Question on Legality

Magick17 · November 26, 2016, 3:09pm

Hi there,

I am very excited to take part in bug crowd. All my life I’ve wanted to be a penetration tester, but I feel no one will hire me due to the fact I have an associates degree. Regardless, I had a quick question for you guys (and gals, maybe? no? ok).

It’s embarrassing, but do you guys do you web application testing from home? I’m just paranoid that my ISP is going to call me and be like “I noticed you doing a lot of scans”. Or I’m afraid that the company will call my ISP and say “our Snort box detected that IP XX.XX.XX.XX is performing SQL injections on our web app”.

Long story short, are there any legal complications to web app testing?
Should I use a VPS or VPN?

aaronott · November 28, 2016, 12:40am

Hey Magic17, Welcome!

Sure I do my testing from home. As long as you are following the rules of engagement for companies that are signed up with bugcrowd, you should be fine. Make sure you check the Exclusions for each of the projects.

For other sites, you should never do penetration testing without a signed agreement. The agreement should contain the scope of what is to be tested and what is off limits.

As for your associates degree, there are many in the security field that don’t even have that degree but through practice, they’ve found good jobs. Keep practicing and learning my friend!

Magick17 · November 28, 2016, 2:38am

Thanks for your response and thanks for the encouragement.

Topic		Replies	Views
Total noob (non-techie)! Starting a career in bug hunting! Starter Zone	7	7507	January 3, 2020
Answer to the legality of bounty hunting? Bugcrowd Discussion	1	2681	January 28, 2017
How to start in BugCrowd Starter Zone	3	3007	July 28, 2022
Late Start - Where to begin? Bugcrowd Discussion	2	3218	November 13, 2018
LevelUp 0x02 - JHaddix, Bug Bounty Hunter Methodology v3 LevelUp Conference	7	7376	January 19, 2019

Question on Legality

Related topics