Penetration Testing: Re: Pen testing a off-site web server

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Penetration Testing mailing list archives

Re: Pen testing a off-site web server

From: batz <batsy () vapour net>
Date: Tue, 22 May 2001 06:22:14 -0400 (EDT)

On Sun, 20 May 2001, Franklin DeMatto wrote:

:Anyone know how to handle the legal/bueracratic aspects of pen-testing a web server which is not in-house, but 
property of a hosting company??
:
:Any real-world advice, forms, paperwork, or legal info. would be appreciated.

Have your client inform their vendor that they require a third party of their
choosing to evaluate the security of their own networks and digital assets. 
The vendor may give some pushback, but you can give them assurances that 
no interruption of service will occur, give them a 24/7 number to reach 
the testing staff at, and make sure your client states that it is a part 
of their security policy to require this testing on all internal, and vendor
supplied equipment. "Requirement" meaning, "in order to do business with".

I think the vendor should be accomodating. 


--
batz
Reluctant Ninja
Defective Technologies

By Date By Thread

Current thread:

Pen testing a off-site web server Franklin DeMatto (May 22)
- Re: Pen testing a off-site web server Meritt James (May 22)
- Re: Pen testing a off-site web server batz (May 22)
  - RE: Pen testing a off-site web server Jim Huddleston (May 23)
    - RE: Pen testing a off-site web server Mike Forrester (May 31)
- <Possible follow-ups>
- RE: Pen testing a off-site web server Graham, Randy (RAW) (May 22)