Home page logo

pen-test logo Penetration Testing mailing list archives

Pentes to third party asset
From: Fernando Yong <yong.fernando () gmail com>
Date: Thu, 23 Sep 2010 19:02:50 -0500

Hello list

Any experience when pentest third party web app?

My customer needs to execute a pentest to the new acquisition (a web
app for inner management). But, this app doesn't belong to them, they
just have the software license.

According to its vendor, and as I can see, there is an email where the
vender has authorized to pentest this web app.

Ideally, you know, any pentester would prefer a formal letter between
the vendor and customers in order to legally protect yoursellf as a
pentester, but it is quite difficult in the real world. You just have
an "email".

Please, share experience or advice with me (legal and other repercutions)

Best regards,


This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 


  By Date           By Thread  

Current thread:
  • Pentes to third party asset Fernando Yong (Sep 28)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]