[WEB SECURITY] security audit - how to avoid legal prosecution

Maxim Kostioukov maxim at francoudi.com
Wed Jun 8 10:00:36 EDT 2005

Would someone advise on how to approach in sense of legal agreements BEFORE doing any security research?

For example, one is doing penetration tests on web apps without a written agreement or even worse - without the other side to be aware of the test, then informs the side about findings (not disclosure them publicly). 

Any chance for legal prosecution to be fired in case if the other side just would like to do this? I think it is possible... Any advice?

The Web Security Mailing List

The Web Security Mailing List Archives

More information about the websecurity mailing list