Ethical hacking and ethical hacker are terms used to describe hacking
performed by a company or individual to help identify potential threats
on a computer or network. An ethical hacker attempts to bypass system
security and search for any weak points that could be exploited by
malicious hackers. This information is then used by the organization to
improve the system security, in an effort to minimize or eliminate any
potential attacks.
Before commissioning an organization or individual, it is considered a best practice to read their service-level and code of conduct agreements covering how testing will be carried out, and how the results will be handled, as they are likely to contain sensitive information about how the system tested. There have been instances of "ethical hackers" reporting vulnerabilities they have found while testing systems without the owner's express permission. Even the LulzSec black hat hacker group has claimed its motivations include drawing attention to computer security flaws and holes. This type of hacking is a criminal offence in most countries, even if the purported intentions were to improve system security. For hacking to be deemed ethical, the hacker must have the express permission from the owner to probe their network and attempt to identify potential security risks.
What constitutes ethical hacking?
In order for hacking to be deemed ethical, the hacker must obey the following rules:- Expressed (often written) permission to probe the network and attempt to identify potential security risks.
- You respect the individual's or company's privacy.
- You close out your work, not leaving anything open for you or someone else to exploit at a later time.
- You let the software developer or hardware manufacturer know of any security vulnerabilities you locate in their software or hardware, if not already known by the company.
Before commissioning an organization or individual, it is considered a best practice to read their service-level and code of conduct agreements covering how testing will be carried out, and how the results will be handled, as they are likely to contain sensitive information about how the system tested. There have been instances of "ethical hackers" reporting vulnerabilities they have found while testing systems without the owner's express permission. Even the LulzSec black hat hacker group has claimed its motivations include drawing attention to computer security flaws and holes. This type of hacking is a criminal offence in most countries, even if the purported intentions were to improve system security. For hacking to be deemed ethical, the hacker must have the express permission from the owner to probe their network and attempt to identify potential security risks.