I guys, a bit of context before going into what is a white hacker. 

So working full time as a software engineer, I am often exposed to software security issues. 

This can be: 

  • potential vulnerabilities issue from an old javascript library from your applications, 
  • Denial of service attack from a botnet attack
  • A possible exploit in one of your backend API. 
  • A SQL injection in your web app
  • A cross-site scripting request forgery

So all of these threats can range from very very dangerous to not dangerous at all depending on the likely hood to be exploited and the risk caused by the vulnerability. 

No matter the likelihood and risk it is important to not underestimate how dangerous it can be and make sure to do a proper assessment before classifying it. 

Now going into the root of the  subject: What is a white hacker:

A white hacker is often someone that is working on its own, independent of any company.

Their main focus is to test out all the website and apps on the web in search of security vulnerability

At this point, you will think that it is almost the same thing as a normal hacker, and you’re right 😉

The main difference goes into the intention behind what they are doing. 

The white hacker goal is to disclose privately the vulnerability to the owner of the website, with the intention of helping them to fix the issue, in exchange for a bounty ($$)

This concept is getting more and more popular for anyone who is building software & apps.

Companies nowadays use the “white hacker” concept as a way to improve the security of their own systems.

Imagine having 5-10 external person who is constantly trying to hack into your systems and be able to proactively find vulnerabilities before it goes in the hand of real hacker 😉

So this was my way to give you an overview of what is white hacking. 

Let me know what you think about that. 

If you would like to know more about this for yourself or the cie you are working for, simply drop a line in the comments below:

Later!