Computer hacking is a practice with many subtle differences. Many organizations in diagnosing the root cause of an hack try to get professional services of the hackers. A hacker in most cases will be motivated by whoever is sponsoring his or her actions and won’t care much about why his or her services are requested.
Ethical Hacking is used to describe a hacker who purposely tries to hack the organizations security system on their behalf. The computer security industry also refers them as “white hat hackers” to differentiate them from the “black hat hackers” who intent to inflict evil. It’s important to understand clearly what constitutes ethical hacking as many black hat hackers claim to be as ethical hackers when caught. Ethical hacking always must have a written agreement with the hacker and the organization and the goals should be well established. Another form of hacking is referred as “hacktivism” where the hacker is not motivated by money but rather does it as a hobby and social activism.
For our discussion the main question is why use ethical hacking as part of software development process. Why pay someone to for example hack your own site? The answer is quite simple: to prevent a crime you need to at least pretend like a criminal. When you hire a hacker to find security vulnerabilities you’re tapping into the same mindset of a hacker but instead they report the vulnerabilities to you. In application security ethical hacking is considered part of penetration testing, more specifically as part of manual tests where the white hat hackers try to exploit security flaws in the system.