[Owasp-leaders] OWASP Consumer Reports Project

daniel cuthbert daniel.cuthbert at owasp.org
Tue Apr 13 02:36:43 EDT 2010


How did I know I'd be used as a reference? :0)

In the UK, this is a grey area, anyone who does anything on a site that
doesn't have specific authorisation from the owner is breaking the law.
Generate a 404?, break the law. Change a field and cause a business logic
error?, breaking the law!

On 12 April 2010 15:40, Rogan Dawes <rogan at dawes.za.net> wrote:

> On 2010/04/12 3:16 PM, McGovern, James F. (P+C Technology) wrote:
>
> > Criteria would include things like knowing they are running
> > the latest patch version of web server software, dns zone transfer,
> > basic input validation and other things that are observable as a smart
> > security consumer. At no time, would we scan a site without permission.
> >
> > Thoughts?
>
> How do you intend to test "basic input validation" without scanning the
> site?
>
> Ask Dan about how little you need to do to be considered to be hacking.
>
> Rogan
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20100413/57d6a7ff/attachment.html 


More information about the OWASP-Leaders mailing list