Ethical hacking refers to targeted hacking on the basis of a clearly defined assignment from the client to exploit technical, organizational und conceptual flaws. Ethical hacking is a classical «proof of concept» security test with the objective to detect design-based security weaknesses like suboptimal trusts between systems, flaws in a zone concept, or employee misconduct.
In contrast to a penetration test or application security audit, the search for vulnerabilities stops once a security flaw has been found which can be exploited to meet the objective. Thus, ethical hacking does not entail a comprehensive, systematic search for all technical vulnerabilities.