RE: Volunteer pen testing

["Chuck Fullerton" <chuckf69 () ceinetworks com>]

Matt,

Just an FYI.  Just because your not getting paid doesn't mean you shouldn't
have a contract and NDA.  These protect YOU as much as the Client.  Make
sure you go through the proper contracting and scope setting steps to ensure
it as legit.  Remember, you need your "Get out of jail free" card..

Chuck F.

-----Original Message-----
From: Matt Bellizzi [mailto:matt.bellizzi () nokia com]
Sent: Tuesday, December 14, 2004 5:05 PM
To: pen-test () securityfocus com
Subject: Volunteer pen testing


Hey folks

Just wanted to bounce an idea off on this list.   Lately I've been
thinking of doing some charity work.   However I generally avoid
physical labor.  The idea has entered my brain to provide pen
testing/security audit services to non profits.    I am by no means a
pet test expert.   Although I do have  solid networking/security skills
(I'm a QA engineer for IPSec VPNs and firewalls).  Obviously for a non
profit to be eligible they would either need a constant-on connection or
a co-located host.  Just thought it would be a fun way to learn more
about pen testing, help the community and helping organizations that are
generally straped for cash.