Questions tagged [white-hat]
White hat hacking (aka "ethical hacking", or "penetration testing") is the act of attacking a computer security system for the purpose of finding and fixing vulnerabilities. It is the opposite of black hat hacking.
13
questions
1
vote
1
answer
160
views
Impact of port scanning on the web domain itself
I was learning about port scanning and I understand, what, why and how.
However, I do not understand why a Bug Bounty hunter or a penetration tester (strictly for web app assessment) would run a port ...
1
vote
1
answer
143
views
Does black hat always equal illegal? [closed]
I often hear of black-hat hacking discussed as if it was synonymous with illegal hacking. In other words, an act of hacking is black-hat iff it is illegal. Our own tag wiki for black-hat defines it as ...
53
votes
3
answers
14k
views
Could bug bounty hunting accidentally cause real damage?
If an application's code contains even minor and subtle inaccuracies, it can open up the entire database to SQL injection. In this example (see section 'Delete All Method'), the entire Users table ...
0
votes
1
answer
153
views
Understanding a Burp Capture
I am thinking of taking up ethical hacking as a hobby. So, I installed Burp Suite Community Edition and set it up with Firefox. I opened Instagram and tried to login with these details (just for ...
0
votes
2
answers
315
views
White hat hacker asks for account to do penetration tests
Our company has online app that requires to create a business account. Yesterday some suspicious accounts were made and our system automatically blocked the account creators and ip addresses.
And ...
83
votes
5
answers
23k
views
How to proceed with a white-hat hacker claiming a vulnerability?
I am a security member of a small company which recently got contacted by someone claiming to be a Hackenproof member.
They were reporting on our website being indexed by googlebot (metadata, thin ...
1
vote
0
answers
90
views
Does application security assessments done using SaaS solutions (WhiteHat Sentinal and Fortify on Demand) count as penetration tests?
SaaS security solutions such as "WhiteHat Sentinal" and "Fortify on Demand"
are getting popular now a days. Methodologies of both describe them involving manual verification. Does this qualify the ...
29
votes
9
answers
10k
views
How can an administrator secure against a 0day before patches are available?
I'm working on a thesis about the security hacker community.
When a 0day is published, how can an administrator secure his application/website between the time the 0day is published and the patch is ...
0
votes
1
answer
505
views
White hat "ethical" hacking legality
I was preparing a presentation on White hat hackers and ethical hacking, I organized it this way at the moment:
This mindmap is a draft version, of the final thing. By defense, I meant security ...
0
votes
2
answers
179
views
What is the responsible thing to do when I care about a vulnerability more than the team behind the system? [duplicate]
I've encountered a security vulnerability in a website. The website is that of a leading brand in it's industry. There are user accounts etc. and this website is very popular.
I've contact multiple ...
5
votes
3
answers
4k
views
What is an 'Orange team'?
I heard that Google had an unofficial 'Virtual' team called the Orange Team that consisted of staff from outside the official security team, who engaged in a range of white hat activities to both ...
39
votes
4
answers
11k
views
Is demanding a "donation" before disclosing vulnerabilities black hat behavior? [closed]
We have been contacted by an "independent security researcher" through the Open Bug Bounty project. First communications were quite OK, and he disclosed the vulnerability found. We patched the hole ...
0
votes
1
answer
433
views
Penetration Testing Methodologies
I have some issues regarding the concept of black, grey and white hat.
Where and in what penetration testing methodology I can find the black, grey or white hat concept definition?