Ready to Start Your Career?

What is the Role of a White Hat Hacker?

Alfie 's profile image

By: Alfie

February 8, 2017

white-hat-hackerBreaches. Breaches. In the past two years, we have read, witnessed or even been affected by attacks even on some fortune 500 companies. The attacks have become sophisticated, notorious and devastating. This calls for advanced blue team efforts which should be focused and relentless. For all we know, the attacker is always ahead.Most companies I have interactions with have resulted to having internal bug bounty programs / managed by the likes of Hackerone, Bugcrowd, etc. But what happens to the rest of the companies /organizations without the not-so-forward-looking CISOs and CIOs? To be honest there is no company that can wholly manage and contain the numerous vulnerabilities / zero days that potentially affect their infrastructure. Having worked with numerous companies, I can say this for a fact.So, here comes the whitehat. According to searchsecurity, a whitehat "describes a hacker (or, if you prefer, cracker) who identifies a security weakness in a computer system or network but, instead of taking malicious advantage of it, exposes the weakness in a way that will allow the system's owners to fix the breach before it can be taken advantage by others (such as black hat hackers.) Methods of telling the owners about it range from a simple phone call through sending an e-mail note to a Webmaster or administrator all the way to leaving an electronic "calling card" in the system that makes it obvious that security has been breached."The Role of the Organization:I have sampled a few of the responses I have got after highlighting some vulnerabilities to some organizations. See below:[caption id="attachment_85733" align="aligncenter" width="720"]a Image A[/caption]
[caption id="attachment_85731" align="aligncenter" width="720"]Image B Image B[/caption]
[caption id="attachment_85732" align="aligncenter" width="720"]Image C Image C[/caption]From the sample above we can see a) commitment b) disdain/arrogance c) arrogance perhaps? To be honest, I can say I am lucky that I got a response. Many times we don't. I will leave you to guess which of the three responses above recently ( 3 weeks back) got breached :-)Conclusion:To my fellow white hats, let's keep the spirit - responsible disclosure. Never tire. Make the internet safe(r) one CVE at a time....Part Two on the way 
Schedule Demo