Penetration Testing mailing list archives
Re: [PEN-TEST] "Get out of Jail Free"
From: Gregory Luckman <g.luckman () E-SECURE COM AU>
Date: Wed, 1 Nov 2000 11:10:09 +1100
Ensure that the CIO is easily available by phone for conformation during the audit. The intelligent integrator will assume that the letter is just a social engineering attempt, and you don't want to be detained for a few hours until the CIO is out of a meeting. ....Gregory Quoting "Gallicchio, Florindo (2007)" <florindo.gallicchio () ESAVIO COM>:
In other words, the contract itself has the legal wording that gives us permission to do the security assessment, and we get a separate document for our auditors to carry with them when they're doing the social engineering/physical penetration test portion. A clearly written authorization letter from the client's CIO does the trick.
Current thread:
- Re: [PEN-TEST] "Get out of Jail Free" Gallicchio, Florindo (2007) (Nov 01)
- Re: [PEN-TEST] "Get out of Jail Free" Gregory Luckman (Nov 01)