White Hat Hackers:
White hats are known as the “good guys.” White hats use their knowledge in security to help improve systems, whether at the organization they’re employed at or through bug bounties. They’re the best at both defense and offense, because one of the white hats main struggles is staying ahead of all the other kinds of hackers.
Black hats are the bad guys, the ones that give the term ‘hacker’ a bad name. Black hats hack for their own personal and financial gain, with no regard to legality or moral parameters. Black hat hackers work hard to find vulnerabilities that will get them the highest payload, and they’re often very skilled at it, so it’s the white hats’ job to stay ahead of them.
Much like the rest of the world, there’s a group of hackers that hang somewhere between good and ‘evil’. Gray hats don’t hack for personal or financial gain like black hat hackers, yet they may hack using illegal and nefarious methods. However, instead of exploiting a database to make money, they may exploit a vulnerable database and publically disclose the data and vulnerability, as a way to ‘shame’ the organization or because they believe it’s for the better good. Or they may not use the exploit at all, either responsibly disclosing to the organization or, if they don’t like the way a company responds to their disclosure, they may publicly disclose the vulnerability. Watch Mr. Robot? Elliot, the main character, is described as a gray hat, even though he also works as a white hat in his day job.
Script kiddies is the term usually given to wannabe black-hats that don’t necessarily know what they’re doing or what their endgame is. Script kiddies are basically hackers-in-training – they could still go to the light side, but they’re headed down the path to the dark side. Their main goals are to gain a name for themselves among their fellow hackers, and they’re willing to do some risky things that they aren’t quite sure what the outcome will be.
A 2005 report from Carnegie Mellon‘s Software Engineering Institute had this to say about Script Kiddies: “The typical script [kiddie] uses existing and frequently well known and easy-to-find techniques and programs or scripts to search for and exploit weaknesses in other computers on the Internet—often randomly and with little regard or perhaps even understanding of the potentially harmful consequences.”
Hacktivists hack to make a point, with the majority of concern given towards bringing to light trespasses on human rights, freedom of speech or freedom of information. The most notorious hacktivist group is Anonymous, famous for their many DDoS attacks on religious, government and corporate sites who they deemed as needing to be put in place for their transgressions. Hacktivists can operate as black hats, gray hats, and also script kiddies trying to get into a hacking group.
Sign up today & never miss an update from the Checkmarx blog
Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.
Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.