Forum Thread: My Question About PenTesting

My Question About PenTesting

So I've been having the question in my head for a while.

The tutorials on this forum that show how to hack. If used in real life, are they legal?

What confuses me is that WhiteHats are the good-guys and are called "Hackers", and the bad guys are "Crackers". But from reading news found online, they always say "Hackers did X, and stole Y data".

But from Googling, I found:

WhiteHats are the GoodGuys, who find vulnerabilities in apps/sites and report them to that app/site's owner and suggests how to fix it.

So my question is, how does a whiteHat get allowed to PenTest legally?

I want to be a whiteHat, I read many of OTW's tutorials, but never actually tried them because I don't want to mess up and end up doing something bad.


(also, I'm sorry if some of what I wrote didn't make sense. I was writing asking about legalities, then another question popped up, and I started writing on that too...Hopefully you can understand what I wrote. If not, I'll try to explain. Sorry about that...)

8 Responses

this definition, i mean "black hat VS white hat" = good guys VS bad guys is a broad and inconsistent definition. a black hat hacker is not necessarily a bad guy...anyway, if you want to practice hacking, you can do that on your LOCAL NETWORK by installing different systems on virtualbox...that way everything is legal. As for white hats, they're either hired by companies to hack systems and check for vulnerabilities with the total consent of the hiring company, or ALLOWED to search for exploits and report them to get rewarded (for example facebook bounty hunter program)

crackers are different from hackers ... both black hat and white hat and grey hat etc all called hacker only what they do and auth they get and what they do with data they get is different.

but been white hacker you need to have very very good understanding of codes and tricks you cant just be hacker by watching tutorials they help but you need learn coding first and then use tools ;)

First of all, hackers are security "lovers" or researchers or whatever, while crackers are people that commit piracy.

The difference between white hats, grey hats and black hats is in why they hack?: white hats hack to help others, to improve the security of a system, and cause they like it; black hats hack for their own and only benefit; and grey hats are something like neutral and/or present charateristics of black and white hats.

Grey hats are people who do illegal hacks for a good cause. example: hacktivists (Anonymous).


As other people have already said. White hatters have to do things legally. For example my college has given me and a couple other trustworthy people permission to poke around, nothing too serious but enough that I would consider it a 'pentest' at least that is how I think of it because it is experience and the admin tells us when we trip off an IDS or something.

Apart from the moral facts, a security expert is engaged when a company asks him to review their code/product/environment informational security.

Don't worry, as far as you are just testing, nothing is illegal. These techniques might put you in a bad position if damaging somebody else's privacy. It might sounds scary, but by the time you will be able to bypass common protections, the aim of which is also to preventi being hacked by those with little legal comprehension, you will now where to stop.

White hat hackers have rules because that's what they do. For example, they can't share private data they find during pentest if not in particolar conditions. Sometimes the limits make your freedom.

Pentesters have scopes which can limits methods, or servers and such.

Read my article here. It explains the differences between the different types of hackers.

If you want to develop your skills, it's best to do it in a controlled environment by using a virtual lab. Another good way is to participate in bug bounties put out by various companies.


Share Your Thoughts

  • Hot
  • Active