RE: Volunteer pen testing

From: Chuck Fullerton (chuckf69@ceinetworks.com)
Date: Tue Dec 14 2004 - 21:53:05 EST


Matt,

Just an FYI. Just because your not getting paid doesn't mean you shouldn't
have a contract and NDA. These protect YOU as much as the Client. Make
sure you go through the proper contracting and scope setting steps to ensure
it as legit. Remember, you need your "Get out of jail free" card..

Chuck F.

-----Original Message-----
From: Matt Bellizzi [mailto:matt.bellizzi@nokia.com]
Sent: Tuesday, December 14, 2004 5:05 PM
To: pen-test@securityfocus.com
Subject: Volunteer pen testing

Hey folks

Just wanted to bounce an idea off on this list. Lately I've been
thinking of doing some charity work. However I generally avoid
physical labor. The idea has entered my brain to provide pen
testing/security audit services to non profits. I am by no means a
pet test expert. Although I do have solid networking/security skills
(I'm a QA engineer for IPSec VPNs and firewalls). Obviously for a non
profit to be eligible they would either need a constant-on connection or
a co-located host. Just thought it would be a fun way to learn more
about pen testing, help the community and helping organizations that are
generally straped for cash.



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:11 EDT