Ethical Hacking

Ethical hacking is the legal hacking of a computer system for the purpose of identifying areas where organizations can improve their cyber security. Companies and other organizations hire ethical hackers—also called white hat hackers or penetration testers—to try to exploit security vulnerabilities in digital assets. Following a hacking attempt, ethical hackers write a report detailing what they did or didn’t find and deliver it to the organization so it can create appropriate software patches or deploy software version updates.

What goes into an ethical hack?

While the underlying function remains the same as illegal hacking, ethical hacking follows a strict process. The important detail here is consent from the party being hacked. Without permission for a hacker to attempt breaking into a computer system, hacking is an illegal offense that can result in prison time and hefty fines.

According to ethical hacker Roger A. Grimes in CSO, ethical hacking consists of three steps:

  • Scope and goal setting
  • Exploitation
  • Documentation

Scope and goal setting involves the actual contractual terms of what, when, where, and how an ethical hacker may attempt to breach an organization’s systems. This step usually defines what a penetration tester can target, the specific timeframe when they can attempt a break-in, where they can look or what information they’re allowed to know beforehand, and what methods they’re allowed to explore for hacking.

Exploitation is when the ethical hacker attempts to break into the target computer system. Depending on the penetration testing agreement, organizations may require the hacker to take screenshots of this process or even film themselves attempting the hack. These resources can be useful to organizations and ethical hackers alike for the final step, documentation.

Documentation is the step where the ethical hacker prepares a detailed report for the organization. The contents of this report can vary, but in general, ethical hackers report on the vulnerabilities they discovered, where they were found, and how they were exploited. Using this information, organizations can make fixes to their software to reduce the likelihood of a successful illegal hack.

How do you become an ethical hacker?

With cyber crime on the rise, ethical hacking is in high demand, and many organizations will pay good money for penetration testing. Some people, like Kevin Mitnick, turn to a career in ethical hacking after operating as self-taught illegal hackers for an amount of time. Others learn ethical hacking in a formal education environment where they usually work towards a professional certification.

Ethical hacking courses are becoming a popular way for people to start a career in penetration testing, but many of today’s ethical hackers learned this specialty through a mix of self-taught illegal hacking and formal certification programs.

Here are three popular certification courses for becoming an ethical hacker:

  • Certified Ethical Hacker (CEH) from EC-Council
  • The Global Information Assurance Certification (GIAC) from the SANS Institute
  • The Offensive Security Certified Professional (OSCP) from Offensive Security

In addition to contracting penetration testers, some organizations offer bug bounty programs. A bug bounty program is an agreement between an organization and an ethical hacker where the organization agrees to pay or offer another form of compensation to white hat hackers who successfully identify and disclose software bugs to the organization.

Some organizations that offer bug bounty programs include the United States Department of Defense, Microsoft, Salesforce, and IBM.

Webopedia Staff
Since 1995, more than 100 tech experts and researchers have kept Webopedia’s definitions, articles, and study guides up to date. For more information on current editorial staff, please visit our About page.

Top Articles

The Complete List of 1500+ Common Text Abbreviations & Acronyms

Text Abbreviations reviewed by Web Webster   From A3 to ZZZ we list 1,559 SMS, online chat, and text abbreviations to help you translate and understand...

Windows Operating System History & Versions

The Windows operating system (Windows OS) refers to a family of operating systems developed by Microsoft Corporation. We look at the history of Windows...

How to Create a Website Shortcut on Your Desktop

Website Shortcut on Your Desktop reviewed by Web Webster   This Webopedia guide will show you how to create a website shortcut on your desktop using...

Generations of Computers (1st to 5th)

Reviewed by Web Webster Learn about each of the 5 generations of computers and major technology developments that have led to the computing devices that...

Spoofing

What is spoofing? As it pertains to cybersecurity, spoofing is when a person disguises...

How to Indent in...

Microsoft Word is a graphical word...

Webcam

A webcam, short for web camera, is a piece of video hardware that...