Penetration Testing mailing list archives
Re: [PEN-TEST] Legal aspect of Pen-Test
From: Steve Goldsby <sgoldsby () integrate-u com>
Date: Thu, 5 Oct 2000 15:02:20 -0500
Talk to your attorney on this. However: - The Pen-Tester get traced and the police knocks at his door - We use an "Authorization to Scan" document in case the cops come knocking - The Pen-Tester is beleived to have cause damage to the customer equipment or data during the penetration. - We use a "hold harmless" agreement. Basically, we say "feces occur, and by signing you understand that though we will not intentionally cause damage or system downtime, systems may crash or behave erratically during the penTest. You agree to hold us harmles...blah blah blah" - the customer has followed the security firm's advices and implemented the equired security mesures but is hacked a few days after. - again, the hold harmless. "You understand that this is an ongoing process, and that feces occur, and that we're only providing you an idea of your vulnerabilities. There is no guarantee that new vulnerabilities will not be found and exploited." -----Original Message----- From: Penetration Testers [mailto:PEN-TEST () SECURITYFOCUS COM]On Behalf Of Pascal Longpre Sent: Thursday, October 05, 2000 2:35 PM To: PEN-TEST () SECURITYFOCUS COM Subject: [PEN-TEST] Legal aspect of Pen-Test Hi, Does anyone has a template or an example of what a legal Pen-Test contract looks like, so the security firm is covered in the case where: - The Pen-Tester get traced and the police knocks at his door - The Pen-Tester is beleived to have cause damage to the customer equipment or data during the penetration. - the customer has followed the security firm's advices and implemented the required security mesures but is hacked a few days after. - Any other problem that can arise from the security firms activities I'm looking for the legal stuff or ideas of what it might include. Regards Pascal _________________________________________________________________________ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Share information about yourself, create your own public profile at http://profiles.msn.com.
Current thread:
- [PEN-TEST] Legal aspect of Pen-Test Pascal Longpre (Oct 05)
- Re: [PEN-TEST] Legal aspect of Pen-Test Steve Goldsby (Oct 05)
- <Possible follow-ups>
- Re: [PEN-TEST] Legal aspect of Pen-Test Thompson, Stephen (Oct 05)