Chapter 2. Legal and Ethical Considerations

“Then a lawyer said, ‘But what of our Laws, master?’

And he answered:

You delight in laying down laws, Yet you delight more in breaking them.”

—Khalil Gibran, The Prophet

“Character is what you do when no one is watching.”


A company hires a penetration testing firm to perform simulated attacks that would otherwise be illegal. This chapter addresses the ethics, liability, and legal risks of penetration testing.

Ethics of Penetration Testing

Imagine that you were asked by your neighbors to steal the bicycle of their child. The child does not know that you are going to attempt to steal it, but the parents want to judge how difficult it would be if someone were to try to steal it. You know that ...

Get Penetration Testing and Network Defense now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.