Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Penetration Testing Scheduling

From: Yousif () Vapt-Sec com
Date: 29 Apr 2008 07:58:51 -0000
I appreciate everyones commentary on what I've questioned, but I don't think anyones providing a definite answer. If 
it's up the client, then that's done with, it's clearly going to be what they want, not a problem. What if they don't 
take you up on that and you are the decision maker. I'm getting worthless comments from people telling me that I should 
always have permission before security testing, but keep in mind that everyone knows that, commentary like that is just 
useless. Now, to focus on the question, let's say both parties agree to fulfill the security testing, and the contracts 
have been signed, and the setup in general has been completed. To go on with your testing, do you let them know exactly 
a date/time O R do you simply let them know it's a week from now.. I'm clarifying this because it seems like a lot of 
people are giving options, and that's always good to have a choice, but I'm looking more for the "right" thing to do..

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: