Re: [PEN-TEST] Legalities and Liabilities

[Coderian <coderian () CHECKSUM ORG>]

Hallo terug,

Well this is a legal aspect which nowadays can be put in court (if it will
come that far) in different ways. So not to bother anyone with "Cyber" Law I
redirect you to the book of Ryan Russell "Hack proofing you Network internet
tradecraft" in the first chapter he explains the politics. But it as i said
before it depends on the country you live in and it's law.

Greets,

Coderian

Research & Development
checksum.org



> Hallo,
>
>     I have some questions regarding the legal aspects of penetration
> testing (I'm  hoping this hasn't be answered on the list before,
> I haven't had time to keep up for the past couple of weeks).
>
> 1.) Before a pen/sec test takes place, what type of legal documentation
> should be obtained (disclaimers, limitation of liability, etc..)?
> 2.) What are major topics that should be discussed and included in a
> contract between the pen/sec company and their client?  Should a
> contract even be written up in the first place?
> 3.) When conducting a pen/sec test what legal issues should be kept in
> mind (e.g.. get out of jail free type of stuff).
> 5.) After a pen/sec test, if the client's network is cracked, can the
> pen/sec company be held responsible?
> 6.) If the pen/sec company offers services such as actual securing of
> systems, can they be held responsible if the systems they secured are
> cracked?
>
> I'd appreciate as much feed back as possible.  Once again I apologize if
> this has already been discussed.
>
> Thanks,
> Ben Lull
>
> ***
> * Ben Lull
> * ValleyLocal Internet, Inc.
> * Systems Administrator
> ***