Penetration Testing mailing list archives

RE: Pen Test Contracts


From: "David M. Zendzian" <dmz () dmzs com>
Date: Wed, 12 Jul 2006 15:54:58 -0700

I know you will receive a lot of responses but a question about you and your business...

Do you have a company lawyer? You will need to modify whatever examples you receive to match your business and 
customers.

Do you have liability insurance? If I need to explain why then you shouldn't be doing this work :)

Good luck!
dmz

-----Original Message-----
From: rkraus () telcomtex net
To: pen-test () securityfocus com
Sent: 7/12/06 9:33 AM
Subject: Pen Test Contracts

Hello All,  I am curious if anyone happens to have a few documents that may assist me. I am not looking to re-create 
the wheel and would appreciate any help.  I am looking for a few templates that I can use for (of course I would modify 
them to reflect my organizations):  1.    Internal Approval for penetration testing. This is the type you would use to 
gain written approval from your internal management to perform penetration testing on your own network.  2.    Customer 
Approval Contract for External Penetration Testing - This form is used for getting written approval from your customers 
to perform penetration testing on their networks. This usually will include the scope and any guidelines for the 
engagement of the pen-testing activities.  3. Proposal. If anyone has a example of a proposal for costing information 
for different services.  I have found a few on the internet but most are very brief and do not cover what I would think 
a normal agreement would cover.  If you wish to email me directly I would not mind at all. Thanks for any assistance 
the mail-list can provide!!  Thanks,   Rob Kraus

------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security? 
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's 
Choice Award from eWeek. As attacks through web applications continue to rise, 
you need to proactively protect your applications from hackers. Cenzic has the 
most comprehensive solutions to meet your application security penetration 
testing and vulnerability management needs. You have an option to go with a 
managed service (Cenzic ClickToSecure) or an enterprise software 
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can 
help you: http://www.cenzic.com/news_events/wpappsec.php 
And, now for a limited time we can do a FREE audit for you to confirm your 
results from other product. Contact us at request () cenzic com for details.
------------------------------------------------------------------------------




------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security?
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's
Choice Award from eWeek. As attacks through web applications continue to rise,
you need to proactively protect your applications from hackers. Cenzic has the
most comprehensive solutions to meet your application security penetration
testing and vulnerability management needs. You have an option to go with a
managed service (Cenzic ClickToSecure) or an enterprise software
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can
help you: http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to confirm your
results from other product. Contact us at request () cenzic com for details.
------------------------------------------------------------------------------


Current thread: