Skills of an Ethical Hacker
All jobs require a certain amount of skills when it comes to doing their jobs. As for an ethical hacker, it is not that opposite to other jobs. If you want to be good at whatever you do, you must learn the basics.
When I was learning codes, programs and everything involve in the computer industry, I was kind of excited to hear about these skills, and how basic they are yet they are used for big projects and stuff.
Below are the list of skills for an Ethical Hacker:
Cryptography
"The art of writing or solving codes" - Oxford
It is the process of converting plain text into a sophisticated one and vice versa. Not only that it will help the text get secured but also helps in authentication of the user and data itself. Authentication in the way that both the sender and receiver confirms a certain transaction before it occurs. Before, it is often used for encryption but now, it is mostly used for computer practices and mathematical theories.
In layman's term, it is a tool to protect information.
Password Cracking
The process of recovering passwords after being stored and transmitted through a computer system.
Most of the time, hackers use the guessing game when it comes to password cracking. Since you are gaining an unauthorized access to a data, you must be skilled enough to open the door into that account. Often, even before, cracking passwords are done by using any possible combinations in order to log in.
Cain and Abel, not the Bible story of brotherhood, but rather one of the most popular password cracking tool can hold many tasks. Though, it is commonly and only used on Windows platform.
SQL Injection
In layman's term, SQL injection happens when a hacker asks a user for an input and he sends a malicious SQL command to run into the database.
An example of this kind of injection is when you retrieve a hidden information or data in order to modify a command that affect the entire application.
SQL injection is extremely hard to difficult. No evidences or traces can be found in the server, unlike code injection. Out of all web application attacks, this is the most common and used one having almost two-thirds of the attacks.
Session Hijacking
Also known as cookie hijacking.
A session means a record of everything you in a certain service. For example, you log in to a bank account up until you log out of it, that is a session.
Session Hijacking is when a hacker uses user session for attack. Hackers use them to gain unauthorized access to the web server. Usually happens when both entities are using the same WiFi.
I personally recommend to not use cookies. Usually, when you open a new website, you can see a pop up that says they are using cookies and by clicking ok, you authorize them for the sake of you session in their webpage, click the no button. If the no button is nowhere to be found, then just leave it there.