ethical hacking

What is ethical hacking?

Ethical hacking is an authorized attempt to gain unauthorized access to a computer system, application, or data. Carrying out an ethical hack involves duplicating the strategies and actions a malicious attacker would use.

‍

What is the purpose of ethical hacking?

Ethical hacking helps to identify security vulnerabilities which can then be fixed before a malicious attacker can exploit them.

As well as identifying vulnerabilities, ethical hackers will provide advice on how to fix any vulnerabilities or mitigate any risks. In many cases, with the organization’s consent, the ethical hacker will then perform a re-test to ensure the vulnerabilities are fully fixed and any issues resolved.

‍

How is ethical hacking different from malicious attacking?  

Also known as “white hats,” ethical hackers have prior approval from the customer, organization or owner of the IT asset to test the security of the target organization. They provide an essential service by looking for vulnerabilities that can lead to a security breach.

Examples of ethical hacking roles are penetration testers and bug bounty hunters. In both cases, a customer engages the professional and provides them with a ‘scope’ upon which they are given authorization to attempt to gain access and exploit weaknesses.

This allows the professional to legally perform hacking techniques within a framework set up and agreed in advance between both parties – an ‘ethical’ way to hack, as opposed to the unethical and illegal type of hacking which malicious attackers engage in.

‍

Looking to learn more about ethical hacking? Check out our guide to choosing a penetration testing vendor.