• Kusimulkku@lemm.ee
    link
    fedilink
    arrow-up
    10
    ·
    5 days ago

    They need access into your network.

    “Sir we found an issue in your security practises. You let some rando into your network. That’s a terrible idea. My invoice is in the mail.”

    • stetech@lemmy.world
      link
      fedilink
      arrow-up
      1
      ·
      24 hours ago

      You jest, but I’ve read somewhere it’s actually reasonable to provide some amount of info or access to pen testers… since they’re just gonna find out anyway, but if you pay them for a week, you might as well not waste the first 3 days to have them figure the basic setup which doesn’t have an effect on the security analysis/outcome.

    • cactusupyourbutt@lemmy.world
      link
      fedilink
      arrow-up
      6
      ·
      5 days ago

      I was asked to review a project of another company, and needed access to their documentation for that. they gave me access to their whole wiki instead of just a part of it. definitely included that in the report