[WEB SECURITY] security audit - how to avoid legal prosecution [DEAD]

Jeremiah Grossman jeremiah at whitehatsec.com
Wed Jun 8 13:17:08 EDT 2005


Moderator Note:

Most of the new posts coming in on this thread are reiterating the same 
comments. Unless new on-topic material (web security) comes in on the 
subject, we're going to kill the thread.

Thank you.

Regards,

jeremiah-




On Wednesday, June 8, 2005, at 07:00  AM, Maxim Kostioukov wrote:

>
> Would someone advise on how to approach in sense of legal agreements 
> BEFORE doing any security research?
>
> For example, one is doing penetration tests on web apps without a 
> written agreement or even worse - without the other side to be aware 
> of the test, then informs the side about findings (not disclosure them 
> publicly).
>
> Any chance for legal prosecution to be fired in case if the other side 
> just would like to do this? I think it is possible... Any advice?
>
> ---------------------------------------------------------------------
> The Web Security Mailing List
> http://www.webappsec.org/lists/websecurity/
>
> The Web Security Mailing List Archives
> http://www.webappsec.org/lists/websecurity/archive/
>


---------------------------------------------------------------------
The Web Security Mailing List
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives
http://www.webappsec.org/lists/websecurity/archive/



More information about the websecurity mailing list