Penetration Testing mailing list archives
How to report a Vulnerability to a Company
From: "Vikas Singhal" <vikas.programmer () gmail com>
Date: Mon, 7 Jan 2008 17:55:07 +0530
Hi all, Lets say I found a vulnerability in some company's website ( e.g SQL Injection ) and that vulnerability is crucial to the company. How do I ethically report it to the Company and have credit for that. Can I go and say "Hey! I found a vuln in your website with gives me the password back for any user" Or doing this kinda stuff is not ethical at all unless you make a SLA with the company before doing any your own pentest. Can somebody give me any pointer in this direction. Regards Vikas Singhal ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- How to report a Vulnerability to a Company Vikas Singhal (Jan 08)
- RE: How to report a Vulnerability to a Company benoni.martin (Jan 09)
- RE: How to report a Vulnerability to a Company Paul Melson (Jan 09)
- RE: How to report a Vulnerability to a Company Thor (Hammer of God) (Jan 09)
- RE: How to report a Vulnerability to a Company Barry Greene (bgreene) (Jan 09)
- Re: How to report a Vulnerability to a Company James Matthews (Jan 09)
- RE: How to report a Vulnerability to a Company Password Crackers, Inc. (Jan 09)
- <Possible follow-ups>
- Re: How to report a Vulnerability to a Company firesidepeavey (Jan 09)
- RE: How to report a Vulnerability to a Company Boaz Shunami (Jan 09)
- Re: How to report a Vulnerability to a Company Ed Telecommuter (Jan 10)
- Re: How to report a Vulnerability to a Company krymson (Jan 10)
(Thread continues...)