So here's my question.... I'm a Software Developer and Security Consultant. I specialize in web based application security, SQL Injection, XSS, etc...
I have found numerous web development companies around my area that have created data driven websites or web based applications for their customers. About 75% of these websites/applications they are creating have severe vulnerabilities. Vulnerabilities that can allow a hacker to steal their data, take control of their server, corrupt/delete their data, etc...
being in my shoes how would/could you approach these companies, inform them of their issues and offer your services?
Note: I've broken no laws, crossed no unethical lines in determining these vulnerabilities. I just did some simple tests to determine if any vulnerabilities existed.
I did email one of the companies informing them of their vulnerabilities. I didn't offer my services, but I definitely mentioned that I was a security consultant.
