Pentesting in the UK

Chard26Chard26 Member Posts: 49 ■■□□□□□□□□
in Other Security Certifications
Hi Guys,

I have been asked by my boss if I could perform a PenTest against one of our a clients. Now i have been delving into pentest for a while and im ok with using some of the tools. So my questions are

1, Do I need to be qualified to do a Pentest ?
2, Should I notify the Police of what i will be doing ?
3, Should I notify my ISP ? (the test will be performed out of hours from my home)

I have had a look on google and most of the stuff i find relates to the Computer Misuse Act of 1998. I just want to cover my own back if things go wrong.

Thanks for readig and taking the time to answer

Kind Regards
Chard
· Share on FacebookShare on Twitter

Comments

  • nicklauscombsnicklauscombs Member Posts: 885
    does your company have expressed written consent to perform tests on the client's environment? if not you better think twice before doing anything especially from your home.

    the questions you are asking should be fielded by the legal counsel of your company.
    WIP: IPS exam
    · Share on FacebookShare on Twitter
  • Chard26Chard26 Member Posts: 49 ■■□□□□□□□□
    Yeah we have full consent from the client and they are aware of the tests i will be performing. I was just unsure of all the legal requirements before we went ahead with this test.

    Thanks for the reply
    · Share on FacebookShare on Twitter
  • afcyungafcyung Member Posts: 212
    Chard26 wrote: »
    I was just unsure of all the legal requirements before we went ahead with this test.

    I think you should consult your legal counsel for this question. They are the subject matter experts and should be answering this type of question
    · Share on FacebookShare on Twitter
Sign In or Register to comment.