Penetration Testing mailing list archives
RE: The legal / illegal line?
From: "Craig Wright" <cwright () bdosyd com au>
Date: Wed, 28 Mar 2007 10:55:14 +1000
Of course if you do a "free" test you have no consideration. No consideration means that there is no contract. No contract means that you have liability and little cover in most juristictions. Ie. Something goes wrong, you are up a certain creek with no paddle. Craig -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Varun Nair Sent: Sunday, 25 March 2007 4:15 AM To: Philosophil Cc: pen-test () securityfocus com Subject: Re: The legal / illegal line? 2 options: 1. Offer to do a free lightweight pen test for the company. They might engage you for free and when you have something you can convince them to hire you for a more comprehensive paid pen test. 2. Use Google and other resources to indirectly find issues with the network/website under question and show it to them. IANAL but I do not think this would be illegal. Maybe others can comments on this... Regards, Varun V Nair On 05/03/07, Philosophil <flosofl () gmail com> wrote:
I'd say it's pretty straight forward: Legal = you or your company is hired and has a contract with very specific language detailing what is to be tested Illegal = you perform an unsolicited pen-test in order to drum up business. Or even to be a "good citizen" Basically, CYA and only do testing you have been hired to do. Do no more than that, or be willing to face potential legal nightmare. Just my 2 cents.
------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=7016 00000008bOW ------------------------------------------------------------------------ Liability limited by a scheme approved under Professional Standards Legislation in respect of matters arising within those States and Territories of Australia where such legislation exists. DISCLAIMER The information contained in this email and any attachments is confidential. If you are not the intended recipient, you must not use or disclose the information. If you have received this email in error, please inform us promptly by reply email or by telephoning +61 2 9286 5555. Please delete the email and destroy any printed copy. Any views expressed in this message are those of the individual sender. You may not rely on this message as advice unless it has been electronically signed by a Partner of BDO or it is subsequently confirmed by letter or fax signed by a Partner of BDO. BDO accepts no liability for any damage caused by this email or its attachments due to viruses, interference, interception, corruption or unauthorised access. ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
Current thread:
- Re: The legal / illegal line?, (continued)
- Re: The legal / illegal line? Justin Ross (Mar 05)
- RE: The legal / illegal line? Craig Wright (Mar 05)
- RE: The legal / illegal line? Craig Wright (Mar 05)
- Re: The legal / illegal line? Chris Travers (Mar 06)
- RE: The legal / illegal line? Craig Wright (Mar 05)
- Re: The legal / illegal line? Higinio Orsini (Mar 06)
- RE: The legal / illegal line? Craig Wright (Mar 06)
- Message not available
- RE: The legal / illegal line? Craig Wright (Mar 09)
- Message not available
- RE: The legal / illegal line? Craig Wright (Mar 09)
- Message not available