Ethical Hacking Unveiled
The term ‘ethical hacker’ is often misrepresented as the keywords "ethical" and "hacking" are an oxymoron. A hacker is defined as an unlawful individual breaking into systems and obtaining private data without explicit authorisation. Society in general has a perception of a hacker as a person wearing a hoodie and hiding in a dark basement.
On the other hand being ethical seemingly contradicts this as it is defined by having moral principles of right and wrong, which govern the conduct. Joining the two words together can cause confusion because of the contradiction, however these words perfectly define what a penetration tester does. I have found that when introducing myself as an ethical hacker, I am usually confronted with a chuckle followed with a question; how can a hacker be ethical? By the end of this article, I hope to shed greater light on the subject and bring to life how important and necessary ethical hackers are to the community and show how a hacker can be ethical.
An ethical hacker is a computer and network expert who attacks a security system on behalf of its owners, seeking vulnerabilities that a malicious person could exploit. To test a security system, an ethical hacker uses the same methods as their less principled counterparts but they report problems instead of taking advantage of them in order to help remediate and close any potential risks.
An ethical hacker is sometimes called a white hat, a term that comes from old Western movies, where the "good guy" wore a white hat and the "bad guy" wore a black hat. Effectively the main difference between a "white hat ethical hacker" and a "black hat hacker" is that they both have exactly the same technical skill competencies however, one has good morals and are genuinely interested in helping organisations close any security flaws to stop the bad guys getting in.
So we reach the question, "why contract an ethical hacker (penetration tester)"? Well the answer is simple, would you rather an ethical person help you find any vulnerabilities and to help fix them or would you rather a bad guy find them for you. The reality is the bad guys WILL and DO find them sooner or later! I have conducted many penetration tests and rarely have I found a completely secure environment or application.
In today’s fast-paced business world and the rapid advancement of technology, it is hard to install, maintain and completely secure any environment due to a multitude of variables. This is where a good pen testing company can come in and support the business by "ethically hacking" into systems, finding the vulnerabilities, exploiting them to demonstrate what damage a malicious person could do and produce a professional report, which highlights risks and offers a corresponding mitigation strategy.
As you can see the term ‘ethical hacker’ is defined exactly as it states; an ethical person hacking into systems to help protect information for the greater good.
On a final note let me quote Sun Tzu from his book the art of war where he states, "You don’t defeat your enemy without knowing him".