Re: How to report a Vulnerability to a Company
- From: "James Matthews" <nytrokiss@xxxxxxxxx>
- Date: Tue, 8 Jan 2008 21:07:15 +0100
There should be a form on the website to contact them! Use that!
On Jan 7, 2008 1:25 PM, Vikas Singhal <vikas.programmer@xxxxxxxxx> wrote:
Hi all,
Lets say I found a vulnerability in some company's website ( e.g SQL
Injection ) and that vulnerability is crucial to the company. How do I
ethically report it to the Company and have credit for that.
Can I go and say "Hey! I found a vuln in your website with gives me
the password back for any user" Or doing this kinda stuff is not
ethical at all unless you make a SLA with the company before doing any
your own pentest.
Can somebody give me any pointer in this direction.
Regards
Vikas Singhal
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
--
http://search.goldwatches.com/?Search=Movado+Watches
http://www.jewelerslounge.com
http://www.goldwatches.com
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
- References:
- How to report a Vulnerability to a Company
- From: Vikas Singhal
- How to report a Vulnerability to a Company
- Prev by Date: RE: How to report a Vulnerability to a Company
- Next by Date: RE: How to report a Vulnerability to a Company
- Previous by thread: RE: How to report a Vulnerability to a Company
- Next by thread: RE: How to report a Vulnerability to a Company
- Index(es):
Relevant Pages
|
