[WEB SECURITY] security audit - how to avoid legal prosecution

Will Jefferies wjefferies at fncinc.com
Wed Jun 8 10:23:20 EDT 2005


Let me get this straight.  You're wanting to know if you can take legal action against someone who is performing a pen test against your systems without permission (or your knowledge)? 

Will

-----Original Message-----
From: Maxim Kostioukov [mailto:maxim at francoudi.com] 
Sent: Wednesday, June 08, 2005 9:01 AM
To: webappsec at securityfocus.com; websecurity at webappsec.org
Subject: [WEB SECURITY] security audit - how to avoid legal prosecution


Would someone advise on how to approach in sense of legal agreements BEFORE doing any security research?

For example, one is doing penetration tests on web apps without a written agreement or even worse - without the other side to be aware of the test, then informs the side about findings (not disclosure them publicly). 

Any chance for legal prosecution to be fired in case if the other side just would like to do this? I think it is possible... Any advice?

---------------------------------------------------------------------
The Web Security Mailing List
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives
http://www.webappsec.org/lists/websecurity/archive/


--
No virus found in this incoming message.
Checked by AVG Anti-Virus.
Version: 7.0.323 / Virus Database: 267.6.6 - Release Date: 6/8/2005
 

-- 
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.323 / Virus Database: 267.6.6 - Release Date: 6/8/2005
 

Confidentiality Notice:  This message is for the sole use of the intended recipient(s).  It may contain confidential or proprietary information and may be subject to the attorney-client privilege or other confidentiality protections.  If this message was misdirected, neither FNC Holding Company, Inc. nor any of its subsidiaries waive any confidentiality, privilege, or trade secrets.  If you are not a designated recipient, you may not review, print, copy, retransmit, disseminate, or otherwise use this message.  If you have received this message in error, please notify the sender by reply e-mail and delete this message. Thank you.




---------------------------------------------------------------------
The Web Security Mailing List
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives
http://www.webappsec.org/lists/websecurity/archive/



More information about the websecurity mailing list