Home page logo

pen-test logo Penetration Testing mailing list archives

Re: Insurance
From: Tom <tom () digitaloffense net>
Date: Wed, 27 Nov 2002 14:52:30 -0600

On Tuesday 26 November 2002 13:23, SDuffy () NCIINC com wrote:
I would say first cover yourself with loads of permissions!  Make
sure you have a point of contact that knows what you are doing from
the company your testing.

The only other thing I would add to this that has not already been stated is 
that if your client is hosting mail or web services off-site, you'll need to 
make sure that you get authorization from the off-site provider as well.

There are a number of hosting providers and ISP's that will only allow testing 
with their consent, and only then if the server is dedicated to the one 
client and not shared with any others.

Don't just assume that if your principle client gives you permission to test 
that you have carte blanche to test anything that that has their name on it.


This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]