#ConsonanceInfrastructure tweetchat with Lilian Douglas Ezeugo
Hi guys, so last saturday we had another tweetchat with an expert in the field. This time, Lilian Douglas Ezeugo, a cybersecurity expert discussed all about Ethical Hacking, Bug bounty and Pentesting. In case you missed it, here’s how it went.
“Hello everyone! My name is Lilian, and I am going to be talking about “Ethical Hacking, Bug bounty, and Pentesting (also known as Penetration testing)”.
Let’s understand Ethical hacking. For example I keep a drink in my house, lock my doors and windows, then I ask my friend to see if he can break into get access to that drink, because I gave him my consent to find out if my house is fully secured, it is considered ethical hacking but if my friend breaks into my house without consent, it is considered unethical hacking.
Ethical hacking is basically the act of locating weaknesses and vulnerabilities in a computer or information systems by duplicating the intent of a malicious hacker. While Ethical hacking involves all hacking methods, Penetration Testing (also known as Pentesting) is narrowly focused and is a subset of ethical hacking. Pentesting is not harmful and assessment is only for the part where the tester is performing pentesting.
Bug Bounty is a program or a reward given for finding bugs insoftwareproducts.To go into bug bounty, you need to know what is vulnerable and how to exploit it. Hackerone has some publicly disclosed bugs, you can check them out. You can check contents on how to scrape a website or how to identify vulnerabilities. Also follow hackers on twitter.
Whichever path you choose to follow, you have to start small, be observant and think outside the box.
Here are some companies that offer bug bounty program:
- Bugcrowd
- Google vulnerability reward program
- PayPal bug bounty program
- Facebook Bug bounty program.
“I’m now open to answering questions, or maybe I have missed out on something you want to know, you can ask now.”
Q&A:
Q: Blame the generic notion about hackers on how they are presented in movies etc., would you quickly talk about the importance of hackers to the tech ecosystem?
A: It can’t be overemphasized, cybercrimes are so much these days and attackers are becoming more sophisticated, also tech businesses are faced with dealing with complex security, so Ethical hackers come to rescue the system while ensuring effectiveness of the service.
Q: As a novice in this field, I’d like to know if the concept of hacking requires a specific knowledge of a programming language
A: You do not need to have knowledge of programming to begin, you can learn on the field. You don’t need to be a badass programmer, just understand basic scripts and what it is meant to do.
Q: So I’ve always wanted to be a pentester but I couldn’t get hold of materials and all, so I went to web development, my question is how do I become a pentester, where can I take courses on pentesting, cuz I really have passion for cybersecurity? A: Start with http://cybrary.it and I highly recommend this book “The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws” also make good use of the Internet, it’s a useful resource to getting almost any material you need.
