As an ethical hacker you must agree to the some code of ethics

  • Keep private and confidential information gained in your professional work (in particular as it pertains to client lists and client personal information). Do not collect, give, sell, or transfer any personal information (such as name, e-mail address, social security number, or other unique identifier) to a third party without prior client consent.
  • Protect the intellectual property of others by relying on your own innovation and efforts, thus ensuring that all benefits vest with its originator.
  • Disclose to appropriate persons or authorities potential dangers to any e-commerce clients, the Internet community, or the public, that you reasonably believe to be associated with a particular set or type of electronic transactions or related software or hardware.
  • Never knowingly use software or a process that is obtained or retained either illegally or unethically.
  • Do not engage in deceptive financial practices such as bribery, double billing, or other improper financial practices.
  • Use the property of a client or employer only in ways properly authorized, and with the owner’s knowledge and consent.
  • Disclose to all concerned parties those conflicts of interest that cannot reasonably be avoided or escaped.
  • Ensure good management for any project you lead, including effective procedures for promotion of quality and full disclosure of risk.
  • Add to the knowledge of the e-commerce profession by constant study, share the lessons of your experience with fellow EC-Council members, and promote public awareness of the benefits of e-commerce.
  • Conduct yourself in the most ethical and competent manner when soliciting professional service or seeking employment, thus meriting confidence in your knowledge and integrity.
  • Ensure ethical conduct and professional care at all times on all professional assignments without prejudice.
  • Do not take part in any black hat activity or be associated with any black hat community that serves to endanger networks.
  • Do not take part in any underground hacking community for purposes of preaching and expanding black hat activities.
  • Do not make inappropriate references to the certification or misleading use of certificates, marks or logos in publications, catalogs, documents, or speeches.
  • Do not violate any law of the land or have any previous conviction.

Under the right circumstances and with proper planning and goals in mind, you can provide a wealth of valuable information to your target organization. Working with your client, you should analyze your results thoroughly and determine which areas need attention and which need none at all. Your client will determine the perfect balance of security versus convenience. If the problems you uncover necessitate action, the next challenge is to ensure that existing usability is not adversely affected if security controls are modified or if new ones are put in place. Security and convenience often conflict: the more secure a system becomes, the less convenient it tends to be.