Re: The legal / illegal line?

From: Paul Robertson (compuwar@gmail.com)
Date: Mon Mar 05 2007 - 11:00:32 EST

• Next message: WALI: "Proof of concept - Segregation of developers"
• Previous message: David Swafford: "Re: The legal / illegal line?"
• In reply to: Barry Fawthrop: "The legal / illegal line?"
• Next in thread: Justin Ross: "Re: The legal / illegal line?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Legality changes based on jurisdiction. Ethics shouldn't. Ethically
the line is "Do you have permission?" From a risk perspecitve, that
should be modified to be "Do you have written permission?" From a
business perspective "and insurance?" should be appended.

Paul

On 3/1/07, Barry Fawthrop <barry@ttienterprises.org> wrote:
> Hi All
>
> Curious to hear other views, where does the legal and illegal line stand
> in doing a pen test on a third party company?
> Does it start at the IP Address/Port Scanning Stage or after say once
> access is gained?? very vague I know
>
>
> I'm also curious to hear from other external/3rd party pen-test
> consultants, how they have managed to solve the problem
> Where they approach a client who is convinced they have security, and
> yet there is classic signs that they don't?
> You know that if you did a simple pen-test you would have the evidence
> to prove your point all would be mute
>
> But from my current point that would be illegal, even if no access was
> gained. (maybe I'm wrong) ??
>
> Perhaps this is just a problem here where I am or perhaps it exists
> elsewhere also?
>
> I look forward to your input
>
> Barry
>
>
> ------------------------------------------------------------------------
> This List Sponsored by: Cenzic
>
> Need to secure your web apps?
> Cenzic Hailstorm finds vulnerabilities fast.
> Click the link to buy it, try it or download Hailstorm for FREE.
>
> http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
> ------------------------------------------------------------------------
>
>

-- 
fora.compuwar.net
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------

• Next message: WALI: "Proof of concept - Segregation of developers"
• Previous message: David Swafford: "Re: The legal / illegal line?"
• In reply to: Barry Fawthrop: "The legal / illegal line?"
• Next in thread: Justin Ross: "Re: The legal / illegal line?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:38 EDT