Penetration Testing mailing list archives

Re: [PEN-TEST] Contract/disclaimer for penetration testers

From: Jeff Deitz <JeffD () VSP COM>
Date: Mon, 15 Jan 2001 15:17:41 -0800

Sorry, there is no contract or disclaimer information on this website, only
a form to sign up for their service.

In fact, there is no contact or company information on this website, is this
a hacker website?
I would never trust any company that does not have full company information
and privacy statements on its website. They state that you fill out the
form, they send you something to sign and you fax it back to them. Are they
the CIA in disguise that they will not give you any information other then a
email address and fax number?

I think this site would be a perfect example of what NOT to look for in a
company doing penetration testing.


Jeff Deitz
Senior Systems Architect


-----Original Message-----
From: John Martin [mailto:john.martin () MARCONI COM]
Sent: Saturday, January 13, 2001 10:27 AM
To: PEN-TEST () SECURITYFOCUS COM
Subject: Re: [PEN-TEST] Contract/disclaimer for penetration testers


Hi

Try www.maxvision.net/

This question also raises issues about the forthcoming RIP law in UK, which
comes into force in June 2001.  Does this law affect existing
authorisation/liability contracts, when conducting Penetration testing,
particularly externally via an ISP?  If so, how can we protect ourselves?
What needs to be changed in existing contracts?





-----Original Message-----
From: Allan Pratt [mailto:allan_pratt () HOTMAIL COM]
Sent: 12 January 2001 18:41
To: PEN-TEST () SECURITYFOCUS COM
Subject: [PEN-TEST] Contract/disclaimer for penetration testers


Hi,

I recollect seeing a few months ago on this list a URL that was posted for a
contract that a penetration testing company had their clients sign.

The contract stated what the penetration testers would do and what other
issues that come up in the process of performing a penetration test.   This
included a liability waiver.

I can't find that posting. Does anyone recollect this URL or a similar
document I can download?

Thanks,

Allan



_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com

Current thread:

Re: [PEN-TEST] Contract/disclaimer for penetration testers John Martin (Jan 15)
- Re: [PEN-TEST] Contract/disclaimer for penetration testers Steve Goldsby (Jan 15)
- <Possible follow-ups>
- Re: [PEN-TEST] Contract/disclaimer for penetration testers Jeff Deitz (Jan 15)
  - Re: [PEN-TEST] Contract/disclaimer for penetration testers Max Vision (Jan 15)
- Re: [PEN-TEST] Contract/disclaimer for penetration testers Jeff Deitz (Jan 16)