alt Hacker NewsBut I’m responding to the notion that they should’ve had signed documentation with the scope with them. They did. The fact that their own company hung them out to dry by not informing everyone on that list is not the pentesters’ fault.
But I’m responding to the notion that they should’ve had signed documentation with the scope with them. They did. The fact that their own company hung them out to dry by not informing everyone on that list is not the pentesters’ fault.
I wasn't trying to suggest they did or didn't have the right documentation. I honestly don't know. I was just explaining how we normally operated. The idea that the emergency contact wouldn't answer, or even worse deny we had authority seems impossible to me... At least if you're doing things the way we did.