Penetration Testing mailing list archives

RE: Pre-Scanning for Marketing

From: "Maxim Kostioukov" <maxim () francoudi com>
Date: Thu, 12 Jan 2006 09:52:40 +0200

I believe unless the owner were legally (i.e. financially) responsible
for their security flaws such pre-scanning would be useless.

Moreover penetration testing without written permission in advance might be legally
turned against the tester.

In majority of cases I got negative/zero reaction so I would not bother.

-----Original Message-----
From: Password Crackers, Inc. [mailto:pwcrack () pwcrack com]
Sent: Tuesday, January 10, 2006 5:11 PM
To: pen-test () securityfocus com
Subject: Pre-Scanning for Marketing


I am interested if anyone on the list has ever tested or implemented a
marketing program that involved pre-scanning (wired or wireless) a prospect
and then sending a letter or email describing potential vulnerabilities and
offering assistance in closing these vulnerabilities.  I have never done
this because of the anticipated negative reaction, but I am curious as to
what the outcome was if anyone else has done it.  Single instances would be
interesting, but I am more curious if anyone has implemented this in a more
broad-based way and has positive and/or negative response rate statistics.

Bob Weiss
Password Crackers, Inc.


------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 

Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------


------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

Current thread:

RE: Pre-Scanning for Marketing, (continued)
- RE: Pre-Scanning for Marketing Shenk, Jerry A (Jan 10)
- RE: Pre-Scanning for Marketing Ed Hudson (Jan 10)
  - RE: Pre-Scanning for Marketing Stonewall (Jan 11)
- RE: Pre-Scanning for Marketing Password Crackers, Inc. (Jan 10)
  - RE: Pre-Scanning for Marketing Wray, Donald W (Jan 11)
- RE: Pre-Scanning for Marketing David Ball (Jan 11)
  - Re: Pre-Scanning for Marketing Robin Wood (Jan 11)
- RE: Pre-Scanning for Marketing Rapaille Maxime (Jan 11)
  - Re: Pre-Scanning for Marketing Pete Herzog (Jan 11)
- RE: Pre-Scanning for Marketing Ron Yount (Jan 11)
- RE: Pre-Scanning for Marketing Maxim Kostioukov (Jan 12)
- RE: Pre-Scanning for Marketing Rapaille Maxime (Jan 12)
- RE: Pre-Scanning for Marketing Bergert, David (Jan 13)