From: Paul Robertson (compuwar@gmail.com)
Date: Mon Mar 05 2007 - 11:00:32 EST
Legality changes based on jurisdiction. Ethics shouldn't. Ethically
the line is "Do you have permission?" From a risk perspecitve, that
should be modified to be "Do you have written permission?" From a
business perspective "and insurance?" should be appended.
Paul
On 3/1/07, Barry Fawthrop <barry@ttienterprises.org> wrote:
> Hi All
>
> Curious to hear other views, where does the legal and illegal line stand
> in doing a pen test on a third party company?
> Does it start at the IP Address/Port Scanning Stage or after say once
> access is gained?? very vague I know
>
>
> I'm also curious to hear from other external/3rd party pen-test
> consultants, how they have managed to solve the problem
> Where they approach a client who is convinced they have security, and
> yet there is classic signs that they don't?
> You know that if you did a simple pen-test you would have the evidence
> to prove your point all would be mute
>
> But from my current point that would be illegal, even if no access was
> gained. (maybe I'm wrong) ??
>
> Perhaps this is just a problem here where I am or perhaps it exists
> elsewhere also?
>
> I look forward to your input
>
> Barry
>
>
> ------------------------------------------------------------------------
> This List Sponsored by: Cenzic
>
> Need to secure your web apps?
> Cenzic Hailstorm finds vulnerabilities fast.
> Click the link to buy it, try it or download Hailstorm for FREE.
>
> http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
> ------------------------------------------------------------------------
>
>
-- fora.compuwar.net ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:38 EDT