Wrong Way To Do Penetration Testing

29 בדצמבר 2006

2 תגובות

Security pro pleads guilty to USC breach

"Security professional Eric McCarty plead guilty in United States District Court in Los Angeles on Tuesday, admitting that he intentionally exploited a flaw in the online student application Web site of the University of Southern California, federal prosecutors said. "

"There is a right way to do penetration testing, and there is a wrong way," Zweiback said. "And Mr. McCarty's way was the wrong way, and hopefully this plea sends that message."

הוסף תגובה
facebook linkedin twitter email

כתיבת תגובה

האימייל לא יוצג באתר. (*) שדות חובה מסומנים

2 תגובות

  1. Boaz Galil29 בדצמבר 2006 ב 15:34

    Well I would like to know whats your opinion about that issue.

    להגיב
  2. alikl29 בדצמבר 2006 ב 17:59

    This post reflects my opinion. As long as one does not have system's owner permission – preferable written one – for performing pen test no one has right to use the system in the way it is not supposed to be used. I do not believe some system would encourage its user to freely do pen testing backed by its terms of use.< ?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />

    On other hand if you passionate about breaking the system there are couple of ways to satisfy your passion:

    1. There is a lot demand for ethical hackers – run "Hacker" keyword with monster.com for example

    2. Use sample apps for that purpose from OWASP.org or foundstone.com

    Cheers

     

    להגיב