Home page logo

pen-test logo Penetration Testing mailing list archives

Re: The legal / illegal line?
From: "Varun Nair" <varun () xt1237 com>
Date: Sat, 24 Mar 2007 23:44:54 +0530

2 options:

1. Offer to do a free lightweight pen test for the company. They might
engage you for free and when you have something you can convince them
to hire you for a more comprehensive paid pen test.

2. Use Google and other resources to indirectly find issues with the
network/website under question and show it to them. IANAL but I do not
think this would be illegal. Maybe others can comments on this...

Varun V Nair

On 05/03/07, Philosophil <flosofl () gmail com> wrote:
I'd say it's pretty straight forward:

Legal = you or your company is hired and has a contract with very
specific language detailing what is to be tested

Illegal = you perform an unsolicited pen-test in order to drum up
business.  Or even to be a "good citizen"

Basically, CYA and only do testing you have been hired to do.  Do no
more than that, or be willing to face potential legal nightmare.

Just my 2 cents.

This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]