How to go about looking for a pen-tester

From: Ershad Shafi Chowdhury (iru@bol-online.com)
Date: Sun Jun 03 2001 - 04:40:27 PDT

Next message: jcintronat_private: "RE: Automating Dumping of Passwords From NT Registry"

Previous message: Franklin DeMatto: "Tool for source routing"
Next in thread: hellNbak: "Re: How to go about looking for a pen-tester"
Reply: hellNbak: "Re: How to go about looking for a pen-tester"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Dear all,

I have been reading with interest this list for a few weeks. Is there
anything special that a customer should look for when choosing a pen tester?
e.g., are there any certifications, associations, government agency that
guarantee the pen-tester won't use the information learned to harm the
network? Should the customer specify what is allowed and what is not
allowed, or give the pen-tester a free hand to do his work? how about
international agreements? Are there any websites recommending and rating
pen-testers? Basically, what should a client do protect himself when asking
a pen-tester to break in to his network.

Thanks for your answers and apologies in advance if this is entirely
unsuitable for the list. I am only asking because I have not seen this
discussed, so I am a bit unsure as to how appropriate the question is.

Regards,
Ershad.

Next message: jcintronat_private: "RE: Automating Dumping of Passwords From NT Registry"
Previous message: Franklin DeMatto: "Tool for source routing"
Next in thread: hellNbak: "Re: How to go about looking for a pen-tester"
Reply: hellNbak: "Re: How to go about looking for a pen-tester"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sun Jun 03 2001 - 10:09:39 PDT