By DeVry University
November 2, 2022
8 min read
November 2, 2022
8 min read
Ethical hacking involves the authorized attempt to gain access to computer systems, applications or data by duplicating the strategies and methods that would be used by a malicious hacker. Also known as penetration testing, the practice has been established to test an organization’s cyber security methods and safeguards, as well as identify security vulnerabilities that can be addressed and resolved before a malicious hacker can exploit them.
An ethical hacker is a cyber security professional with in-depth knowledge of computer systems, networks and security. They should be well-versed in potential threats and vulnerabilities that can hack – or bring down – organizational systems.
Test password strength
Penetration test after software updates or a new security patch
Test the validity of authentication protocols
Ensure data communication channels cannot be intercepted
Deterring threats from malicious hackers is often a top priority of corporate, e-commerce, banking and financial systems operators who need to ensure customer data – like birthdays, payment information and passwords – are protected. Without this protection, successful cyberattacks can result in catastrophic results – including loss of data, fines and other penalties, lost revenue and diminished consumer confidence.
As more aspects of our lives involve online transactions, the internal systems, software and servers required to make it all run smoothly remain vulnerable to cyberattacks. For this reason, institutions, such as those who handle sensitive electronic medical records, have made cyber security measures a vital component of their risk management strategies.
According to a report from the cybersecurity firm Sophos, 66% of healthcare organizations were hit by ransomware attacks last year, demonstrating that adversaries are becoming “considerably more capable at executing the most significant attacks at scale,” and that the complexity of the attacks is growing, according to the report.
White hat hackers
These are the “good guys.” Also known as ethical hackers, white hat hackers assist government and business organizations by performing penetration testing and identifying cyber security flaws. Breaking into systems with good intentions, they use a variety of techniques to uncover vulnerabilities attackers would exploit with malicious intent and help the host organization’s IT department remove viruses and malware.
Black hat hackers
Typically motivated by a payday through ransomware or other dishonest means, black hat hackers, on the other hand, are the cybercriminals against which every network-dependent organization must defend itself. These malicious hackers look for flaws in individual computers and or public institutions. They hack into their networks to gain access to valuable or highly sensitive personal, business and financial information, exploiting any loopholes they find. Some black hat hackers deface websites or crash backend servers for fun, to damage a business’s reputation or cause them financial loss.
Gray hat hackers
These individuals, as the name implies, fall somewhere in the middle. While many don’t use their skills for personal gain, they can have either good or bad intentions. A gray hat might, for example, hack into an organization’s system, find a vulnerability and leak it online to inform the organization about it. This well-intentioned effort, however, can then be seen and exploited by a malicious hacker.
Application software database servers generate web information in real-time, so attackers use gluing, ping deluge, port scan, sniffing attacks and social engineering techniques to grab credentials, passcodes and company information from web applications. This is accomplished in many cases by preying on human nature to trick people into divulging sensitive information.
Email “phishing” schemes
One example of this type of attack is email “phishing” to trick individuals who are connected to corporate networks into changing their passwords or downloading files containing malicious code.
Wireless Network Vulnerabilities
Wireless networks are also vulnerable. By setting up a fake network with a name resembling that of a familiar and trusted one, let’s say at the local coffee shop, a hacker can easily gain passwords, credit card numbers and other sensitive personal information from unsuspecting internet users.
To thwart cyberattacks like these, ethical hackers will perform reconnaissance and gain as much information as possible about an organization’s IT assets. Their next step will be to use defensive measures like password busting, privilege escalation, malicious software construction or “packet sniffing” to uncover vulnerabilities or weak links in the information system chain or loopholes in network security systems and use the same tactics a malicious hacker would deploy to exploit those vulnerabilities.
Some of the vulnerabilities ethical hackers uncover include:
Use of components with known vulnerabilities
Sensitive data exposure
After testing, ethical hackers will prepare detailed reports that include steps to patch or mitigate the discovered vulnerabilities.
Knowledge of scripting languages
Proficiency in operating systems
Deep understanding of networking
A solid foundation in the principles of information security
After acquiring the basic skills, ethical hackers may choose to specialize their skills and focus in specific areas.
According to CSO, many ethical hackers become professionals in this field by obtaining formal training or by earning certifications. The EC Council’s Certified Ethical Hacker (CEH) course can be taken online or in-person with an instructor and contains 20 different subject domains, including common hacking subjects and modules on malware, wireless, cloud and mobile platforms.
The Offensive Security Certified Professional (OSCP) course and certification is another option you might consider pursuing.
At DeVry, our Undergraduate Certificate in Cyber Security can help you prepare to pursue a career as a cyber defender, securing sensitive data and protecting organizations against data breaches. The courses in our 100% online certificate program will teach you how to design strategies to protect information, infrastructure and brands against the threat of cyberattacks.
Some courses within our curriculum may also help you prepare to pursue industry-relevant cyber security certifications like:
CompTIA A+ -
Earned after passing two exams designed by IT professionals. This certification focuses on troubleshooting, hardware, operating systems and networks.
CompTIA Cloud+ -
A globally recognized certification that confirms an individual's ability to troubleshoot, set up and manage cloud computing systems securely.
CompTIA LINUX+ -
Designed for professionals that use the Linux operating system to manage networks and devices, this certification is particularly useful for carefully managing each aspect of a system or network.
Their first responsibility is to keep their activities legal by obtaining proper approvals before accessing systems or performing a security assessment.
Ethical hackers must also determine the scope of the assessment to ensure their work remains within well-defined boundaries approved by the client organization.
They must notify the client organization of all vulnerabilities discovered during their assessment and provide advice for resolving these vulnerabilities.
Finally, the ethical hacker must respect data sensitivity and may have to sign a non-disclosure agreement or comply with other terms and conditions the client organization stipulates.
Penetration testers are typically part of an organization’s risk management team. They look for loopholes and vulnerabilities, and help reduce risk by showing management and IT department leaders areas that are likely to be attacked and the different ways in which a security breach might take place. To do this effectively, they must also take the necessary steps to obtain in-depth knowledge of the organization they wish to “hack” and think like a malicious hacker who would steal confidential data or lock authorized users out of the system until a ransom is paid.
A partial list of an ethical hacker’s job responsibilities may include:
Meeting with organization management to review security systems currently in place
Verifying the organization’s system, network topology and vulnerable entry points
Performing penetration testing on the system
Identifying and documenting security flaws and vulnerabilities
Testing the level of information security in the network
Determining the best security solutions
Documenting findings and submitting penetration test reports
Repeating penetration testing after implementation of new security features
Researching alternatives to security features that aren’t working
1Growth projected on national level. Local growth will vary by location. https://www.bls.gov/ooh/computer-and-information-technology/information-security-analysts.htm
Degrees & Programs
Tuition & Financial Aid
In New York, DeVry University operates as DeVry College of New York. DeVry University is accredited by The Higher Learning Commission (HLC), www.hlcommission.org. The University’s Keller Graduate School of Management is included in this accreditation. DeVry is certified to operate by the State Council of Higher Education for Virginia. Arlington Campus: 1400 Crystal Dr., Ste. 120, Arlington, VA 22202. DeVry University is authorized for operation as a postsecondary educational institution by the Tennessee Higher Education Commission, www.tn.gov/thec. Lisle Campus: 4225 Naperville Rd, Suite 400, Lisle, IL 60532. Unresolved complaints may be reported to the Illinois Board of Higher Education through the online compliant system https://complaints.ibhe.org/. View DeVry University’s complaint process https://www.devry.edu/compliance/student-complaint-procedure.html Program availability varies by location. In site-based programs, students will be required to take a substantial amount of coursework online to complete their program.
© DeVry Educational Development Corp. All rights reserved.