One definition of White Hat hackers includes those individuals who perform security assessments within a contractual agreement. Although this definition works in most cases, there is no legal or ethical component associated with it. When compared to the definition of Black Hat, this omission becomes glaringly obvious. However, this is the definition that most people think of when they talk about White Hats and will work for our discussion.
Just like in the movies of the Wild West, White Hat hackers are considered the good guys. They work with companies to improve their client’s security posture at either the system or the network level, or finding vulnerabilities and exploits that could be used by a malicious or unauthorized user. The hope is that once a vulnerability or exploit is discovered by a White Hat, the company will mitigate the risk.
There is a constant argument over the question of who’s more capable – the Black Hat Hacker or the White Hat hacker. The argument goes something like this: The Black Hat hackers have the advantage because they do not have to follow any rules of engagement. Although this sounds valid, there are some issues that are ignored. The biggest one is education. It is not uncommon to find that most White Hat hackers are employed by companies with training budgets, or companies who encourage their employees to learn hacking techniques while on the job. This affords the White Hat the tremendous advantage over the Black Hat. Many of these training opportunities include the latest techniques used by malicious hackers who infiltrate corporate networks. In addition, those White Hat hackers who are employed for large organizations have access to resources that the Black Hat does not. This can include complex architectures using state-of-the-art protocols and devices, new technologies, and even research and development teams.
Despite these advantages, White Hat hackers often have restrictions placed on them during their activities. Many attacks can cause system crashes or, worse, data loss. If these attacks are conducted against real-world systems, the company could easily lose revenue and customers. To prevent these kinds of losses, White Hats must be very selective of what they do and how they do it. Often, only the most delicate scans or attacks can be used against production machines, and the more aggressive scans are relegated to test networks, which often do not truly replicate the real world. This is assuming that the test network even exists. It is not uncommon to find production systems that are so costly that it is not economically feasible to make multiple purchases simply to have the test network. In those types of cases, it is very difficult for a White Hat to know the true extent of the systems vulnerability or exploitability.
From a financial perspective, specializing in information security has been quite beneficial. Salaries have continued to rise because the federal requirements for auditing and security assessments have forced many companies to seek out individuals with the unique ability to conduct effective penetration tests. Long gone are the days when companies were content with basic Nessus scans, and nothing else. Today, security professionals are in demand, and companies realize that security isn’t simply a firewall or an antivirus software but a life cycle involving security policies, training, compliance, risk assessments, and infrastructure.