What is a White Hat

A white hat is an ethical, noncriminal practice used to improve computer and internet security and search engine optimization. White hat hackers are a valuable resource for organizations who want to identify their security weaknesses in an attempt to prevent criminal attacks.


White hats can be dubbed the "good guys" of hacking. They can research and find any lapses of security in software and then notify the owner of the system to fix it. Companies can gain a false sense of security after employing white hat hackers to identify security vulnerabilities. Since companies can change their systems and hackers can develop new techniques, the security threat is ongoing; and penetration testing should be ongoing as well. For example, white hats can identify a vulnerability that could cause invalid death certificates to be issued, which criminals could take advantage of to claim fraudulent life insurance payouts, or a vulnerability that could allow a power grid to be shut off remotely.

Famous white-hat hackers include Tim Berners-Lee (inventor of the World Wide Web), Apple co-founder Steve Wozniak, and Jeff Moss (founder of the annual hacker conference Defcon).

White Hats, Gray Hats, Black Hats

There are three different types of hackers out there. White hats, gray hats and black hats. Black hats are the criminals of the group. They will scour for holes or backdoors in order to gain access to systems and use malicious software to steal data. They will typically sell this information to other black hats as well. Gray hats fall into the middle of the group, but instead of selling the information they access to a malevolent party, they will sell it to governments and other agencies, who, in turn, will use that for the good of the public. Some of these hackers can be contracted or they may act as their own independent agents.

Consider the case of the FBI, who took Apple to court over the iPhone of one of the San Bernardino shooters. The agency requested Apple unlock the iPhone in order to gain access to the shooter's personal information. Apple refused, citing privacy issues, and the case was then taken to court. The FBI later withdrew its case, saying a third party managed to unlock the phone. Although the FBI never confirmed who gained access to the iPhone, it is likely that it was a gray hat hacker. 

White hat practices can be contrasted with black hat practices, which use unethical and even criminal methods for activities such as breaking into computer systems to steal information or cause damage, and misleading search engines into thinking a webpage’s content is more valuable than it is in order to increase traffic and generate ad revenue. Because cyber attacks from black hat hackers are such a significant threat, white hat hackers are a major asset to businesses, governments and the individuals those organizations serve, helping to protect profits, tax dollars, and reputations. White hat hackers even help technology companies, which could be surprisingly vulnerable, to protect their systems.

The catch-22 of teaching white hat practices to more individuals in an attempt to better protect computer-based systems is that penetration testing by white-hat hackers to look for weaknesses in a company’s software systems uses the same skills as criminal efforts to attack software systems.

White Hat Strategies

In terms of search engine optimization (SEO) practices, white hat strategies are those that completely follow the search engine’s rules. Websites that use these practices are less likely to be negatively affected by search engine algorithm updates, which are often aimed at making sure sites that use black hat practices don’t rise to the top of the search results. A gray hat strategy employs both white and black techniques to take some risk of increasing search engine traffic at the expense of bending the rules and potentially getting caught and penalized, but the risk is lower than that associated with a purely black hat strategy. Black hat strategies completely violate the search engine’s rules.