Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Volunteer pen testing

from [Richard Rager] Network Security [Permanent Link]
Subject: Re: Volunteer pen testing
Date: Tue, 14 Dec 2004 23:03:45 -0600 (CST) 

On Tue, 14 Dec 2004, Matt Bellizzi wrote:


Just wanted to bounce an idea off on this list.   Lately I've been 
thinking of doing some charity work.   However I generally avoid 
physical labor.  The idea has entered my brain to provide pen 
testing/security audit services to non profits.    I am by no means a 
pet test expert.   Although I do have  solid networking/security skills 
(I'm a QA engineer for IPSec VPNs and firewalls).  Obviously for a non 
profit to be eligible they would either need a constant-on connection or 
a co-located host.  Just thought it would be a fun way to learn more 
about pen testing, help the community and helping organizations that are 
generally straped for cash.




   I really hate to say this.  Get a lawyer.  This is the reasons.

   You need to define what you will test.

      What types of test will you do.
      What Systems you will test. 
        IE Routers, Web Servers, Mail server
        IDS?
     

   What will hapen if you do any harm?

     I have done pen testing and was trying to get there IDS mad at me.  
     The web server die.  Who do you call?

     Get out of jail free card is good to have here.

     Limit your liablities.

  What will you do with the information that you collect?

     Who will you give it too?

     How long with you keep the information?

  
  Stay away with anything close to GLB or HIPPA

   It really a can of worms.


  Just let me say.  It nice idea, please remember no good deed goes 
unpunished.


Enjoy,

Richard Rager
penguinman.com
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Respuesta: Penetration Testing Methodologies, rzaluski
Next by Date:  gomma pane v0.1, inode
Previous by Thread:  RE: Volunteer pen testing, Chuck Fullerton
Next by Thread:  RE: Volunteer pen testing, Lachniet, Mark
Indexes:  [Date] [Thread] [Top] [All Lists]