Home page logo
/

pen-test logo Penetration Testing mailing list archives

Pentes to third party asset
From: Fernando Yong <yong.fernando () gmail com>
Date: Thu, 23 Sep 2010 19:02:50 -0500

Hello list

Any experience when pentest third party web app?

My customer needs to execute a pentest to the new acquisition (a web
app for inner management). But, this app doesn't belong to them, they
just have the software license.

According to its vendor, and as I can see, there is an email where the
vender has authorized to pentest this web app.

Ideally, you know, any pentester would prefer a formal letter between
the vendor and customers in order to legally protect yoursellf as a
pentester, but it is quite difficult in the real world. You just have
an "email".

Please, share experience or advice with me (legal and other repercutions)

Best regards,

fernando

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
  • Pentes to third party asset Fernando Yong (Sep 28)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault