Vent: When a friend asked me to test their website's security without permission

A buddy wanted me to poke around his company's site to find holes. I told him that's not right unless you have clear permission. Always get written okay before any security checks.

3 comments

3 Comments

the_jason2mo ago

Absolutely, you need that permission first.

butler.iris2mo ago

Not always true. If you wait for permission, you might miss the chance (happens more than you'd think).

bettyperry1mo ago

About the point that waiting for permission might make you miss a chance, I read a tech blog that had a real story on this. They said a well meaning tester got a cease and desist letter after checking a site without clear go ahead. The blog explained how even with good finds, no written permission can turn into a legal mess. So from what I've seen, getting that official okay is just the smart move.