My Question About PenTesting
So I've been having the question in my head for a while.
The tutorials on this forum that show how to hack. If used in real life, are they legal?
What confuses me is that WhiteHats are the good-guys and are called "Hackers", and the bad guys are "Crackers". But from reading news found online, they always say "Hackers did X, and stole Y data".
But from Googling, I found:
WhiteHats are the GoodGuys, who find vulnerabilities in apps/sites and report them to that app/site's owner and suggests how to fix it.
So my question is, how does a whiteHat get allowed to PenTest legally?
I want to be a whiteHat, I read many of OTW's tutorials, but never actually tried them because I don't want to mess up and end up doing something bad.
(also, I'm sorry if some of what I wrote didn't make sense. I was writing asking about legalities, then another question popped up, and I started writing on that too...Hopefully you can understand what I wrote. If not, I'll try to explain. Sorry about that...)