Why Use Ethical Hacking?

Why pay someone to hack into your own application or website? To expose its vulnerabilities. Any law enforcement officer will tell you that to prevent crime, you should think like a criminal. To test a security system, ethical hackers use the same methods as their malicious brethren, but report problems uncovered to their client instead of taking advantage of them. Ethical hacking is commonplace in the Federal government, where the practice initiated in the 1970s, and many large companies today employ white hat teams within their information security practice. Other online and internet slang terms for ethical hackers include “sneakers,” red teams and tiger teams. Computer programmers can even learn ethical hacking techniques from a variety of certification authorities.
In the world of application security, online ethical hacking takes the form of penetration testing. “Pen tests” are performed in as realistic scenarios as possible to ensure that the results accurately mimic what an intruder could potentially achieve. Manual application testing employs human experts – ethical hackers – who attempt to compromise the app and report what they find. Typically, a variety of tests are performed, from simple information-gathering exercises to outright attacks that would cause damage if actualized. A full blown ethical hack might even include social engineering techniques such as emailing staff to dupe them into revealing passwords and other account details.