Ethical Hacking

Ethical hacking is the legal hacking of a computer system for the purpose of identifying areas where organizations can improve their cyber security. Companies and other organizations hire ethical hackers—also called white hat hackers or penetration testers—to try to exploit security vulnerabilities in digital assets. Following a hacking attempt, ethical hackers write a report detailing what they did or didn’t find and deliver it to the organization so it can create appropriate software patches or deploy software version updates.

What goes into an ethical hack?

While the underlying function remains the same as illegal hacking, ethical hacking follows a strict process. The important detail here is consent from the party being hacked. Without permission for a hacker to attempt breaking into a computer system, hacking is an illegal offense that can result in prison time and hefty fines.

According to ethical hacker Roger A. Grimes in CSO, ethical hacking consists of three steps:

  • Scope and goal setting
  • Exploitation
  • Documentation

Scope and goal setting involves the actual contractual terms of what, when, where, and how an ethical hacker may attempt to breach an organization’s systems. This step usually defines what a penetration tester can target, the specific timeframe when they can attempt a break-in, where they can look or what information they’re allowed to know beforehand, and what methods they’re allowed to explore for hacking.

Exploitation is when the ethical hacker attempts to break into the target computer system. Depending on the penetration testing agreement, organizations may require the hacker to take screenshots of this process or even film themselves attempting the hack. These resources can be useful to organizations and ethical hackers alike for the final step, documentation.

Documentation is the step where the ethical hacker prepares a detailed report for the organization. The contents of this report can vary, but in general, ethical hackers report on the vulnerabilities they discovered, where they were found, and how they were exploited. Using this information, organizations can make fixes to their software to reduce the likelihood of a successful illegal hack.

How do you become an ethical hacker?

With cyber crime on the rise, ethical hacking is in high demand, and many organizations will pay good money for penetration testing. Some people, like Kevin Mitnick, turn to a career in ethical hacking after operating as self-taught illegal hackers for an amount of time. Others learn ethical hacking in a formal education environment where they usually work towards a professional certification.

Ethical hacking courses are becoming a popular way for people to start a career in penetration testing, but many of today’s ethical hackers learned this specialty through a mix of self-taught illegal hacking and formal certification programs.

Here are three popular certification courses for becoming an ethical hacker:

  • Certified Ethical Hacker (CEH) from EC-Council
  • The Global Information Assurance Certification (GIAC) from the SANS Institute
  • The Offensive Security Certified Professional (OSCP) from Offensive Security

In addition to contracting penetration testers, some organizations offer bug bounty programs. A bug bounty program is an agreement between an organization and an ethical hacker where the organization agrees to pay or offer another form of compensation to white hat hackers who successfully identify and disclose software bugs to the organization.

Some organizations that offer bug bounty programs include the United States Department of Defense, Microsoft, Salesforce, and IBM.

Webopedia Staff
Webopedia Staff
Since 1995, more than 100 tech experts and researchers have kept Webopedia’s definitions, articles, and study guides up to date. For more information on current editorial staff, please visit our About page.

Related Articles

Phishing

What is phishing? Phishing is a type of cybercrime in which victims are contacted by email, telephone, or text message by an attacker posing as...

Photo Editing Software

Photo editing software is used to manipulate or enhance digital images. This category of software ranges from basic apps, which are able to apply...

SOHO Business Solutions: Free Email Marketing Services

Just like big businesses, SOHO (small office/home office) owners can leverage email marketing systems to communicate with customers, partners and employees. Just like big businesses,...

Fintech

Fintech, also known as "financial technology," is a term used to describe companies that use innovative technology to create more efficient, transparent, and cost-effective...

ScalaHosting

ScalaHosting is a leading managed hosting provider that offers secure, scalable, and affordable...

HRIS

Human resources information system (HRIS) solutions help businesses manage multiple facets of their...

Best Managed Service Providers...

In today's business world, managed services are more critical than ever. They can...