Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: The legal / illegal line?

From: "Varun Nair" <varun () xt1237 com>
Date: Sat, 24 Mar 2007 23:44:54 +0530
2 options:

1. Offer to do a free lightweight pen test for the company. They might
engage you for free and when you have something you can convince them
to hire you for a more comprehensive paid pen test.

2. Use Google and other resources to indirectly find issues with the
network/website under question and show it to them. IANAL but I do not
think this would be illegal. Maybe others can comments on this...

Regards,
Varun V Nair

On 05/03/07, Philosophil <flosofl () gmail com> wrote:

I'd say it's pretty straight forward:

Legal = you or your company is hired and has a contract with very
specific language detailing what is to be tested

Illegal = you perform an unsolicited pen-test in order to drum up
business.  Or even to be a "good citizen"

Basically, CYA and only do testing you have been hired to do.  Do no
more than that, or be willing to face potential legal nightmare.

Just my 2 cents.



------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: