Penetration Testing mailing list archives
Re: The legal / illegal line?
From: Philosophil <flosofl () gmail com>
Date: Sun, 4 Mar 2007 20:07:06 -0600
I'd say it's pretty straight forward: Legal = you or your company is hired and has a contract with very specific language detailing what is to be tested Illegal = you perform an unsolicited pen-test in order to drum up business. Or even to be a "good citizen" Basically, CYA and only do testing you have been hired to do. Do no more than that, or be willing to face potential legal nightmare. Just my 2 cents. On 3/1/07, Barry Fawthrop <barry () ttienterprises org> wrote:
Hi All Curious to hear other views, where does the legal and illegal line stand in doing a pen test on a third party company? Does it start at the IP Address/Port Scanning Stage or after say once access is gained?? very vague I know I'm also curious to hear from other external/3rd party pen-test consultants, how they have managed to solve the problem Where they approach a client who is convinced they have security, and yet there is classic signs that they don't? You know that if you did a simple pen-test you would have the evidence to prove your point all would be mute But from my current point that would be illegal, even if no access was gained. (maybe I'm wrong) ?? Perhaps this is just a problem here where I am or perhaps it exists elsewhere also? I look forward to your input Barry ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
Current thread:
- The legal / illegal line? Barry Fawthrop (Mar 04)
- Re: The legal / illegal line? Philosophil (Mar 05)
- Re: The legal / illegal line? Varun Nair (Mar 27)
- Re: The legal / illegal line? admin (Mar 05)
- Re: The legal / illegal line? Security Guy (Mar 05)
- RE: The legal / illegal line? Craig Wright (Mar 05)
- Re: The legal / illegal line? Barry Fawthrop (Mar 05)
- RE: The legal / illegal line? McCarty, Eric C. (Mar 05)
- Re: The legal / illegal line? Tim Shea (Mar 05)
- RE: The legal / illegal line? Craig Wright (Mar 05)
- Re: The legal / illegal line? Dotzero (Mar 05)
- Re: The legal / illegal line? Martin Zimmermann (Mar 05)
- Re: The legal / illegal line? Philosophil (Mar 05)