Metasploit mailing list archives
Re: Sample Contracts for Pen Testing
From: Daniel Clemens <daniel.clemens () packetninjas net>
Date: Thu, 30 Aug 2012 22:52:50 -0400
The key is "indemnification" for anything that breaks and a clause protecting you from being prosecuted for computer misuse. Explain this to your lawyer and then have them write thing up for you. If you don't have a lawyer or LLC or legal entity you also open yourself up to the possibility of personal liability even if you have a "get out of jail free card". Lastly, you should also consider having errors and emissions insurance and professional liability insurance. Don't get bogged down in the exact details of what your doing, get your lawyer to help you write up things for your legal paperwork, then create your statement of work for the client. Daniel Clemens Packetninjas L.L.C c. 205.567.6850 o. 866.267.8851 x202 On Aug 30, 2012, at 10:01 PM, Stephen Haywood <stephen () averagesecurityguy info> wrote:
It's not a contract, but Pentest-Standard.org has a lot of good information to think about concerning contracts and pre-engagment planning. http://www.pentest-standard.org/index.php/Pre-engagement On Mon, Aug 27, 2012 at 1:06 PM, Chip <jeffschips () gmail com> wrote: Hello All, Would anyone have a sample pentest contract or direct me to where I can find such a contract? I am most interested in something that would allow our affiliates' company to conduct test phishing and smishing emails/sms. Or any insights into this particular scenario would be appreciated, particularly as it relates to sending smishing and phishing emails to employees who bring their own wireless devices into a company environment and use the company's network, as well as those employees who use their company-owned wirelessly connected devices at the workplace. Thanks! _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework -- Stephen Haywood Information Security Consultant CISSP, GPEN, OSCP T: @averagesecguy W: averagesecurityguy.info _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- Sample Contracts for Pen Testing Chip (Aug 27)
- Re: Sample Contracts for Pen Testing Giles Coochey (Aug 28)
- Re: Sample Contracts for Pen Testing Stephen Haywood (Aug 30)
- Re: Sample Contracts for Pen Testing Daniel Clemens (Aug 30)
- Re: Sample Contracts for Pen Testing Christian Heinrich (Aug 31)