פוסטים אחרונים

תגיות

על הבלוג

עקוב אחרי בטוויטר

פרסומות

ניווט

.Practice This.

Practice This blog

Wrong Way To Do Penetration Testing

Security pro pleads guilty to USC breach

"Security professional Eric McCarty plead guilty in United States District Court in Los Angeles on Tuesday, admitting that he intentionally exploited a flaw in the online student application Web site of the University of Southern California, federal prosecutors said. "

"There is a right way to do penetration testing, and there is a wrong way," Zweiback said. "And Mr. McCarty's way was the wrong way, and hopefully this plea sends that message."

פורסם: Dec 29 2006, 01:57 PM by alikl | with 2 comment(s)

תגים:Security, Totally Hacked

תוכן התגובה

Boaz Galil כתב/ה:

Well I would like to know whats your opinion about that issue.

# December 29, 2006 3:34 PM

alikl כתב/ה:

This post reflects my opinion. As long as one does not have system's owner permission - preferable written one - for performing pen test no one has right to use the system in the way it is not supposed to be used. I do not believe some system would encourage its user to freely do pen testing backed by its terms of use.

On other hand if you passionate about breaking the system there are couple of ways to satisfy your passion:

1. There is a lot demand for ethical hackers - run "Hacker" keyword with monster.com for example

2. Use sample apps for that purpose from OWASP.org or foundstone.com

Cheers

# December 29, 2006 5:59 PM

אליק לוין