primary research
Primary research
Graph 1
Here’s a simple breakdown of the results:
Black Hat (81.8%) – Most people selected this. Black hat hackers are the "bad guys" who break into systems for malicious reasons.
White Hat (18.2%) – These are the "good guys" who hack to help protect systems.
Green Hat (9.1%) – These are beginner hackers who are eager to learn more.
Blue Hat (9.1%) – Hackers who often test systems for bugs, sometimes hired by companies.
Red Hat (0%) – No one chose this. Red hat hackers are known to fight back against black hats, sometimes aggressively.
In short: Black hats are bad hackers, white hats are good, and the others have more specialized or less common roles.
Graph 2
Here’s a simple explanation of the results:
Programming knowledge – Almost everyone selected this skill (9 people). It’s the most important skill for ethical hackers because they need to understand how software works to find and fix vulnerabilities.
Graphic design – Only 1 person chose this. It's not usually important for ethical hacking.
Networking fundamentals – Also selected by 1 person. This is actually a very important skill too, as understanding how networks function helps hackers detect and prevent attack
Graph 3
Here’s a simple explanation:
To test systems (72.7%) – Most people chose this. Ethical hackers check systems for weaknesses so they can be fixed before bad hackers find them.
To secure systems (18.2%) – Some people picked this. It's another key goal — once problems are found, they need to be fixed to improve security.
To prevent malicious attacks (9.1%) – Fewer people chose this, but it's still true. Ethical hacking helps stop cyberattacks by finding and fixing risks early.
Graph 4
Top Tools:
Nmap (27.3%) – Used for scanning networks to find devices and open ports.
Metasploit (27.3%) – A framework for testing vulnerabilities.
Wireshark (18.2%) – Analyzes network traffic.
Burp Suite (18.2%) – Tests web application security.
Outlier:
Photoshop (9.1%) – Not a hacking tool; likely a joke or mistake.
Conclusion: Ethical hackers use tools like Nmap, Metasploit, Wireshark, and Burp Suite for security testing, while Photoshop is unrelated
Graph 5
Obtain permission before testing – Ethical hackers must always get explicit approval from the system owner before conducting any security tests.
Report all found vulnerabilities – They must document and share all discovered weaknesses with the organization to help improve security.
Follow applicable laws – Ethical hackers must comply with all relevant laws and regulations during their work.
Unethical/Illegal Actions:
Hide activities from employers – Secretly testing without permission is unethical and illegal.
Exploit vulnerabilities for personal gain – Using findings for malicious purposes (e.g., stealing data) is a crime.
Answer: Out of the 5 options, 3 are legal/ethical principles. (The correct ones are bolded above.
Graph 6
Commonly Tested Areas:
Physical security (27.3%) – Testing locks, cameras, and access controls to prevent unauthorized entry.
Web applications (27.3%) – Checking websites and web apps for vulnerabilities like SQL injection or XSS.
Network infrastructure (18.2%) – Assessing routers, firewalls, and servers for weaknesses.
Wireless networks (18.2%) – Evaluating Wi-Fi security (e.g., encryption flaws, rogue access points).
Physical security (27.3%) – Testing locks, cameras, and access controls to prevent unauthorized entry.
Web applications (27.3%) – Checking websites and web apps for vulnerabilities like SQL injection or XSS.
Network infrastructure (18.2%) – Assessing routers, firewalls, and servers for weaknesses.
Wireless networks (18.2%) – Evaluating Wi-Fi security (e.g., encryption flaws, rogue access points).
Not Typically Tested:
UI/UX Design (9.1%) – While usability is important, penetration tests focus on security flaws, not design aesthetics.
UI/UX Design (9.1%) – While usability is important, penetration tests focus on security flaws, not design aesthetics.
graph 7
Relevant Certifications for Ethical Hackers:
CEH (Certified Ethical Hacker) – 36.4%
A widely recognized certification focused on penetration testing and ethical hacking techniques.
OSCP (Offensive Security Certified Professional) – 9.1%
A hands-on certification proving practical skills in offensive security and penetration testing.
CISSP (Certified Information Systems Security Professional) – 9.1%
A broader security certification covering risk management, security policies, and best practices.
CEH (Certified Ethical Hacker) – 36.4%
A widely recognized certification focused on penetration testing and ethical hacking techniques.
OSCP (Offensive Security Certified Professional) – 9.1%
A hands-on certification proving practical skills in offensive security and penetration testing.
CISSP (Certified Information Systems Security Professional) – 9.1%
A broader security certification covering risk management, security policies, and best practices.
Not Directly Relevant to Ethical Hacking:
PMP (Project Management Professional) – 27.3%
Focuses on project management, not cybersecurity or hacking.
IELTS (English language test) – 18.2%
Unrelated to cybersecurity; measures English proficiency.
PMP (Project Management Professional) – 27.3%
Focuses on project management, not cybersecurity or hacking.
IELTS (English language test) – 18.2%
Unrelated to cybersecurity; measures English proficiency.
graph 8
Major Consequences:
Financial Losses (27.3%) – Cyberattacks can lead to theft, fraud, and costly recovery efforts.
Data Breaches (27.3%) – Sensitive information (customer data, trade secrets) can be stolen or leaked.
System Downtime (18.2%) – Attacks like ransomware can disrupt operations, halting business activities.
Legal Issues (9.1%) – Fines, lawsuits, and regulatory penalties for failing to protect data (e.g., GDPR).
Financial Losses (27.3%) – Cyberattacks can lead to theft, fraud, and costly recovery efforts.
Data Breaches (27.3%) – Sensitive information (customer data, trade secrets) can be stolen or leaked.
System Downtime (18.2%) – Attacks like ransomware can disrupt operations, halting business activities.
Legal Issues (9.1%) – Fines, lawsuits, and regulatory penalties for failing to protect data (e.g., GDPR).
Not a Consequence:
Increased User Trust (18.2%) – Poor cybersecurity erodes trust; this option is incorrect
Increased User Trust (18.2%) – Poor cybersecurity erodes trust; this option is incorrect
graph 9
graph 9
Government Agencies (36.4%) – Protecting national security, critical infrastructure, and public sector systems.
Financial Institutions (27.3%) – Banks and insurance companies hire ethical hackers to prevent fraud and secure transactions.
IT Security Firms (27.3%) – Penetration testing companies and cybersecurity consultancies.
Government Agencies (36.4%) – Protecting national security, critical infrastructure, and public sector systems.
Financial Institutions (27.3%) – Banks and insurance companies hire ethical hackers to prevent fraud and secure transactions.
IT Security Firms (27.3%) – Penetration testing companies and cybersecurity consultancies.
Cybercrime Rings (9.1%) – Ethical hackers fight cybercrime; working for criminals is illegal and unethical.
graph 10
Cybercrime Rings (9.1%) – Ethical hackers fight cybercrime; working for criminals is illegal and unethical.
graph 10
Testing Without Consent (63.6%) – Conducting penetration tests or security assessments without explicit permission is illegal and violates ethical hacking principles.
Testing Without Consent (63.6%) – Conducting penetration tests or security assessments without explicit permission is illegal and violates ethical hacking principles.
Selling Discovered Exploits (9.1%) – Profiting from vulnerabilities by selling them to malicious actors (e.g., black markets).
Disclosing Confidential Data (9.1%) – Sharing sensitive information (e.g., customer data) publicly or with unauthorized parties.
Selling Discovered Exploits (9.1%) – Profiting from vulnerabilities by selling them to malicious actors (e.g., black markets).
Disclosing Confidential Data (9.1%) – Sharing sensitive information (e.g., customer data) publicly or with unauthorized parties.
Reporting Vulnerabilities (9.1%) – Should be done responsibly (e.g., to the organization first, not publicly).
Maintaining Transparency (9.1%) – Clear communication with clients/employers about findings and methods.
references
Google Forms (no date) Untitled form [Online form]. Available at: https://docs.google.com/forms/d/1x6W8F8T_serHSfG1LZLj3JC_KtUQHQ4So1--e0NXDfU/edit?pli=1 (Accessed: 29 mai 2025).
Reporting Vulnerabilities (9.1%) – Should be done responsibly (e.g., to the organization first, not publicly).
Maintaining Transparency (9.1%) – Clear communication with clients/employers about findings and methods.
Commentaires
Enregistrer un commentaire