[3][4] Under the owner's consent, white-hat hackers aim to identify any vulnerabilities or security issues the current system has.
"[10] The authors performed their tests under a guideline of realism, so their results would accurately represent the kinds of access an intruder could potentially achieve.
They performed tests involving simple information-gathering exercises, as well as outright attacks upon the system that might damage its integrity; both results were of interest to the target audience.
When a National CSS employee revealed the existence of his password cracker, which he had used on customer accounts, the company chastised him not for writing the software but for not disclosing it sooner.
The letter of reprimand stated "The Company realizes the benefit to NCSS and encourages the efforts of employees to identify security weaknesses to the VP, the directory, and other sensitive software in files".
"[12][13] The idea to bring this tactic of ethical hacking to assess the security of systems and point out vulnerabilities was formulated by Dan Farmer and Wietse Venema.
Their program called Security Administrator Tool for Analyzing Networks, or SATAN, was met with a great amount of media attention around the world in 1992.
A full-scale ethical hack might include emailing staff to ask for password details, rummaging through executive dustbins, usually without the knowledge and consent of the targets.
[16] Commentators described the change as creating a "dual purpose" in which white hat activity also serves the country's intelligence agencies.
Therefore, a good "white hat" could bring unexpected benefits in reducing the risk across systems, applications, and endpoints for an enterprise.