I've been following this thread and have noticed that no one here is
considering the liability of a "real" pen test. Unless you are testing
QA or Dev environments, anything you find could not only prove that a
compromise is real but also bring that business offline, and since you
don't know when...
considering the liability of a "real" pen test. Unless you are testing
QA or Dev environments, anything you find could not only prove that a
compromise is real but also bring that business offline, and since you
don't know when...
[ more ]