Home page logo

pen-test logo Penetration Testing mailing list archives

How to report a Vulnerability to a Company
From: "Vikas Singhal" <vikas.programmer () gmail com>
Date: Mon, 7 Jan 2008 17:55:07 +0530

Hi all,

Lets say I found a vulnerability in some company's website ( e.g SQL
Injection ) and that vulnerability is crucial to the company. How do I
ethically report it to the Company and have credit for that.

Can I go and say "Hey! I found a vuln in your website with gives me
the password back for any user" Or doing this kinda stuff is not
ethical at all unless you make a SLA with the company before doing any
your own pentest.

Can somebody give me any pointer in this direction.

Vikas Singhal

This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]