Question on Legality


#1

Hi there,

I am very excited to take part in bug crowd. All my life I’ve wanted to be a penetration tester, but I feel no one will hire me due to the fact I have an associates degree. Regardless, I had a quick question for you guys (and gals, maybe? no? ok).

It’s embarrassing, but do you guys do you web application testing from home? I’m just paranoid that my ISP is going to call me and be like “I noticed you doing a lot of scans”. Or I’m afraid that the company will call my ISP and say “our Snort box detected that IP XX.XX.XX.XX is performing SQL injections on our web app”.

Long story short, are there any legal complications to web app testing?
Should I use a VPS or VPN?


#2

Hey Magic17, Welcome!

Sure I do my testing from home. As long as you are following the rules of engagement for companies that are signed up with bugcrowd, you should be fine. Make sure you check the Exclusions for each of the projects.

For other sites, you should never do penetration testing without a signed agreement. The agreement should contain the scope of what is to be tested and what is off limits.

As for your associates degree, there are many in the security field that don’t even have that degree but through practice, they’ve found good jobs. Keep practicing and learning my friend!


#3

Thanks for your response and thanks for the encouragement.