The field of ethical hacking is increasingly popular, and I'd like to know more about what it actually is. Can...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
you tell me what an ethical hacker does, what skills he or she needs, and what it means (generally speaking) throughout the industry to be an "ethical" hacker, as opposed to unethical?
One of the most critical differences between an ethical hacker and an unethical hacker is that ethical hackers have been given prior authorization by a system or network owner to aggressively seek out vulnerabilities. (Without prior authorization, most hacking activity is illegal.)
An ethical hacker tries to attack a system like a criminal would attack a system, but the ethical hacker is authorized to evaluate the security of the system and will report his or her findings to the organization so vulnerabilities can be remediated rather than exploited. When considering how to learn ethical hacking, the skills needed will depend on the system or the application under evaluation, but typically require complex technical knowledge of the inner workings of protocols or systems to be able to identify exploitable vulnerabilities.
An unethical hacker, or black hat, will attack a system for his or her personal gain and exploit vulnerabilities to steal sensitive data, install malicious software or other actions, generally with the purpose of making money. Black hats may identify new vulnerabilities in the course of their work, but do not share the details of the vulnerability with the organization under attack or the party responsible for the software; they exploit the vulnerability for their own illicit gain, or sell the knowledge so others can.
The idea of an ethical hacking career has significantly risen in popularity over the last couple years, in part because of the high-profile status in the security community of people who find significant security vulnerabilities, along with the PCI DSS requirement for penetration testing, a form of ethical hacking.
Dig Deeper on Security Testing and Ethical Hacking
Related Q&A from Nick Lewis
The remote administration Ammyy Admin software was repeatedly found to be spreading different types of malware. Expert Nick Lewis explains how ...continue reading
The Keydnap malware has the ability to steal passwords stored in the Keychain Access app on Mac systems. Expert Nick Lewis explains how to mitigate ...continue reading
The CryptXXX ransomware has been spreading through compromised legitimate websites that redirect to malicious sites. Expert Nick Lewis explains how ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.