Ethical hacking is primarily used for penetration testing, which looks for the weak points in a computer system to identify security problems. Some forms of hacktivism, political activism conducted through hacking, may fall under the umbrella of ethical hacking as well. Such computer specialists work to address vulnerabilities to protect people and organizations from malicious behaviors on the Internet and across networks. They may do so with permission and by explicit request, in the case of penetration testing, although hacktivists typically act without securing permission first.
In penetration testing, an ethical hacker uses the same techniques a malicious person might, which include scanning the system, trying to get information out of employees, and so forth. The hacker can simulate attacks, plant fake files, and engage in other activities. Hackers want to find out where the vulnerabilities are and how they can be used. They might, for example, be able to show that it's possible to plant information on a network or to access confidential data.
The information collected during such testing can be used to tighten security. This may include closing programming loopholes as well as training personnel in some security procedures. Companies can take steps like setting up rollover servers to take over in the event of an attack, or creating a vigorous detection program for denial of service attacks to stop them in their tracks. Ongoing security monitoring can include continued ethical hacking attempts to confirm that the system is still working well.
Hacktivism takes many forms, but sometimes includes activities people may consider ethical hacking. For instance, a hacker could successfully penetrate a website, database, or network, and send a notice to the owners alerting them to the problem. In this case, the hacker's activities are not performed by request, but are done as a public service. There are legal liabilities for hackers who engage in such activities, as penetration attempts are usually illegal unless they are conducted by specific order from the owner of a site, system, or network.
Identifying security loopholes and providing suggestions on how to fix them requires the development of a broad range of computer skills. Some people who work as malicious hackers may later turn to private security consulting work, turning their experience to useful applications. Others may pursue advanced training to develop the skills needed to perform skillful and extensive penetration testing. Since attack methods are in a constant state of evolution, regular continuing education to keep up with what hackers are doing, as well as their methods, is an important aspect of ethical hacking.