Re: How to report a Vulnerability to a Company

From: James Matthews (nytrokiss@gmail.com)
Date: Tue Jan 08 2008 - 15:07:15 EST


There should be a form on the website to contact them! Use that!

On Jan 7, 2008 1:25 PM, Vikas Singhal <vikas.programmer@gmail.com> wrote:
> Hi all,
>
> Lets say I found a vulnerability in some company's website ( e.g SQL
> Injection ) and that vulnerability is crucial to the company. How do I
> ethically report it to the Company and have credit for that.
>
> Can I go and say "Hey! I found a vuln in your website with gives me
> the password back for any user" Or doing this kinda stuff is not
> ethical at all unless you make a SLA with the company before doing any
> your own pentest.
>
> Can somebody give me any pointer in this direction.
>
> Regards
> Vikas Singhal
>
> ------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Need to secure your web apps NOW?
> Cenzic finds more, "real" vulnerabilities fast.
> Click to try it, buy it or download a solution FREE today!
>
> http://www.cenzic.com/downloads
> ------------------------------------------------------------------------
>
>

-- 
http://search.goldwatches.com/?Search=Movado+Watches
http://www.jewelerslounge.com
http://www.goldwatches.com
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------


This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:19 EDT