Penetration Testing mailing list archives
Re: Pen Test--France and Belgium
From: Koen Bossaert <koen.bossaert () gmail com>
Date: Thu, 10 Dec 2009 12:33:16 +0100
Hello Michael, As for Belgium, there are no such special concerns. Just the regular stuff, as mentioned in your post, and complying with the local implementation of EU Data Protection Act. Regards, Koen On Mon, Dec 7, 2009 at 10:31 PM, Michael Daveler <mdaveler () yahoo com> wrote:
Hi List: We are a USA security company and have been asked by our client to perform a two-phase project of the client's third-party vendors/suppliers located in France and Belgium. Phase one will be a vuln scan, and Phase two will be a penetration test. Both phases will have scans/pen tests originating across the Internet. We will be securing the appropriate contracts/agreements/etc. with client, client's third-party vendors, consent forms from third-party vendor's ISP's (to allow scans through their networks to third-party vendor, etc.). And most importantly, will have all contract/agreement work done by legal counsel well-versed in this type of work, and knowledgeable of laws in France and Belgium. In the interim, for the initial fact-finding, looking to see if anyone has put together any checklists, guidance documents or has feedback on things you should/should NOT do while doing scans/pen tests against entities in France and Belgium, what specific laws can be referenced/reviewed, etc. As an example, I have heard that if doing pen tests of entities in France, you need to follow their crypto laws; had to have lawyers approve the crypto algorithms used for setting up encrypted connections going to and from the country; and some other algorithms required registration with the government to use, etc. So any and all details are much appreciated. If appropriate, once I have collected all feedback, I can prepare a summary and post back to the list. Thanks in advance, --Mike ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Pen Test--France and Belgium Michael Daveler (Dec 08)
- Re: Pen Test--France and Belgium Stefan (Dec 08)
- Re: Pen Test--France and Belgium Koen Bossaert (Dec 15)