White hat (computer security) | EPFL Graph Search

Are you an EPFL student looking for a semester project?

Work with us on data science and visualisation projects, and deploy your project as an app on top of GraphSearch.

A white hat (or a white-hat hacker, a whitehat) is an ethical security hacker. Ethical hacking is a term meant to imply a broader category than just penetration testing. Under the owner's consent, white-hat hackers aim to identify any vulnerabilities or security issues the current system has. The white hat is contrasted with the black hat, a malicious hacker; this definitional dichotomy comes from Western films, where heroic and antagonistic cowboys might traditionally wear a white and a black hat, respectively. There is a third kind of hacker known as a grey hat who hacks with good intentions but at times without permission. White-hat hackers may also work in teams called "sneakers and/or hacker clubs", red teams, or tiger teams. One of the first instances of an ethical hack being used was a "security evaluation" conducted by the United States Air Force, in which the Multics operating systems were tested for "potential use as a two-level (secret/top secret) system." The evaluation determined that while Multics was "significantly better than other conventional systems," it also had "... vulnerabilities in hardware security, software security and procedural security" that could be uncovered with "a relatively low level of effort." The authors performed their tests under a guideline of realism, so their results would accurately represent the kinds of access an intruder could potentially achieve. They performed tests involving simple information-gathering exercises, as well as outright attacks upon the system that might damage its integrity; both results were of interest to the target audience. There are several other now unclassified reports describing ethical hacking activities within the US military. By 1981 The New York Times described white-hat activities as part of a "mischievous but perversely positive 'hacker' tradition". When a National CSS employee revealed the existence of his password cracker, which he had used on customer accounts, the company chastised him not for writing the software but for not disclosing it sooner.

About this result

This page is automatically generated and may contain information that is not correct, complete, up-to-date, or relevant to your search query. The same applies to every other page on this website. Please make sure to verify the information with EPFL's official sources.

Related concepts (10)

Related courses (6)

Related lectures (7)

ENG-631: SciFilmIt Hackathon

The SciFilmIt Hackathon brings unique and meaningful experiences to students, researchers and artists. Over three days, participants will work together to hack science communication to the public usin

COM-506: Student seminar: security protocols and applications

This seminar introduces the participants to the current trends, problems, and methods in the area of communication security.

COM-301: Computer security

This is an introductory course to computer security and privacy. Its goal is to provide students with means to reason about security and privacy problems, and provide them with tools to confront them.

Security Design Principles: Preliminaries

Covers basic security concepts, adversarial thinking, security mechanisms, and responsible conduct in security design principles.

Zero Days Vulnerability: Security Breaches on Personal Devices

Explores zero days vulnerability, ethical hacking, cyber attacks, and defense strategies against cyber threats.

Information Security: Communication, Calculation, Threats

Explores information security in communication, calculation, and digital threats, emphasizing data protection and access control.

Security hacker

A security hacker is someone who explores methods for breaching defenses and exploiting weaknesses in a computer system or network. Hackers may be motivated by a multitude of reasons, such as profit, protest, information gathering, challenge, recreation, or evaluation of a system weaknesses to assist in formulating defenses against potential hackers. Longstanding controversy surrounds the meaning of the term "hacker.

White hat (computer security)

Vulnerability (computing)

Vulnerabilities are flaws in a computer system that weaken the overall security of the device/system. Vulnerabilities can be weaknesses in either the hardware itself, or the software that runs on the hardware. Vulnerabilities can be exploited by a threat actor, such as an attacker, to cross privilege boundaries (i.e. perform unauthorized actions) within a computer system. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness.