The Author

Mr Elaiya Iswera Lallan has been in the IT Industry for the past 12 years. He is the Managing Director of Blue Micro Solutions, which is based in SIRIM Bhd (Governmnet agency) .

Mr Lallan has extensive experience in the IT industry. He has recieved an award as a Federal Territory Entrepreneur. After obtaining his Bachelor Degree in Computers and Electronics Engineering from Kolej Bandar Utama (twinning program with University of Nottingham) in year 2001, he joined the company called MIR as a Information Technology Consultant .

He was performing computer programming tasks, and then joined as a software engineer in a new company called Neural Manufacturing Sdn Bhd. He had his best of experiences here when he was creating software

2010. With this Mr Lallan moved Blue Micro Solutions’ operations into the SIRIM building. He obtained certification from Ministry of Finance in Malaysia in the software fields where he can participate in tenders for government IT projects. He also started employing staffs to do IT projects and ventured into IT trainings in private corporations, government

institutions and polytechnics, such as SKALI Bhd, Kolej Komuniti in Klang, Politeknik Ungku Omar in Ipoh and Politeknik Kuching in Sarawak. He has made Blue Micro Solutions to be a certified Human Resource Development Funds (HRDF) training provider to companies in Malaysia. With his proven track record in both the industrial and education worlds in IT, Mr Lallan has been awarded collaboration with Open University Malaysia (OUM) to offer affordable IT degree program to the public recently. Currently Mr Lallan is pursuing MSC status for his company Blue Micro Solutions.

With his company Blue Micro Solutions growing in the right directions, Mr Lallan began to explore his opportunities to grow his business in overseas as well. Venturing into Canada, he successfully opened a branch called Blue Micro Canada Incorporated. He also successfully registered the company with the Canadian government in Toronto, whereby he received invitations to participate in the government tenders for IT projects. He also saw the

1.0 What is Ethical Hacking?

Ethical Hacking is an act of performing and testing security on IT

infrastructure with proper authorization from a company or organization. A person performing ethical hacking is known as ethical hacker or computer security expert. An ethical hacker will use latest hacking tools and social engineering techniques to identify vulnerabilities on IT infrastructure.

Overall the ethical hacking provides risk assessment about the security of IT infrastructure for a company or organization information systems. These risk assessment information will provide the level of security that can be

exploited by a hacker.

On the other hand, hacker is a person who breaks into IT infrastructure or computer networks without any authorization. Hackers mostly hack for profit or motivated by challenge. These exploitation can cause financial lost, legal impart and trust towards the organization.

1.1 Why IT Security is so Important?

Nowadays all the companies or organizations are using and depending on IT infrastructure, computer networks and computer systems to operate their core businesses. Most companies store their client informations in the server in database systems. A good hacker will easily break into customer database if weak passwords are utilized on the server.

Definitely this will cause heavy financial losses to the company. Mostly these hacked incidents will not be reported in the media in detail because it will spoil the company’s reputation.

Most attacks are implemented utilizing emails these days. A good example whould be the LoveLetter worm attacks performed during year 2000.

Millions of computers have been attacked and made changes to the users’ system itself. The LoveLetter worms are received using email attachments.

IT security is crucial to the organization and individual computer users. Individual computer users must make sure they have installed the latest antivirus and antispyware in their computers. Whereas companies must ensure they have engaged a computer security expert or consultant to look into their computer network security issues.

1.2 Ethical Hacking Procedures and Strategies

The first step in performing ethical hacking is to understand a hacker’s process. There are basically 5 main steps and processes of hacking:

Step 1 : Gaining targeted information

Step 2 : Probing vulnerabilities for exploitation Step 3 : Gaining access to the targeted system Step 4 : Maintaining access on targeted system Step 5 : Covering the tracks on targeted system.

The targeted system is mostly referring to the machine to be hacked. It can represent a server or computer or any electronic devices. The hacker will perform the 5 steps mentioned above to gain control or steal information or stop the machine services. Each steps above may take a few months to acheive the desired goal.

2.0 Finding Information

In this process, the hacker will gather as much information about the target system before launching an attack. This allows the hacker to learn and strategize his or her attacks on the system. Basically there are 2 ways of gaining information :

1. Passive Methods of gaining information on the targeted system

2. Active Methods of gaining information on the targeted system

Passive methods involve acquiring information without direct interaction with the targeted system. One of the few ways of passive methods are acquiring publicly available information, social engineering and dumpster diving.

Dumpster diving is a process of looking for information in an organization’s trash for discarded information. Social engineering is a another process by making friends or smooth talk with staffs in the organization to reveal server passwords, security codes and etc.

Whereas active methods are utilizing tools to detect open ports, types of operating systems installed on target system and purpose of applications and services available on the targeted system.

Social engineering is the most deadly and effective way of gaining

information on targeted system. Most previous employees that dislike the company management are potential threat for social engineering.

2.1 Software Tools for Gaining Targeted Information

1. WHOIS

2. Nslookup

3. ARIN

4. Neo Trace

5. VisualRoute Trace

2.2 WHOIS

WHOIS is a query and response protocol for querying databases that store the registered users or assignees of an Internet resource. Information that can be acquired are domain name, IP address block, autonomous system, and etc. The WHOIS protocol stores and provides database content in a human readable format.

The websites and software tool providing WHOIS informations are :

1. http://internic.net/whois.html

2. http://www.whois.net

Access information at www.internic.net/whois.html

Just type www.internic.net/whois.html at your internet browser.

Type the desired domain name and type whether it is .com, .edu, .biz, .org and etc.

Access information at www.whois.net

Just type www.whois.net at your internet browser.

Type the desired domain name and choose whether it is .com, .edu, .biz, .org and etc.

Installing and Accessing Information from SAM SPADE 1.14

Double click on the file name spade114 to install the software.

Just click ‘Next’ until the installation is completed.

Type the desire domain name as highlighted below.

Overall the WHOIS tools will display the hosting company that has registered the domain name. It will also display the creation date and

expiration date and will update the name server of the domain name. These are the key information provided by WHOIS tool :

1. Hosting Company that registered the domain 2. Creation date of domain

3. Expiration date of domain

4. Name server hosted

5. Hosting Company hosting the website 6. Administrative contact details

2.3 Nslookup

2.4 ARIN

ARIN (American Registry for Internet Numbers) founded in the year 1997. It is a non-profit organization that registers and administers IP numbers for North America, some regions of the Caribbean and sub-Saharan Africa. ARIN is one of four regional Internet registries. ARIN also provides services to the technical coordination and management of Internet numbers.

Just type http://whois.arin.net on the internet browser.

Click on the arrow button next to the search box highlighted above and results will be shown as below. Select any of the 2 list highlighted below.

2.5 Neo Trace

NeoTrace is an investigative tool which traces the network path across the Internet from the host system to a target system from the Internet. The software provides good information about registration details for the owner of each computer and the network of each node IP that is registered. It provides a world map displaying the locations of nodes of the route.

Double click on the file name NeoTraceProTrial325 to perform the installation.

Once the installation is completed, Neo Trace screen will pop-up as shown below.

Just type the desired domain name on the highlighted area below. In these situation, www.google.com is type at the type box highlighted.

Select the ‘Node View’ option in the highlighted area.

2.6 VisualRoute

VisualRoute is a tool that integrates Traceroute, Ping, and Whois into an interface that investigates Internet connections to identify whether there is slowdown in the network.

Moreover, VisualRoute can display the geographical location of IP addresses and on a global map. VisualRoute provides key information to help identify Internet abusers and network intruders.

Just click on file name vrc to perform visualroute software installation.

It is required to install java runtime first before installing visualroute

software. Just proceed with the java runtime installation until it is completed.

Click ‘Install Now’ button to continue VisualRoute software until successful.

3.0 Identifying Weakness

During the probing process, the network scanners, sniffers and port scanners are actively used to identify vulnerabilities on the targeted system. These provides time and advantage for the hacker to find a important and strong means of penetrating the target system.

For example, a hacker can identify that a server has installed a particular database application that stores customer’s passwords, by using port scanners to listen to the port. When the port scanners have revealed the vulnerability of database then the hacker has high potential to use sql injections on the

databases applications.

Sql injection is unverified user input which has convinced the application into running the sql statement. When these type of sql statements are executed, the hacker has high chances of gaining customer’s passwords in the database application.

In the scenario above :

Probed information : the type of database installed Vulnerability : sql injection

Exploitation : high chances of gaining customer’s passwords

The diagram for scenario above is illustrated in the following page.

Therefore once the hacker has probed the vulnerabilities of the targeted system, they have high chances to exploit the system. The types of

exploitation will be explained in the following chapter. Exploitations are performed by performing attacks on the computer systems.

3.1 Software Tools to Probe Networks

If you ever think that any existing network is fully proctected from any attacks, it is best to humble yourself and test run the proposed tools below to audit any computer networks. These tools may even provided suggestions to fix the network security issues.

Port Scanning

Ethereal

A good computer security auditor will follow the steps below to probe any computer networks:

3.2 NMAP

NMAP is a network that is able to detect operating systems, host discovery, host services detection and etc. Typically the NMAP runs on DOS mode and the end user needs to execute the nmap commands to probe networks.

The website to download and install NMAP is http://nmap.org. A NMAP simple command is demonstrated below:

Above results shows that NMAP has detected all the services available from the host name scanme.nmap.org which are smtp, domain, gopher, http,

auth,ajp13 and elite. It has identified the host using Linux 2.6 version.

Important NMAP commands

The NMAP commands below are provided based on various network situation to be probed. Basically the end user needs to have some basic knowledge on computer networks before using the NMAP commands.

1: Scan a single host or an IP address (IPv4)

2: Scan multiple IP address or subnet (IPv4) nmap 192.168.1.1 192.168.1.2 192.168.1.3

## works with same subnet i.e. 192.168.1.0/24 nmap 192.168.1.1,2,3

You can scan a range of IP address too:

nmap 192.168.1.1-20

You can scan a range of IP address using a wildcard:

nmap 192.168.1.*

Finally, you scan an entire subnet:

nmap 192.168.1.0/24

3: Read list of hosts/networks from a file (IPv4)

The -iL option allows you to read the list of target systems using a text file. This is useful to scan a large number of hosts/networks. Create a text file as follows:

cat > /tmp/test.txt

The syntax is:

nmap -iL /tmp/test.txt

4: Excluding hosts/networks (IPv4)

When scanning a large number of hosts/networks you can exclude hosts from a scan:

nmap 192.168.1.0/24 --exclude 192.168.1.5

nmap 192.168.1.0/24 --exclude 192.168.1.5,192.168.1.254

OR exclude list from a file called /tmp/exclude.txt

nmap -iL /tmp/scanlist.txt --excludefile /tmp/exclude.txt

5: Turn on OS and version detection scanning script (IPv4) nmap -A 192.168.1.254

6: Find out if a host/network is protected by a firewall nmap -sA 192.168.1.254

nmap -sA server1.cyberciti.biz

7: Scan a host when protected by the firewall nmap -PN 192.168.1.1

nmap -PN server1.cyberciti.biz

8: Scan an IPv6 host/address

The -6 option enable IPv6 scanning. The syntax is: nmap -6 IPv6-Address-Here

nmap -6 server1.cyberciti.biz nmap -6 2607:f0d0:1002:51::4 nmap -v A -6 2607:f0d0:1002:51::4

9: Scan a network and find out which servers and devices are up and running

This is known as host discovery or ping scan:

nmap -sP 192.168.1.0/24

10: How do I perform a fast scan? nmap -F 192.168.1.1

11: Display the reason a port is in a particular state nmap --reason 192.168.1.1

nmap --reason server1.cyberciti.biz

12: Only show open (or possibly open) ports nmap --open 192.168.1.1

nmap --open server1.cyberciti.biz

13: Show all packets sent and received nmap --packet-trace 192.168.1.1

14: Show host interfaces and routes

This is useful for debugging (ip command or route command or netstat command like output using nmap)

nmap --iflist

15: How do I scan specific ports? map -p [port] hostName

## Combine all options ##

nmap -p U:53,111,137,T:21-25,80,139,8080 192.168.1.1

nmap -p U:53,111,137,T:21-25,80,139,8080 server1.cyberciti.biz nmap -v -sU -sT -p U:53,111,137,T:21-25,80,139,8080 192.168.1.254

## Scan all ports with * wildcard ##

nmap -p "*" 192.168.1.1

## Scan top ports i.e. scan $number most common ports ##

nmap --top-ports 5 192.168.1.1 nmap --top-ports 10 192.168.1.1

16: The fastest way to scan all your devices/computers for open ports ever

nmap -T5 192.168.1.0/24

17: How do I detect remote operating system?

You can identify a remote host apps and OS using the -O option:

3.3 NetScan

If anyone is looking for network scanner toolkit application, it would be NetScan where by it comes with a bundle of important network tools to audit the network. The website to download the tool is

http://www.netscantools.com/

The network tools bundle are as below :

DNS Tools - Simple: simple IP/hostname resolution, Who Am I? (shows your computer name, IP and DNSs)

Ping

Graphical Ping Traceroute Ping Scanner Whois

Sample NetScan results for DNS scanning mode:

3.4 Webcruiser

The earlier tools will only detect the network securities on surface level which are port scanning, dns records, host service,ip address and OS versions. These types of scanning and information will not be enough to ensure to the computer network securities. Whereas software tools like Webcruiser will scan more information about the network security towards the host applications.

Basically this software tool performs the network exploitation in the early stage, and then provides the vulnerability information. The following page shows an example of exploitation processes and vulnerability results from Webcruiser:

A perfect tool for auditing SQL Injection activities would be Webcruiser tool. A good hacker will get access to all the table records in a database by simply applying 105 or 1=1 into the sql statements. Below is a basic example of a sql statement that can cause SQL Injection.

SELECT * FROM Users WHERE UserId = 105 or 1=1

Basically the injected SQL commands can alter SQL statements and

compromise or exploit the security of a web application. Webcruiser tool can simply execute the SQL Injection testing activities without need of the

constructing any sql statements.

The above screenshot demonstrates the SQL Injection activities performed by Webcruiser. Overall Webcruiser can perform several types of SQL Injections below:

Post SQL Injection Cookie SQL Injection Cross Site SQL Injection XPath Injection

Quick simple steps below to use Webcruiser tool

Now change the value of username to admin' and '1'='2

If there is a different response then the application has a vulnerability of SQL Injection.

3.4.1 Explanation from Other Websites

What is SQL Injection?

commands into an SQL statement, via web page input.

Injected SQL commands can alter SQL statement and compromise the security of a web application.

SQL Injection Based on 1=1 is Always True

Let's say that the original purpose of the code was to create an SQL statement to select a user with a given user id.

If there is nothing to prevent a user from entering "wrong" input, the user can enter some "smart" input like this:

UserId:105 or 1=1 Server Result

SELECT * FROM Users WHERE UserId = 105 or 1=1

The SQL above is valid. It will return all rows from the table Users, since WHERE 1=1 is always true.

Does the example above seem dangerous? What if the Users table contains names and passwords?

The SQL statement above is much the same as this:

SELECT UserId, Name, Password FROM Users WHERE UserId = 105 or 1=1

From http://www.w3schools.com

What is Cross Site Scripting?

without validating or encoding it.

3.5 GFI LandGuard

In a corporate environment there will be a few hundred computers connected in a network environment and it will very difficult for IT department and administrators to maintain the security updates and patches for the

organization. This is where GFI LandGuard tool comes into the picture to simply apply the patches and updates for the network environment.

Basically the GFI LandGuard will scan for network vulnerabilities and

security compliance and many more and finally perform the security updates and patches. Following page shows the scanning results from GFI

LandGuard.

3.6 What is Wireshark and Ethereal?

Most of us would have heard of this term called Sniffing or Packet Sniffer. When someone is sniffing the network, he or she is basically analyzing all the packet movements in the network. Wireshark and Ethereal are well known packet analyzer software tools. Overall Wireshark and Ethereal performs and provide information as below:

Troubleshooting network issues and locating bottlenecks

Network intrusion detection

Log network traffic for forensic analysis Discovering a DoS (denial-of-service) attack

A hacker will use the tools to exploit for the below information

Capturing usernames and passwords OS fingerprinting

Capturing sensitive or proprietary information Network mapping

Simple Steps to Filter DHCP Traffic with Wireshark

Wireshark can be downloaded at https://www.wireshark.org. Below is a screenshot of wireshark capturing all the packets in the in network

Filter only DHCP packets on the display filter type (bootp.option.type == 53)

4.0 Performing Attacks

Gaining access is the most dangerous phase in the hacking process. Basically the hackers will initiate attacks on the computer systems. There are several types of attacks can be performed by the hacker :

1. Buffer overflow

2. Denial of service 3. Session hijacking

4. SQL Injection

5. Trojans

6. Password Cracking

7. Worms and Viruses

There are many type of attacks can be found but the items above are the most common tactics used by hackers.

A buffer overflow happens when data written to a buffer with insufficient bounds checking and eventually corrupts the data values in memory

addresses next to the allocated buffer. Mostly this situation happens when string characters copied from one buffer to another.

A denial-of-service attack (DoS attack) is an attempt to make a computer resource or service completely unavailable to the users. DoS attack will continuesly sent data packets to the computer system until the system is exhausted and unable to provide the configured service to the users.

Session hijacking is exploitation of a valid computer sessions which is known as a session key. These sessions will allow hackers to gain unauthorized

access to a particular information or services in a computer system. Mostly it is used to refer to the hackers acquiring a unique cookie used to authenticate or validate a user to a remote server.

Password cracking is a process of recovering passwords from a computer that has been stored or transmitted by the users. Usually password cracking tools will repeatedly try to guess for the password. The purpose of password

cracking is to help a user to recover a forgotten password, gain unauthorized access to a system, provide preventive measure by system administrators to check for password strength.

A computer worm and virus performs self replication through computer networks by sending copies of itself to other computer network. The main difference between a virus and a worm is that a worm does not need to attach itself to an existing program. Worms will cause some harm to the computer network by at least consuming bandwidth but a virus will corrupt or modify files on a targeted computer.

Overall the attacks described above can cause serious harm to computer networks and architecture. Basically these attacks will take control of the computer systems in the organization.

4.1 Good Software Tools to Attack a Computer or Network

The software tools suggested are more for educational and testing purposes. A proper testing enviroment should be established before using the software tools to attack a network. Below are some of the software tools that can be used to perform some attacks over the network.

Denial of Service

1) Colasoft Packet Builder

Password Cracking 2) Cain and Abel 3) L0phtCrack

Web Copier Tools to Perform Phishing Attacks 5) Webcopier

Buffer Overflow

7) C/C++ Programming examples of Buffer Overflow

4.2 Colasoft Packet Builder

A simple denial of service attack would be typing a ping at command prompt which will send a Internet Control Message Protocol (ICMP) Echo Request messages to the destination computer and waiting for a response. However this will definitely would not be enough to initiate a DOS attack.

Colasoft Packet Builder is handy enough to initiate a DOS attack over a network. Colasoft Packet Builder provides an interface for end user to craft a custom network packet.

The end user is able to craft the types of following packets such as Ethernet Packet, ARP Packet, IP Packet, TCP Packet and UDP Packet, and change the parameters in the decoder editor, hexadecimal editor or ASCII editor as

shown below.

An existing network packets can be obtain from Colasoft Capsa, Wireshark, Ethereal and etc to simplify the network crafting work by adding and

4.3 Cain and Abel

One of the most interesting tools to explore would be Cain and Abel. This software tool can crack almost any type of encryption proctection. Cain and Abel tool is always useful for password recovery task.

The most popular encryptions are :

MD4 hashes

Let take an example of cracking a MD5 hash using Cain and Abel software tool to reveal the actual information. Normally MD5 data can be obtain in any MySQL databases which is used to concile user passwords.

Step 1: Click on the Cracker Tab

Step 3 : Right click on the blank sheet and select "add to list" option.

Step 4 : A pop-up box will appear and copy and paste the hash code in that box and hit ok button. For instance, let us take this hash code c3ea886e7d47f5c49a7d092fadf0c03b

Step 5 : Right click on the hash code and select the Method. Select Brute Force Attack

When the MD5 hash has been succesfully cracked then results will be shown as below.

4.4 L0phtCrack

L0phtCrack is mainly use for cracking windows user account passwords. Normally for windows xp, the user account informations are stored at this location c:\windows\system32\configure\sam. SAM (Security Accounts Manager) which is database for windows user account.

For beginners it is better to use brute force attack to crack the passwords.

What is Brute Force Attacks?

In cryptography, a brute force attack or exhaustive key search is a strategy that can in theory be used against any encrypted data by an attacker who is unable to take advantage of any weakness in an encryption system that would otherwise make his task easier.

From wikipedia.org

What is Dictionary Attacks?

An attempt to gain illicit access to a computer system by using a very large set of words to generate potential passwords.

4.5 Webcopier

Webcopier is a fantastic tool to copy any websites offline and store the website files in the laptop. Webcopier even copies website with javascript and supports proxy servers and HTTP authorization.The copied website files can be use for phishing activities to perform an attack.

All the files copied can be hosted on another webhosting server with similar domain names. End user will not be able to recognize the domain names quickly but recognized the websites design immediately. Eventually the end user will provide the particulars like username, passwords, credit card details and etc. Finally the attacker can exploit the end user with these details from the actual websites or domains.

What is Phishing?

Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, banks, online payment processors or IT administrators are commonly used to lure unsuspecting public.

From wikipedia.org

Webcopier also allows to browse the website files as shown above and have preview of the html content.

4.6 HTTrack

Another software tool that performs like Webcopier is HTTrack. This tool is absolutely free and it is GPL license. HTTrack has more features than

Webcopier and it is able to handle websites with huge files. Plus it also allows to control the amount and the type of website files to be downloaded.

Basic concept to use HTTrack:

1. Choose your project to organize the downloads 2. Drag and drop several websites for downloading 3. Precisely choose the options for downloading

4. For example, filters is a powerful way to select or refuse selective links.

4.7 Buffer Overflow

Buffer Overflow is a common error programming mistakes in a software application. Therefore proper auditing should be performed on any software application in an organization. Before explaining into details about Buffer Overflow, the concept of Buffer Overflow should be defined properly.

A buffer is a memory allocated to contain anything from a character string to an array of integers. A buffer overflow occurs when more data is assigned into a fixed-length buffer than the buffer is able to handle. When the buffer is not able to handle the data supplied then the adjacent memory space becomes overwritten and finally get corrupted. This is will lead to a situation where by the system will crash.

Mostly C/C++ applications are frequent targets of buffer overflow attacks. C/C++ applications have no mechanism to check for buffer overflows. C/C++ developers should avoid standard library functions which have no checks for functions like scanf and strcpy.

Below is sample C/C++ programming code for Buffer Overflow exploitation.

#include <stdio.h>

{

When the end user runs the program from the previous page, the end user receives the expected results below.

This time the end user runs the program with entering a wrong password and the program has responded wrong password but given the rights for Root user privileges.

5.0 Ethical Hackers Important Tasks

So far the earlier chapters have given a basic exposure of the security tools that can be use for understanding computer securities. However there are certain tasks and responsibilities for ethical hackers to perform on their daily job activities. These tasks are not mandatory but important for their career as stated below:

1) Join Ethical Hacking groups

2) Upgrade and select the right software tools 3) Attend seminars about Cyber-Law

4) Create incident forms and prepare reports for security audits

5.1 Incident Forms

When the security audit is performed at client’s location, it is best practice for the clients to report the incident by filling up the incident form provided by the security engineers. Following page is a sample incident form:

The incident form will provide the Ethical Hackers to focus on particular incident that the client or end user has experienced in their work

5.2 Computer Security Reports

The security reports are the most crucial part of the task for Ethical Hackers. Based on the reports, the client will have to make decision to purchase any security software tools to avoid any securities vulnerabilities. Therefore report has to be comprehensive enough to convince the clients about the computer security situations. Below is simple format or outline that a report should contain:

Executive Summary Hacking Activities

Summary of Website or Software Application Audit Vulnebrality Findings

Security Recommendations Graphs and Tables

For illustration, the ‘Summary of Website or Software Application Audit’ screenshot sample is as below: