You are here: Encyclopedia > Encyclopedia Part 4 > What is a White Hat?
What is a White Hat?
Ethical hackers—which are more popularly known as white hats, white hat hackers, sneakers, or even white knights—are information and cyber security specialists who are well-versed in system examination, penetration testing, and many other network analysis approaches that guarantee the safety and integrity of many a company's information system. The sneakers appellation in particular refers to white hats who are actually employed by companies or organizations as network security professionals of sorts.
In fact, the National Security Agency (NSA) offers certifications to these hackers such as the CNS 4011, which covers professional and principled hacking techniques and team management. On that note, an entire group of these experts are referred to by the CNS 4011 as red teams or tiger teams if they're acting as aggressors or invaders, and as blue teams if they're acting as defenders or patch makers.
These network security researchers and specialists may use a multitude of approaches in order to implement their different penetration or system integrity tests, which may include hacking tools, social engineering tactics, and attempts to avoid standard security measures in order to obtain access to supposedly secured areas for the sake of finding weaknesses in a given safeguarding scheme.
What's more, a white hat mainly breaches security for good-intentioned and non-malicious ends; for example, white hats are usually assigned by a company or vendor in order to test the strength of its security system. These are the type of hackers that enjoy the never-ending pursuit of knowledge and improving the overall capabilities of applications and operating systems by picking them apart and putting them back together again.
The white hat's talent in penetrating systems and bypassing security protocols are mostly used for the betterment of these very programs and databases, so they usually end up becoming legitimate professionals or consultants in the cyber or IT security industry. In fact, the word "hacker" used to include ethical hackers in its definition until pop culture popularized the infamous image of malicious hacker invaders as the only true "hackers". Of course, a hacker may not be someone involved with data or network security at all, which just goes to show how complicated and all-encompassing the term truly is.
A hacker's stance on proper disclosure of security vulnerabilities further disambiguates him from being a black hat, white hat, or grey hat as well. More to the point, a white hat is willing to create and publish exploits to demonstrate how critical a flaw is, which will in turn force the vendor to work with him in order to correct the security hole instead of letting it languish until an enterprising black hat actually bothers to take advantage of it. The ethical hacker's ultimate objective is to make systems safer, even to the point of "blackmailing" a developer to release a patch through the possibility of public disclosure.