Ethical Hacking Definition & Meaning
Ethical hacking is the legal hacking of a computer system for the purpose of identifying areas where organizations can improve their cyber security. Companies and other organizations hire ethical hackers—also called white hat hackers or penetration testers—to try to exploit security vulnerabilities in digital assets. Following a hacking attempt, ethical hackers write a report detailing what they did or didn’t find and deliver it to the organization so it can create appropriate software patches or deploy software version updates.
What goes into an ethical hack?
While the underlying function remains the same as illegal hacking, ethical hacking follows a strict process. The important detail here is consent from the party being hacked. Without permission for a hacker to attempt breaking into a computer system, hacking is an illegal offense that can result in prison time and hefty fines.
According to ethical hacker Roger A. Grimes in CSO, ethical hacking consists of three steps:
- Scope and goal setting
Scope and goal setting involves the actual contractual terms of what, when, where, and how an ethical hacker may attempt to breach an organization’s systems. This step usually defines what a penetration tester can target, the specific timeframe when they can attempt a break-in, where they can look or what information they’re allowed to know beforehand, and what methods they’re allowed to explore for hacking.
Exploitation is when the ethical hacker attempts to break into the target computer system. Depending on the penetration testing agreement, organizations may require the hacker to take screenshots of this process or even film themselves attempting the hack. These resources can be useful to organizations and ethical hackers alike for the final step, documentation.
Documentation is the step where the ethical hacker prepares a detailed report for the organization. The contents of this report can vary, but in general, ethical hackers report on the vulnerabilities they discovered, where they were found, and how they were exploited. Using this information, organizations can make fixes to their software to reduce the likelihood of a successful illegal hack.
How do you become an ethical hacker?
With cyber crime on the rise, ethical hacking is in high demand, and many organizations will pay good money for penetration testing. Some people, like Kevin Mitnick, turn to a career in ethical hacking after operating as self-taught illegal hackers for an amount of time. Others learn ethical hacking in a formal education environment where they usually work towards a professional certification.
Ethical hacking courses are becoming a popular way for people to start a career in penetration testing, but many of today’s ethical hackers learned this specialty through a mix of self-taught illegal hacking and formal certification programs.
Here are three popular certification courses for becoming an ethical hacker:
- Certified Ethical Hacker (CEH) from EC-Council
- The Global Information Assurance Certification (GIAC) from the SANS Institute
- The Offensive Security Certified Professional (OSCP) from Offensive Security
In addition to contracting penetration testers, some organizations offer bug bounty programs. A bug bounty program is an agreement between an organization and an ethical hacker where the organization agrees to pay or offer another form of compensation to white hat hackers who successfully identify and disclose software bugs to the organization.
Some organizations that offer bug bounty programs include the United States Department of Defense, Microsoft, Salesforce, and IBM.
Stay up to date on the latest developments in Internet terminology with a free newsletter from Webopedia. Join to subscribe now.
From A3 to ZZZ we list 1,559 text message and online chat abbreviations to help you translate and understand today's texting lingo. Includes Top... Read More »Huge List of Computer Certifications
Have you heard about a computer certification program but can't figure out if it's right for you? Use this handy list to help you decide. Read More »
Computer architecture provides an introduction to system design basics for most computer science students. Read More »Network Fundamentals Study Guide
Networking fundamentals teaches the building blocks of modern network design. Learn different types of networks, concepts, architecture and... Read More »The Five Generations of Computers
Learn about each of the five generations of computers and major technology developments that have led to the computing devices that we use... Read More »