White Hat

DEFINITION of 'White Hat'

Ethical, noncriminal practices used to improve computer and Internet systems such as security and search engine optimization. White hat hackers are a valuable resource for organizations who want to identify their security weaknesses in an attempt to prevent criminal attacks. For example, white hats can identify a vulnerability that could cause invalid death certificates to be issued which criminals could take advantage of to claim fraudulent life insurance payouts or a vulnerability that could allow a power grid to be shut off remotely.


White hat practices can be contrasted with black hat practices, which use unethical and even criminal methods for activities such as breaking into computer systems to steal information or cause damage, and misleading search engines into thinking a webpage’s content is more valuable than it is in order to increase traffic to that page and generate ad revenue or sales. Because cyberattacks from black hat hackers are such a significant threat, white hat hackers are a major asset to businesses, governments and the individuals those organizations serve, helping to protect profits, tax dollars, and reputations. White hat hackers even help technology companies, which could be surprisingly vulnerable, to protect their systems.

The catch-22 of teaching white hat practices to more individuals in an attempt to better protect computer-based systems is that white hat hackers use the same skills as black hat hackers. Penetration testing by white-hat hackers to look for weaknesses in a company’s software systems uses the same skills as criminal efforts to attack software systems.

Companies can gain a false sense of security after employing white hat hackers to identify security vulnerabilities. Since companies can change their systems and hackers can develop new techniques, the security threat is ongoing and penetration testing should be ongoing as well.

In terms of search engine optimization practices, white hat strategies are those that completely follow the search engine’s rules. Websites that use these practices are less likely to be negatively affected by search engine algorithm updates, which are often aimed at making sure sites that use black hat practices don’t rise to the top of the search results. A gray hat strategy employs both white and black techniques to take some risk of increasing search engine traffic at the expense of bending the rules and potentially getting caught and penalized, but the risk is lower than that associated with a purely black hat strategy. Black hat strategies completely violate the search engine’s rules.

Famous white-hat hackers include Tim Berners-Lee, inventor of the World Wide Web; Apple’s Steve Wozniak; and Jeff Moss, founder of the annual hacker conference Defcon.