On Sun, 20 May 2001, Franklin DeMatto wrote: :Anyone know how to handle the legal/bueracratic aspects of pen-testing a web server which is not in-house, but property of a hosting company?? : :Any real-world advice, forms, paperwork, or legal info. would be appreciated. Have your client inform their vendor that they require a third party of their choosing to evaluate the security of their own networks and digital assets. The vendor may give some pushback, but you can give them assurances that no interruption of service will occur, give them a 24/7 number to reach the testing staff at, and make sure your client states that it is a part of their security policy to require this testing on all internal, and vendor supplied equipment. "Requirement" meaning, "in order to do business with". I think the vendor should be accomodating. -- batz Reluctant Ninja Defective Technologies
This archive was generated by hypermail 2b30 : Tue May 22 2001 - 16:26:29 PDT