[Owasp-leaders] OWASP Consumer Reports Project
daniel.cuthbert at owasp.org
Tue Apr 13 02:36:43 EDT 2010
How did I know I'd be used as a reference? :0)
In the UK, this is a grey area, anyone who does anything on a site that
doesn't have specific authorisation from the owner is breaking the law.
Generate a 404?, break the law. Change a field and cause a business logic
error?, breaking the law!
On 12 April 2010 15:40, Rogan Dawes <rogan at dawes.za.net> wrote:
> On 2010/04/12 3:16 PM, McGovern, James F. (P+C Technology) wrote:
> > Criteria would include things like knowing they are running
> > the latest patch version of web server software, dns zone transfer,
> > basic input validation and other things that are observable as a smart
> > security consumer. At no time, would we scan a site without permission.
> > Thoughts?
> How do you intend to test "basic input validation" without scanning the
> Ask Dan about how little you need to do to be considered to be hacking.
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP-Leaders