Penetration Testing mailing list archives
Re: Papers prior to pen-test
From: Eoin <eoin.keary () owasp org>
Date: Wed, 20 Sep 2006 14:53:14 +0100
Did you the legal project at OWASP? On 19/09/06, Bud Gordon <bud.gordon () hughes net> wrote:
I am no lawyer, but how about this? Memorandum for File Subject: Information Technology Security Testing Authorization Date: MMDDYY To properly secure its information technology assets, the <Company> is required to assess its security stance periodically by conducting information security testing. These activities involve testing <Company> computer systems to discover vulnerabilities present on these systems. Only with knowledge of these vulnerabilities can the <Company> apply security fixes or other compensating controls to improve the security of the <Company> information infrastructure. It is understood that information security testing involves manipulating system processes and services, and that this process may cause a host to become unstable. Even though the likelihood of a system failure is small, critical or sensitive data should be backed up prior to testing. The purpose of this memo is to grant authorization <pen tester> to conduct security testing of the <Company>'s assets. To that end, the undersigned attests to the following: 1) The personnel named below have permission to scan / test the <Company>'s computer equipment to find vulnerabilities. This permission is granted for from [date] until [date]. 2) <CIO> has the authority to grant this permission for testing the organization's Information Technology assets. Bud -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Maxime Ducharme Sent: Tuesday, September 19, 2006 11:47 AM To: pen-test () securityfocus com Subject: Papers prior to pen-test Hello guys I'm looking for examples of a kind of "contract" prior to a pen-test, I mean writing down responsabilities for each parties before doing a pen-test in case anything goes wrong. Any ideas ? TIA Maxime Ducharme ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php ------------------------------------------------------------------------ ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php ------------------------------------------------------------------------
-- Eoin Keary OWASP - Ireland http://www.owasp.org/local/ireland.html ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
Current thread:
- Papers prior to pen-test Maxime Ducharme (Sep 19)
- RE: Papers prior to pen-test Bud Gordon (Sep 19)
- RE: Papers prior to pen-test jgervacio (Sep 19)
- Re: Papers prior to pen-test Eoin (Sep 20)
- RE: Papers prior to pen-test Steve Armstrong (Sep 19)
- RE: Papers prior to pen-test Maxime Ducharme (Sep 21)
- RE: Papers prior to pen-test Bud Gordon (Sep 19)