Whitelisting is a cybersecurity strategy that only allows an approved list of applications, programs, websites, IP addresses, email addresses, or IP domains, to run in a protected computer or network. Users can only access applications or take actions with explicit approval by the administrator. Anything outside of the list is denied access. 

Cybercrime networks and hackers can exploit the vulnerabilities of an application or website—and once they take control of the system, they can use that application or website to launch cyberattacks. Whitelisting is a preventive measure to protect an organization’s sensitive corporate data by only permitting traffic from known IP addresses or ranges.

How is whitelisting different from blacklisting?

While whitelisting allows users only authorized applications or websites, blacklisting actively identifies software programs that pose security threats, denying them access to the protected computer. For example, antivirus or anti-malware software detects malware, viruses, worms, or any malicious codes, whether old or recently discovered, then blacklists, or blocks, them from accessing a computer or network.

Whitelisting enhances security as no unapproved applications, programs, or actions considered as potential threats are permitted. In other words, everything is considered a threat save those users who are explicitly named and allowed permissions.

What are the types of whitelisting?

Here are the three common types of whitelisting that organizations use:

Application: Only selected applications are allowed to run on the company’s protected computer devices and networks. 

Email: list of approved email addresses saves time checking the spam folder for emails from clients and business partners by only allowing permitted senders or domains into the Inbox. Email whitelisting also reduces instances of phishing, scamming, and bogus emails designed to steal sensitive information. 

IP address/IP domain: An administrator can whitelist IP addresses and IP domains, limiting user access to websites and applications. 

What are the advantages and disadvantages of whitelisting? 

Whitelisting helps improve an organization’s cybersecurity posture since it denies access to anything not included in the list. Malware payloads like keyloggers are less likely to infiltrate the system through approved applications, emails, or IP addresses. Additionally, whitelisting prevents insiders from installing programs to a protected computer and infecting the network with malicious codes or worms.

However, whitelisting imposes restrictions on the users, limiting the actions they can perform which can cause inconvenience for the user, and additional service requests to IT when access to an app, domain, or user falls outside the established limits of the whitelisting policy. But given the seriousness of the cybersecurity threats, whitelisting can be the first line of defense against cyberattacks. 

Another drawback of whitelisting is the amount of effort that must be expended by IT and security teams to establish and maintain the lists. The sites, applications, or programs on the whitelist must be carefully considered and regularly updated. Whitelisting often involves customizing an application’s settings, along with verifying the software vendor’s security policies to ensure that the application contains no malicious code.

What are examples of whitelisting software?

Windows 10 and macOS have built-in whitelisting functionality. For mobile devices, iOS and Android app stores whitelist applications certified as safe for use. Third-party vendors offer more granular controls. 

  1. AppLocker — Microsoft’s whitelisting application built for enterprise OS editions
  2. Kaspersky Whitelist — Features a collaborative hosting service
  3. PolicyPak — Helps protect on-premise and remote computers
  4. PowerBroker — A popular whitelisting tool for Windows, Linux, and macOS 
  5. Centrify Server Suite — Highlights the principle of zero-trust
  6. Defendpoint — Emphasizes enterprise network and endpoint security 

Whitelisting is not a foolproof cybersecurity strategy. Determined cybercriminals can still hack their way into your data through approved applications. But it can be of help as a core deterrent strategy to cybersecurity threats and ransomware attacks.

Kelvene Requiroso
Kelvene Requiroso is a writer and an enthusiast interested in the interplay between technology and everyday life. He writes for TechnologyAdvice, Baseline, eSecurity Planet, and Webopedia. Also a lover of science fiction and fantasy, he publishes an ongoing web novel series. He has previously worked with non-profits and non-government organizations in Manila, Philippines.

Top Articles

The Complete List of 1500+ Common Text Abbreviations & Acronyms

From A3 to ZZZ we list 1,559 SMS, online chat, and text abbreviations to help you translate and understand today's texting lingo. Includes Top...

Windows Operating System History & Versions

The Windows operating system (Windows OS) refers to a family of operating systems developed by Microsoft Corporation. We look at the history of Windows...

How to Create a Website Shortcut on Your Desktop

Website Shortcut on Your Desktop reviewed by Web Webster   This Webopedia guide will show you how to create a website shortcut on your desktop using...

Generations of Computers (1st to 5th)

Reviewed by Web Webster Learn about each of the 5 generations of computers and major technology developments that have led to the computing devices that...


A podcast is an episodic form of digital audio content that...


Upwork is one the most popular and biggest online platforms for clients and...

Headless CMS

A headless content management system (CMS) is a type of back-end content management...