A legal hack is in fact a simulation of hacker activity by IT professionals. The simplest definition of a legal hack is "the portion of security testing in which the auditors attempt to circumvent the security features of a system."
Contrary to a security audit, which has specified criteria to measure against, there is no single standard for a legal hack. A test will only be successful when the scope of the test is defined in advance.
In this section eight aspects of a legal hack are discussed: