In security work, a tiger team is a specialized group that tests an organization’s ability to protect its assets by attempting to circumvent, defeat, or otherwise thwart that organization’s internal and external security. The term originated within the military to describe a team whose purpose is to penetrate security of “friendly” installations to test security measure. It now more generally refers to any team that attacks a problem aggressively.


Attacking software and computer systems from the start – scanning ports, examining known defects and patch installations, for example – ethical hacking, which will likely include such things, is under no such limitations. A full blown ethical hack might include emailing staff to ask for password details, rummaging through executive’s dustbins or even breaking and entering – all, of course, with the knowledge and consent of the targets. To try to replicate some of the destructive techniques a real attack might employ, ethical hackers arrange for cloned test systems, or organize a hack late at night while systems are less critical.