|
|
|
|
|
|
by tptacek
2469 days ago
|
|
|
Like: a scenario that comes up all the time in ordinary web application testing: your authorized target interacts with a third-party API, for which you are not authorized to test. Pentesters generally get this right, because if you get it wrong, no matter what your client tells you, you're liable. (Indemnification may come into play here, but it won't matter criminally). |
|
|