Re: Volunteer pen testing

["L. Walker" <lwalker () magi net au>]

On Tue, 2004-12-14 at 14:04 -0800, Matt Bellizzi wrote:
> Hey folks
>
> Just wanted to bounce an idea off on this list.   Lately I've been 
> thinking of doing some charity work.   However I generally avoid 
> physical labor.  The idea has entered my brain to provide pen 
> testing/security audit services to non profits.    I am by no means a 
> pet test expert.   Although I do have  solid networking/security skills 
> (I'm a QA engineer for IPSec VPNs and firewalls).  Obviously for a non 
> profit to be eligible they would either need a constant-on connection or 
> a co-located host.  Just thought it would be a fun way to learn more 
> about pen testing, help the community and helping organizations that are 
> generally straped for cash.

Noble idea... however one way would be to pentest existing open source
applications off the Internet, setup your own simple lab using a spare
machine (or vmware).

You may encounter some resistance, as someone offering free pen testing
seems too good to be true, so offer non disclosure agreements, etc. if
they start to get worried about the whole idea.

--
L. Walker
Administrator / Consultant