Re: Insurance

From: Tom (tom@digitaloffense.net)
Date: Wed Nov 27 2002 - 15:52:30 EST


On Tuesday 26 November 2002 13:23, SDuffy@NCIINC.com wrote:
> I would say first cover yourself with loads of permissions! Make
> sure you have a point of contact that knows what you are doing from
> the company your testing.

The only other thing I would add to this that has not already been stated is
that if your client is hosting mail or web services off-site, you'll need to
make sure that you get authorization from the off-site provider as well.

There are a number of hosting providers and ISP's that will only allow testing
with their consent, and only then if the server is dedicated to the one
client and not shared with any others.

Don't just assume that if your principle client gives you permission to test
that you have carte blanche to test anything that that has their name on it.

Tom

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:26 EDT