Penetration Testing mailing list archives
Pen Test--France and Belgium
From: Michael Daveler <mdaveler () yahoo com>
Date: Mon, 7 Dec 2009 13:31:12 -0800 (PST)
Hi List:
We are a USA security company and have been asked by our client to perform a two-phase project of the client's
third-party vendors/suppliers located in France and Belgium. Phase one will be a vuln scan, and Phase two will be a
penetration test. Both phases will have scans/pen tests originating across the Internet.
We will be securing the appropriate contracts/agreements/etc. with client, client's third-party vendors, consent forms
from third-party vendor's ISP's (to allow scans through their networks to third-party vendor, etc.). And most
importantly, will have all contract/agreement work done by legal counsel well-versed in this type of work, and
knowledgeable of laws in France and Belgium.
In the interim, for the initial fact-finding, looking to see if anyone has put together any checklists, guidance
documents or has feedback on things you should/should NOT do while doing scans/pen tests against entities in France and
Belgium, what specific laws can be referenced/reviewed, etc.
As an example, I have heard that if doing pen tests of entities in France, you need to follow their crypto laws; had to
have lawyers approve the crypto algorithms used for setting up encrypted connections going to and from the country; and
some other algorithms required registration with the government to use, etc.
So any and all details are much appreciated. If appropriate, once I have collected all feedback, I can prepare a
summary and post back to the list.
Thanks in advance,
--Mike
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT
and CEPT certs require a full practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
Current thread:
- Pen Test--France and Belgium Michael Daveler (Dec 08)
- Re: Pen Test--France and Belgium Stefan (Dec 08)
- Re: Pen Test--France and Belgium Koen Bossaert (Dec 15)