Penetration Testing mailing list archives
Pentes to third party asset
From: Fernando Yong <yong.fernando () gmail com>
Date: Thu, 23 Sep 2010 19:02:50 -0500
Hello list Any experience when pentest third party web app? My customer needs to execute a pentest to the new acquisition (a web app for inner management). But, this app doesn't belong to them, they just have the software license. According to its vendor, and as I can see, there is an email where the vender has authorized to pentest this web app. Ideally, you know, any pentester would prefer a formal letter between the vendor and customers in order to legally protect yoursellf as a pentester, but it is quite difficult in the real world. You just have an "email". Please, share experience or advice with me (legal and other repercutions) Best regards, fernando ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Pentes to third party asset Fernando Yong (Sep 28)