Penetration Testing mailing list archives
Re: Insurance
From: Tom <tom () digitaloffense net>
Date: Wed, 27 Nov 2002 14:52:30 -0600
On Tuesday 26 November 2002 13:23, SDuffy () NCIINC com wrote:
I would say first cover yourself with loads of permissions! Make sure you have a point of contact that knows what you are doing from the company your testing.
The only other thing I would add to this that has not already been stated is that if your client is hosting mail or web services off-site, you'll need to make sure that you get authorization from the off-site provider as well. There are a number of hosting providers and ISP's that will only allow testing with their consent, and only then if the server is dedicated to the one client and not shared with any others. Don't just assume that if your principle client gives you permission to test that you have carte blanche to test anything that that has their name on it. Tom ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Insurance Lisa Dokes (Nov 26)
- Re: Insurance David Wray (Nov 27)
- Re: Insurance mis (Nov 27)
- <Possible follow-ups>
- Insurance Parisi, Robert (Nov 26)
- RE: Insurance SDuffy (Nov 26)
- Re: Insurance Tom (Nov 27)
- Re: Insurance Howard518 (Nov 28)
- Re: Insurance David Wray (Nov 27)