2 options:
1. Offer to do a free lightweight pen test for the company. They might
engage you for free and when you have something you can convince them
to hire you for a more comprehensive paid pen test.
2. Use Google and other resources to indirectly find issues with the
network/website under question and show it to them. IANAL but I do not
think this would be illegal. Maybe others can comments on this...
Regards,
Varun V Nair
On 05/03/07, Philosophil <flosofl@gmail.com> wrote:
I'd say it's pretty straight forward:
Legal = you or your company is hired and has a contract with very
specific language detailing what is to be tested
Illegal = you perform an unsolicited pen-test in order to drum up
business. Or even to be a "good citizen"
Basically, CYA and only do testing you have been hired to do. Do no
more than that, or be willing to face potential legal nightmare.
Just my 2 cents.
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
|