Would you lay out the welcome mat for hackers?


Date: 19 September 2011

Two hackers sitting at a computer{{}}

Would you be happy setting a hacker loose? (Image: John.E.Robertson on Flickr.)

The idea of willingly inviting hackers to break into your company website or server may seem odd. However, if the intentions of the hacker are good and they don’t intend to use what they find to exploit your business, it can be an effective way to identify and seal up weaknesses in your IT security.

White-hat hacking hits the news

The practice of ‘white-hat hacking’ hit the news recently with the launch of Facebook’s Bug Bounty programme. This offers rewards to people who find and report holes in Facebook’s security.

In the first three weeks of the project, Facebook paid out over £24,000. They obviously reckon the cost of the programme is significantly less than the potential loss they could suffer if sensitive data were to fall into the wrong hands.

Inviting hackers to your business

If you’re not a company with the size and status of Facebook, it’s probably not a good idea simply to announce in public that you’d like people to try to break into your site. That could invite all kinds of problems.

However, you can enlist the help of a professional ‘ethical hacker’ to help test your security.

The best of these will hold Ethical Hacker Certification from the International Council of Electronic Commerce Consultants. This ensures your chosen hacker is a skilled professional, who uses the same knowledge, techniques and tools as a malicious hacker.

They will know how to probe for weaknesses and vulnerabilities in your systems. And you’ll know that they have signed up to an ethical code that means they can be trusted with your data.

Would you be willing to put your website to that sort of test?

Steve Nice is technical director at ForLinux, an open source hosting and Linux solutions provider.

What does the * mean?

If a link has a * this means it is an affiliate link. To find out more, see our FAQs.