Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Volunteer pen testing

from [Matt Bellizzi] Network Security [Permanent Link]
Subject: Re: Volunteer pen testing
Date: Wed, 15 Dec 2004 11:20:32 -0800
Thanks for responding everyone. Well it looks like there are two camps here. The first group mostly objects to the liability to me. The second thinks it's a good idea. It looks like I should seek some legal advice. Luckily my company offers that as a benefit. Or I'm sure I could probably find a lawyer to do it pro-bono. Looks like I'll need a NDA for me, a letter of intent and a agree to hold harmless for my client. If someone out there has some boiler plate examples of these I would love to see em. A couple of other issues were also brought to my attention. Like What is the scope of the pen test? Also what happens after the pen-test? And finally who to call if I DOS something. Off the top of my head. The scope of the pen-test is Dependant on the client's network. The actions after the pentest depends on if they staff or not. As for crashing machines....I'm thinking that before even attempting to test I would have to meet with the whomever they have on staff and co-ordinate off times for testing and contact numbers. I would also not run actually dos exploits. This might not be considered a pen-test but, I still think it might be useful and/or fun.

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  pwdump 2 & 3, Guillaume Lavoix
Next by Date:  RE: Password Audit tools, Cotter, Joe
Previous by Thread:  Re: Volunteer pen testing, L. Walker
Next by Thread:  Re: Volunteer pen testing, Travis Good
Indexes:  [Date] [Thread] [Top] [All Lists]