April 2012 - Ethical Hacking: Security Processes and Procedures


The law of averages works against security. With the increased numbers and expanding knowledge of hackers, combined with the growing number of system vulnerabilities and other unknowns, the time will come when all computer systems are hacked or compromised in some way. Protecting your systems from the bad guys and not just the generic vulnerabilities that everyone knows about is absolutely critical.

Ethical hacking is a key component of risk assessment, audit, counter fraud, best practice, and good governance. Not only will ethical hacking identify risks and highlight remedial actions, it will reduce your ICT costs long term by resolving those vulnerabilities and reducing support issues.

In this session, we will explore ethical hacking topics, strategies, activities, and mechanisms including:

  • Ethical Hacking Security Processes and Procedures - Overview
  • What is it? How is it used?
  • Static and Dynamic Analyses
  • White Box and Black Box Processes
  • Automated and Manual Techniques


Edward Chorbajian, Affinity, Inc.

Ed is a Security Consultant for Affinity, Inc. with over 15 years of experience in information technology. His professional background includes 10 years in the software development field, using numerous languages and 5+ years on application security and data encryption projects, including ethical hacking security processes and procedures. Prior to joining Affinity, Ed served as Manager of Information Risk Assessment at KPMG.

Ed has a BA in Mathematics and Physics, an MS in Computer Science, and is an MBA candidate attending the New York University’s Stern School of Business. He is a Certified Information Systems Security Professional (CISSP), Certified Secure Software Lifecycle Professional (CSSLP), and GIAC Web Application Penetration Tester (GWAPT).