Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

pen-test logo Penetration Testing mailing list archives

[PEN-TEST] Ethics Scenario
From: "Christopher M. Bergeron" <ChrisB () HGSS COM>
Date: Mon, 2 Oct 2000 13:43:43 -0400
Here's a scenario that I'd like to get peoples' input on:

A) Our company does pen-tests, security auditing etc...
B) Our team finds a vulnerability/hole on a website just by poking around / using the site.

The question is this:
Do we tell the website company who we are and that we have discovered a vulnerability and then offer to provide them 
assistance with the vulnerability (for pay of course).  i.e. offering them a full pen-test or an IDS or something...?


Or does this tend to fall into the "chasing ambulances" type of business marketing strategy?

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]