How to test your own sites for vulnerabilities and not break the law? What licenses are needed for pentesting?

S

Sergey2015-06-25 08:54:48

Burglary protection

Sergey, 2015-06-25 08:54:48

Here I have my web projects. I would like them to be safe. If I scan them with scanners, or use tools like the metasploit framework, will I be using malware and breaking the law? At the same time, if my sites are not sufficiently protected, then I also fall under the responsibility, right? And what if you can’t have vulnerabilities and you can’t check for vulnerabilities either?
I understand that when testing my own projects on a localhost, no one will write an application for me. But why increase the risks, so I want to clarify this issue. I am also interested in the activities of organizations that are engaged in pentesting, they must pass and receive certain licenses, right? Where can I read what licenses to get and where, what exactly do they need for this, how much does it cost?

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

M

morgan, 2015-06-25
@butteff

You can check your sites with anything, except for the approval of the authorities, nothing is required.
To conduct an information security audit, including a pentest, licenses are currently not required, since the previously unified FSTEC license for technical protection activities was divided into several disparate ones and the requirement for a license during an audit was excluded from their number. This applies to organizations providing services to clients.
To carry out measures for the technical protection of information of your own enterprise, no licenses are required.
You can learn more about the issue of licensing - here