So one of the apps I develop and maintain is going to get penetration tested.

I recieved an email if I could whitelist all their ips so they could get acces to the system. Without any further details.

Like wtf? Arent you supposed to be testing if you can get acces xD

Next thing they will be asking passwords and keys xD and if I could build in a backdoor.

  • 2
    @sabbonaut I have not signed any contracts yet. So trying to break in now would be illegal
  • 1
    Depends if it's white or black box pen testing.
  • 0
    @LastDigitOfPi its a black box test as far as I've been told.
  • 1
    @MisterArie then you aren't supposed to.
  • 1
    Well it's actually logical. Of course that has to be tested but if that security prevents testing of underlying (and potentially vulnerable) systems/software, you can say it's secure to that point but except for that you can't test shit and then the entire purpose of the scan is gone haha
Your Job Suck?
Get a Better Job
Add Comment