J, Our experience has been that the customer usually has someone from their IT staff on duty at the location while we are performing the test. We actually recommend in this in event that we take one of their critical / key servers or routers offline and it needs to be rebooted. It also helps out on the communication between us and the client who's admin is usually a gearhead and interested hacking / security at some level. Like you we provide some time onsite with one of engineers to go over the test with them and answer any questions that they might have. Ultimately is establishes a good line communication with the client, potential repeat business, and a level of trust between all parties. Ken -----Original Message----- From: Joe Klein [mailto:jskleinat_private] Sent: Monday, June 18, 2001 11:00 PM To: pen-testat_private Subject: What is your policy on customers particapating in a pen test? All: I am hearing customers request ( and some times demand ) that they be part of a pen test. Currently, we offer the customer 4 - 8 hours of time to review findings and show them what we did, to access there systems. But we do this after the pen test is complete. I was wondering how other companies deal with this issue? J
This archive was generated by hypermail 2b30 : Tue Jun 19 2001 - 21:12:33 PDT