Metasploit mailing list archives

Re: Sample Contracts for Pen Testing

From: Daniel Clemens <daniel.clemens () packetninjas net>
Date: Thu, 30 Aug 2012 22:52:50 -0400

The key is "indemnification" for anything that breaks and a clause protecting you from being prosecuted for computer 
misuse. Explain this to your lawyer and then have them write thing up for you. 

If you don't have a lawyer or LLC or legal entity you also open yourself up to the possibility of personal liability 
even if you have a "get out of jail free card". 

Lastly, you should also consider having errors and emissions insurance and professional liability insurance. 

Don't get bogged down in the exact details of what your doing, get your lawyer to help you write up things for your 
legal paperwork, then create your statement of work for the client. 

Daniel Clemens
Packetninjas L.L.C 
c. 205.567.6850
o. 866.267.8851 x202


On Aug 30, 2012, at 10:01 PM, Stephen Haywood <stephen () averagesecurityguy info> wrote:

It's not a contract, but Pentest-Standard.org has a lot of good information to think about concerning contracts and 
pre-engagment planning. http://www.pentest-standard.org/index.php/Pre-engagement

On Mon, Aug 27, 2012 at 1:06 PM, Chip <jeffschips () gmail com> wrote:
Hello All,

Would anyone have a sample pentest contract or direct me to where I can find such a contract?

I am most interested in something that would allow our affiliates' company to conduct test phishing and smishing 
emails/sms.

Or any insights into this particular scenario would be appreciated, particularly as it relates to sending smishing 
and phishing emails to employees who bring their own wireless devices into a company environment and use the 
company's network, as well as those employees who use their company-owned wirelessly connected devices at the 
workplace.

Thanks!

_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework




-- 
Stephen Haywood
Information Security Consultant
CISSP, GPEN, OSCP
T: @averagesecguy
W: averagesecurityguy.info

_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework

_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework

Current thread:

Sample Contracts for Pen Testing Chip (Aug 27)
- Re: Sample Contracts for Pen Testing Giles Coochey (Aug 28)
- Re: Sample Contracts for Pen Testing Stephen Haywood (Aug 30)
  - Re: Sample Contracts for Pen Testing Daniel Clemens (Aug 30)
- Re: Sample Contracts for Pen Testing Christian Heinrich (Aug 31)