Pen testing a off-site web server

From: Franklin DeMatto (franklinat_private)
Date: Sun May 20 2001 - 16:41:45 PDT

Next message: Franklin DeMatto: "Discovering hosts behind NAT"

Previous message: Jim Duncan: "Re: word lists"
Reply: Meritt James: "Re: Pen testing a off-site web server"
Reply: batz: "Re: Pen testing a off-site web server"
Reply: Graham, Randy (RAW) : "RE: Pen testing a off-site web server"
Reply: Spencer, Ed M. -ND: "RE: Pen testing a off-site web server"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Anyone know how to handle the legal/bueracratic aspects of pen-testing a web server which is not in-house, but property of a hosting company??

The hosting company may not take lightly to suggestions that it may be vulnerable, and may be afraid of damage caused by a test.  Worse, if the server is not dedicated, but rather uses virtual hosts, other clients could be affected by the testing.

Any real-world advice, forms, paperwork, or legal info. would be appreciated.

Franklin DeMatto
franklinat_private
qDefense - DEFENDING THE ELECTRONIC FRONTIER

Next message: Franklin DeMatto: "Discovering hosts behind NAT"
Previous message: Jim Duncan: "Re: word lists"
Reply: Meritt James: "Re: Pen testing a off-site web server"
Reply: batz: "Re: Pen testing a off-site web server"
Reply: Graham, Randy (RAW) : "RE: Pen testing a off-site web server"
Reply: Spencer, Ed M. -ND: "RE: Pen testing a off-site web server"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue May 22 2001 - 08:03:40 PDT