Penetration Testing mailing list archives
Re: What is your policy on customers particapating in a pen test?
From: Jonathan Rickman <jonathan () xcorps net>
Date: Tue, 19 Jun 2001 17:47:04 -0400 (EDT)
It's their system. As long as they agree to observe...hands free, I don't see a problem with it. It doesn't hurt to educate the customer either. I'm not saying you should hand over the source to your own in house tools, just that it goes a long way towards establishing a relationship with them. How much you share is obviously at your discretion. Remember, if you tell everyone everything you know...everyone will know more than you. There's a fine line between education of a customer and business suicide. You have to walk carefully along that line, or you could end up with a customer that thinks that since they sat in on one pen-test...they don't need you anymore. That might be their goal anyway. You have to be the judge of that. -- Jonathan Rickman X Corps Security http://www.xcorps.net On Tue, 19 Jun 2001, Joe Klein wrote:
All: I am hearing customers request ( and some times demand ) that they be part of a pen test. Currently, we offer the customer 4 - 8 hours of time to review findings and show them what we did, to access there systems. But we do this after the pen test is complete. I was wondering how other companies deal with this issue? J
Current thread:
- Re: Blind IP spoofing portscan tool?, (continued)
- Re: Blind IP spoofing portscan tool? Enrique A. Sanchez Montellano (Jun 14)
- Re: Blind IP spoofing portscan tool? Chris Winter (Jun 14)
- RE: Blind IP spoofing portscan tool? Filipe Almeida (Jun 15)
- Re: Blind IP spoofing portscan tool? Alberto_Revelli (Jun 14)
- RE: Blind IP spoofing portscan tool? Yonatan Bokovza (Jun 14)
- RE: Blind IP spoofing portscan tool? thomas olofsson (Jun 18)
- What is your policy on customers particapating in a pen test? Joe Klein (Jun 19)
- Re: What is your policy on customers particapating in a pen test? Meritt James (Jun 19)
- RE: What is your policy on customers particapating in a pen test? Ken Pfeil (Jun 21)
- Re: What is your policy on customers particapating in a pen test? GBH (Jun 19)
- Re: What is your policy on customers particapating in a pen test? Jonathan Rickman (Jun 19)
- RE: What is your policy on customers participating in a pen test? Ken Halbeck (Jun 19)
- Re: What is your policy on customers particapating in a pen test? Vanja Hrustic (Jun 20)
- Re: What is your policy on customers particapating in a pen test? Jonathan Rickman (Jun 21)
- Re: What is your policy on customers particapating in a pen test? Vanja Hrustic (Jun 22)
- RE: What is your policy on customers particapating in a pen test? Bojan Zdrnja (Jun 25)
- What is your policy on customers particapating in a pen test? Joe Klein (Jun 19)
- RE: What is your policy on customers participating in a pen test? Dom De Vitto (Jun 21)
- Re: What is your policy on customers particapating in a pen test? Gary Warner (Jun 21)
- Re: What is your policy on customers particapating in a pen test? Meritt James (Jun 21)