RE: Sample pent test agreement

• Previous message: Erin Carroll: "RE: Sample pent test agreement"
• In reply to: Erin Carroll: "RE: Sample pent test agreement"
• Next in thread: random: "RE: Sample pent test agreement"
• Reply: random: "RE: Sample pent test agreement"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "'Erin Carroll'" <amoeba@amoebazone.com>
Date: Sun, 26 Jun 2005 23:27:43 +0200

Hey,

Liability, liability, and once again, liability.
You are not liable if they get hacked afterwards. You can't guarantee
anything (zero day, blackbox, etc.)
You are not liable for any damages. (but you could still theoretically
get sued so I'd get good insurance coverage for that)
Then, you need their well written and detailed consent to have you do
things to their systems so nobody accuses you of breaking in.
Another important issue is the scope of the test, so you don't agree on
a fixed price which covers about 2 applications (or servers), and then
get introduced to their mega server/application farm... or simply so
there are no misunderstandings.

These are the most important things, hope I didn't miss anything.

Irene

Irene Abezgauz
Application Security Consultant
Hacktics Ltd.
Mobile: +972-54-6545405
Web: www.hacktics.com

-----Original Message-----
From: Erin Carroll [mailto:amoeba@amoebazone.com]
Sent: Sunday, June 26, 2005 6:37 PM
To: 'evb'; pen-test@securityfocus.com
Subject: RE: Sample pent test agreement

Everyone,

Actually I'd like to expand upon Eric's question to the list a bit. What
are
some of the common terms/agreements pen-testers should include in their
contracts and why? Examples of how such terms (or lack of) in writing
have
become issues during pen-testing would be interesting to hear.

Erin Carroll
"Do Not Taunt Happy-Fun Ball"

-----Original Message-----
From: evb [mailto:swiver@cox.net]
Sent: Sunday, June 26, 2005 9:13 AM
To: pen-test@securityfocus.com
Subject: RE: Sample pent test agreement

Might anyone be kind enough to share with me a sample penetration
testing
agreement (written contract) to use with clients so that I need not
reinvent
the wheel? Thank you so much.

Eric
tossing_salads@hotmail.com

• Previous message: Erin Carroll: "RE: Sample pent test agreement"
• In reply to: Erin Carroll: "RE: Sample pent test agreement"
• Next in thread: random: "RE: Sample pent test agreement"
• Reply: random: "RE: Sample pent test agreement"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages RE: Sample pent test agreement ... I agree completely with Irene. ... Subject: Sample pent test agreement ... Liability, liability, and once again, liability. ... (Pen-Test) RE: Sample pent test agreement ... Subject: Sample pent test agreement ... Might anyone be kind enough to share with me a sample penetration testing ... agreement (written contract) to use with clients so that I need not reinvent ... (Pen-Test)