What is Ethical Hacking?

Photo by NESA by Makers on Unsplash

In general, hackers can be divided into three general groups: white hats, black hats, and gray hats. White hats are ethical hackers, they use their skills to help defend a system from malicious users. Black hats are malicious hackers who use their skills for illegal or malicious purposes. Gray hats are those who stand in the middle of white and black hat hackers. They work offensively and defensively, but do not strictly stay to one side of the spectrum.

When a company wants to evaluate the security of their systems and products, they need someone who has a knowledge of how to attack computer systems. For this purpose, they will often hire penetration testers, or ethical hackers, to apply hacking skills to try to compromise their systems. An ethical hacker is a hacker who attempts to compromise a system, with the purpose of reporting vulnerabilities to the owner of the system. It is important to note that an ethical hacker will never seek to cause damage to a system, but rather demonstrate that a vulnerability exists without causing impact to the system.

The goal of an ethical hacker is to expose vulnerabilities that can cause an impact to confidentiality, integrity, and availability of a system. To understand this better, we can dive further into each of these attributes, often referred to as the CIA triad, to better understand what an attacker may attempt to do on a vulnerable, system. Attacks to confidentiality involve exposing sensitive user information to an attacker. Such information may include passwords, bank details, or biometric data. These types of attacks are what are typically seen in the news, when data breaches occur at companies. Integrity based attacks seek to change data that is owned by a user, even when an attacker should not be able to do this. Examples can include changing a victim’s password or altering invoice data. These types of attacks can result in significant loses to the victim. Finally, availability-based attacks seek to stop users from accessing a service for any amount of time. Examples include crashing a bank website to stop users from being able to access it to pay bills.

Attacks against the CIA triad are devastating for the victims they impact, which is the motivation for companies to actively locate and patch these issues. Ethical hackers think from the mindset of an attacker, actively seeking possible weak points, and creating exploits to show they are vulnerable. From the perspective of security, ethical hackers are some of the most important team members, since they can spot issues that an attacker may find and exploit.

The way a company enlists and utilizes ethical hackers can vary greatly depending on their application, resources, and budgets. Many companies will choose to have internal teams dedicated to testing and patching their products. Some companies may choose to setup bug bounty programs to pay ethical hackers for finding and reporting bugs in their software. All of these setups have their pros and cons, but ultimately, they achieve similar results. If a company can financially incentive skilled hackers to report issues to them, they can avoid costly breaches in their software.

The skillset of an ethical hacker is one that can be valuable to aspiring computer security experts, as well as software developers in general. If you learn to think like an attacker, you can better secure your applications against them.

Interested in learning more about Ethical Hacking? Until May 24, get 70% off course “An Introduction to Ethical Hacking with Kali Linux”. Available at: https://www.udemy.com/course/an-introduction-to-ethical-hacking-with-kali-linux/?couponCode=B8440C21E49CE5BBC36D

--

--

--

Computer programmer and computer security. Youtube tutorials at: https://www.youtube.com/channel/UC7KBXRtv-EkiOFsRtpBxIbg

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

{UPDATE} Guardians of Ancora Hack Free Resources Generator

ALL ABOUT SSRF (Server-side request forgery)

{UPDATE} Whats the Team?

WWW or Wild Wild West? The Web Turns Thirty

10 GIVE improvements over MSP

SQL Injection Attacks with BurpSuite

Connected World: It's all about IoT

Why we invested in Mask Network

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Scott Cosentino

Scott Cosentino

Computer programmer and computer security. Youtube tutorials at: https://www.youtube.com/channel/UC7KBXRtv-EkiOFsRtpBxIbg

More from Medium

Encode Msfvenom PowerShell payload with base64

AD Homelab Upgraded

Offensive-security | Proving grounds : Potato

Week 1: Introduction