Ethical Hacking Definition & Meaning

Ethical hacking is the legal hacking of a computer system for the purpose of identifying areas where organizations can improve their cyber security. Companies and other organizations hire ethical hackers—also called white hat hackers or penetration testers—to try to exploit security vulnerabilities in digital assets. Following a hacking attempt, ethical hackers write a report detailing what they did or didn’t find and deliver it to the organization so it can create appropriate software patches or deploy software version updates.

What goes into an ethical hack?

While the underlying function remains the same as illegal hacking, ethical hacking follows a strict process. The important detail here is consent from the party being hacked. Without permission for a hacker to attempt breaking into a computer system, hacking is an illegal offense that can result in prison time and hefty fines.

According to ethical hacker Roger A. Grimes in CSO, ethical hacking consists of three steps:

  • Scope and goal setting
  • Exploitation
  • Documentation

Scope and goal setting involves the actual contractual terms of what, when, where, and how an ethical hacker may attempt to breach an organization’s systems. This step usually defines what a penetration tester can target, the specific timeframe when they can attempt a break-in, where they can look or what information they’re allowed to know beforehand, and what methods they’re allowed to explore for hacking.

Exploitation is when the ethical hacker attempts to break into the target computer system. Depending on the penetration testing agreement, organizations may require the hacker to take screenshots of this process or even film themselves attempting the hack. These resources can be useful to organizations and ethical hackers alike for the final step, documentation.

Documentation is the step where the ethical hacker prepares a detailed report for the organization. The contents of this report can vary, but in general, ethical hackers report on the vulnerabilities they discovered, where they were found, and how they were exploited. Using this information, organizations can make fixes to their software to reduce the likelihood of a successful illegal hack.

How do you become an ethical hacker?

With cyber crime on the rise, ethical hacking is in high demand, and many organizations will pay good money for penetration testing. Some people, like Kevin Mitnick, turn to a career in ethical hacking after operating as self-taught illegal hackers for an amount of time. Others learn ethical hacking in a formal education environment where they usually work towards a professional certification.

Ethical hacking courses are becoming a popular way for people to start a career in penetration testing, but many of today’s ethical hackers learned this specialty through a mix of self-taught illegal hacking and formal certification programs.

Here are three popular certification courses for becoming an ethical hacker:

  • Certified Ethical Hacker (CEH) from EC-Council
  • The Global Information Assurance Certification (GIAC) from the SANS Institute
  • The Offensive Security Certified Professional (OSCP) from Offensive Security

In addition to contracting penetration testers, some organizations offer bug bounty programs. A bug bounty program is an agreement between an organization and an ethical hacker where the organization agrees to pay or offer another form of compensation to white hat hackers who successfully identify and disclose software bugs to the organization.

Some organizations that offer bug bounty programs include the United States Department of Defense, Microsoft, Salesforce, and IBM.

Top Articles

The Complete List of Text Abbreviations & Acronyms

From A3 to ZZZ we list 1,559 text message and online chat abbreviations to help you translate and understand today's texting lingo. Includes Top...

How to Create a Website Shortcut on Your Desktop

This Webopedia guide will show you how to create a desktop shortcut to a website using Firefox, Chrome or Internet Explorer (IE). Creating a desktop...

Windows Operating System History & Versions

The Windows operating system (Windows OS) refers to a family of operating systems developed by Microsoft Corporation. We look at the history of Windows...

Hotmail [Outlook] Email Accounts

By Vangie Beal Hotmail was one of the first public webmail services that could be accessed from any web browser. Since 2011, Hotmail, in terms...

IT Observability Definition &...

IT observability is the theory that a system's internal state should be understood...

Data Corruption Definition &...

Data corruption is the process of data becoming unreadable or invalid. It typically...

Subschema Definition & Meaning

A subschema is a database view that filters or organizes all data to...