[WEB SECURITY] security audit - how to avoid legal prosecution

Maxim Kostioukov maxim at francoudi.com
Wed Jun 8 14:38:21 EDT 2005


No, it is not the case, it is rather something opposite. But answering your question, I would say a legal action is possible just because of the matter of fact (security breach without permission).

	-----Original Message----- 
	From: Will Jefferies [mailto:wjefferies at fncinc.com] 
	Sent: Wed 6/8/2005 5:23 PM 
	To: websecurity at webappsec.org 
	Cc: 
	Subject: RE: [WEB SECURITY] security audit - how to avoid legal prosecution
	
	

	Let me get this straight.  You're wanting to know if you can take legal action against someone who is performing a pen test against your systems without permission (or your knowledge)?
	
	Will
	
	-----Original Message-----
	From: Maxim Kostioukov [mailto:maxim at francoudi.com]
	Sent: Wednesday, June 08, 2005 9:01 AM
	To: webappsec at securityfocus.com; websecurity at webappsec.org
	Subject: [WEB SECURITY] security audit - how to avoid legal prosecution
	
	
	Would someone advise on how to approach in sense of legal agreements BEFORE doing any security research?
	
	For example, one is doing penetration tests on web apps without a written agreement or even worse - without the other side to be aware of the test, then informs the side about findings (not disclosure them publicly).
	
	Any chance for legal prosecution to be fired in case if the other side just would like to do this? I think it is possible... Any advice?
	
	---------------------------------------------------------------------
	The Web Security Mailing List
	http://www.webappsec.org/lists/websecurity/
	
	The Web Security Mailing List Archives
	http://www.webappsec.org/lists/websecurity/archive/
	
	
	--
	No virus found in this incoming message.
	Checked by AVG Anti-Virus.
	Version: 7.0.323 / Virus Database: 267.6.6 - Release Date: 6/8/2005
	
	
	--
	No virus found in this outgoing message.
	Checked by AVG Anti-Virus.
	Version: 7.0.323 / Virus Database: 267.6.6 - Release Date: 6/8/2005
	
	
	Confidentiality Notice:  This message is for the sole use of the intended recipient(s).  It may contain confidential or proprietary information and may be subject to the attorney-client privilege or other confidentiality protections.  If this message was misdirected, neither FNC Holding Company, Inc. nor any of its subsidiaries waive any confidentiality, privilege, or trade secrets.  If you are not a designated recipient, you may not review, print, copy, retransmit, disseminate, or otherwise use this message.  If you have received this message in error, please notify the sender by reply e-mail and delete this message. Thank you.
	
	
	
	
	---------------------------------------------------------------------
	The Web Security Mailing List
	http://www.webappsec.org/lists/websecurity/
	
	The Web Security Mailing List Archives
	http://www.webappsec.org/lists/websecurity/archive/
	
	



More information about the websecurity mailing list