Ethical hacking is the identification and exploitation of security vulnerabilities for the purpose of improving an organisation’s cyber security. Ethical hacking helps organizations improve their security status by uncovering exposures that are beneath the surface and providing support to address them.

An ethical hacker, also commonly referred to as a white hat hacker, is a cyber security professional entrusted to perform ethical hacking assessments. Certified ethical hackers possess a comprehensive understanding of the tactics and techniques that malicious ‘black hat’ attackers use and leverage this knowledge to ensure that ethical hacking assessments accurately reflect real-life adversarial approaches.

The term ethical hacking is used to describe a broad range of assessment types. From penetration tests performed over a matter of days, to red team operations conducted over weeks and months, ethical hacking engagements vary significantly in scope, duration and price.

Although ethical hacking is sometimes used interchangeably with penetration testing, there are some important differences.

Ethical hackers may get involved in tactics beyond penetration testing. For example, they might choose to test defenses against social engineering techniques by encouraging employees to reveal sensitive business data or log-in credentials.

On the other hand, penetration testing is focused solely on assessing one or a few network vulnerabilities that organizations may have.

Ethical hackers can be independent freelance consultants, employed by a firm that specializes in simulated offensive cybersecurity services, or they can be an in-house employee protecting a company’s website or apps. Knowledge of current attack methods and tools is a requirement across these employment options, however, the in-house ethical hacker may be required to have an intimate knowledge of only a single software or digital asset type.