RE: Informing Companies about security vulnerabilities...

From: Krpata, Tyler (tkrpata@bjs.com)
Date: Wed Oct 04 2006 - 16:13:28 EDT


"On the count of entering an apostrophe into the Search box on the
plaintiff's web site, how do you plead?"

...doubtful.

-----Original Message-----
From: bugtraq@cgisecurity.net [mailto:bugtraq@cgisecurity.net]
Sent: Wednesday, October 04, 2006 3:15 PM
To: joe@learnsecurityonline.com; pen-test@securityfocus.com
Cc: bugtraq@securityfocus.com
Subject: RE: Informing Companies about security vulnerabilities...

So you are admitting publicly that you and a class of students that you
teach are illegally testing random public
websites for the purpose of learning about security vulnerabilities?
Sounds like you/your company need to speak
with a lawyer.

- Robert
http://www.cgisecurity.com/ Application Security news and more
http://www.cgisecurity.com/index.rss [RSS Security Feed]

-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
On Behalf Of Joseph McCray
Sent: Wednesday, October 04, 2006 3:07 AM
To: pen-test@securityfocus.com
Subject: Informing Companies about security vulnerabilities...

This probably won't sound like that big of a deal, but it still bothered
me so I figured I'd ask the list. I was teaching a Web Application
Security class last week and we were performing simple XXS, SQL
Injection, etc on the vulnerable web apps I use for class.

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:05 EDT