There is often confusion with the difference between “vulnerability scanning” and “penetration testing”, the latter being synonymous with “ethical hacking”. This article/podcast, from the president of the EC Council, the accreditation body for the Certified Ethical Hacker designation, includes a nice explanation of this very important kind of security testing.
“An ethical hacker is simply a bodyguard. But instead of a human bodyguard, an ethical hacker is a computer bodyguard. Their job is to sit there and figure out: If a hacker were to attack a system, how would they do it, and they’re trying to figure out how to protect your systems – if your systems have been sufficiently protected.”
Why We Need Ethical Hacking
Jeremy Simon, PCI QSA, CISSP, CISA
Practice Lead, PCI Compliance Services