Penetration Testing mailing list archives
Re: Volunteer pen testing
From: Matt Bellizzi <matt.bellizzi () nokia com>
Date: Wed, 15 Dec 2004 11:20:32 -0800
Thanks for responding everyone. Well it looks like there are two camps here. The first group mostly objects to the liability to me. The second thinks it's a good idea. It looks like I should seek some legal advice. Luckily my company offers that as a benefit. Or I'm sure I could probably find a lawyer to do it pro-bono. Looks like I'll need a NDA for me, a letter of intent and a agree to hold harmless for my client. If someone out there has some boiler plate examples of these I would love to see em. A couple of other issues were also brought to my attention. Like What is the scope of the pen test? Also what happens after the pen-test? And finally who to call if I DOS something. Off the top of my head. The scope of the pen-test is Dependant on the client's network. The actions after the pentest depends on if they staff or not. As for crashing machines....I'm thinking that before even attempting to test I would have to meet with the whomever they have on staff and co-ordinate off times for testing and contact numbers. I would also not run actually dos exploits. This might not be considered a pen-test but, I still think it might be useful and/or fun.
Current thread:
- Volunteer pen testing Matt Bellizzi (Dec 15)
- Re: Volunteer pen testing L. Walker (Dec 15)
- Re: Volunteer pen testing Matt Bellizzi (Dec 15)
- Re: Volunteer pen testing Travis Good (Dec 16)
- Re: Volunteer pen testing Matt Bellizzi (Dec 15)
- RE: Volunteer pen testing Chuck Fullerton (Dec 15)
- Re: Volunteer pen testing Richard Rager (Dec 15)
- <Possible follow-ups>
- RE: Volunteer pen testing Lachniet, Mark (Dec 15)
- Re: Volunteer pen testing L. Walker (Dec 15)