Penetration Testing mailing list archives
RE: International Penetration Testing Law (United Kingdom)
From: "pete" <pete () ideahamster org>
Date: Sat, 25 May 2002 21:49:30 +0200
You may want to look in the Open Source Security Testing Methodology Manual at OSSTMM.org-- there is an Appendix in 2.0 written by a British lawyer concerning the various laws for pen testers. -pete. -----Original Message----- From: Greg [mailto:greg () hoobie net] Sent: Friday, May 24, 2002 6:58 PM To: Penetration Testers Subject: RE: International Penetration Testing Law (United Kingdom) Assuming a generic remote pen test, you will be dealing with the UK Computer Misuse Act (1990). You will need written permission from the system owners and a well defined scope which must also be agreed and signed off before you start (but I guess that's the same everywhere.) If client data is to be or may be exposed during the test you should also consider the UK Data Protection Act which governs the handling of personal data and the like. Your engagement letter/contract may need to be re-worded if is designed for use within the US. For instance, I don't beleive there is the concept of the data protection act in the US although I'm not entirely sure about that one. CMA 1990 : http://www.hmso.gov.uk/acts/acts1990/Ukpga_19900018_en_1.htm DPA 1998 : http://www.hmso.gov.uk/acts/acts1998/19980029.htm enjoy Greg
-----Original Message----- From: M W [mailto:crackthis22 () hotmail com] Sent: 22 May 2002 23:12 To: crackthis22 () hotmail com Subject: International Penetration Testing Law (United Kingdom) Does anybody have any insight (website/links) as to laws/restrictions on international pen testing, specifically from the United States to a
client in the United Kingdom? Thanks in Advance _________________________________________________________________ Join the world's largest e-mail service with MSN Hotmail. http://www.hotmail.com ------------------------------------------------------------------ ---------- This list is provided by the SecurityFocus Security Intelligence Alert
(SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- International Penetration Testing Law (United Kingdom) M W (May 23)
- RE: International Penetration Testing Law (United Kingdom) Greg (May 24)
- RE: International Penetration Testing Law (United Kingdom) pete (May 25)
- RE: International Penetration Testing Law (United Kingdom) Greg (May 24)