Penetration Testing mailing list archives
RE: Papers prior to pen-test
From: jgervacio () seguridad unam mx
Date: Tue, 19 Sep 2006 16:59:59 -0500
PENETRATION TESTING CONTRACT http://www.pwcrack.com/penetration_contract.shtml Penetration Testing Contract http://infosecond.com/store/library/Security/Penetration%20Testing%20Contract.pdf http://72.14.209.104/search?q=cache:-zzf2czXgKEJ:infosecond.com/store/library/Security/Penetration%2520Testing%2520Contract.pdf+Penetration%2520Testing%2520Contract.pdf&hl=es&gl=ar&ct=clnk&cd=1 http://infosecond.com/store/library/Security/Penetration%20Test%20Parameters%20Questionnaire.pdf http://72.14.209.104/search?q=cache:r11mSks3qkUJ:infosecond.com/store/library/Security/Penetration%2520Test%2520Parameters%2520Questionnaire.pdf+Penetration%2520Test%2520Parameters%2520Questionnaire.pdf&hl=es&gl=ar&ct=clnk&cd=1 Contract drafting for an engagement http://www.networksecurityarchive.org/html/Pen-Test/2006-05/msg00253.html --g3-- Quoting Bud Gordon <bud.gordon () hughes net>:
I am no lawyer, but how about this? Memorandum for File Subject: Information Technology Security Testing Authorization Date: MMDDYY To properly secure its information technology assets, the <Company> is required to assess its security stance periodically by conducting information security testing. These activities involve testing <Company> computer systems to discover vulnerabilities present on these systems. Only with knowledge of these vulnerabilities can the <Company> apply security fixes or other compensating controls to improve the security of the <Company> information infrastructure. It is understood that information security testing involves manipulating system processes and services, and that this process may cause a host to become unstable. Even though the likelihood of a system failure is small, critical or sensitive data should be backed up prior to testing. The purpose of this memo is to grant authorization <pen tester> to conduct security testing of the <Company>'s assets. To that end, the undersigned attests to the following: 1) The personnel named below have permission to scan / test the <Company>'s computer equipment to find vulnerabilities. This permission is granted for from [date] until [date]. 2) <CIO> has the authority to grant this permission for testing the organization's Information Technology assets. Bud -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Maxime Ducharme Sent: Tuesday, September 19, 2006 11:47 AM To: pen-test () securityfocus com Subject: Papers prior to pen-test Hello guys I'm looking for examples of a kind of "contract" prior to a pen-test, I mean writing down responsabilities for each parties before doing a pen-test in case anything goes wrong. Any ideas ? TIA Maxime Ducharme ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php ------------------------------------------------------------------------ ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php ------------------------------------------------------------------------
------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php ------------------------------------------------------------------------
Current thread:
- Papers prior to pen-test Maxime Ducharme (Sep 19)
- RE: Papers prior to pen-test Bud Gordon (Sep 19)
- RE: Papers prior to pen-test jgervacio (Sep 19)
- Re: Papers prior to pen-test Eoin (Sep 20)
- RE: Papers prior to pen-test Steve Armstrong (Sep 19)
- RE: Papers prior to pen-test Maxime Ducharme (Sep 21)
- RE: Papers prior to pen-test Bud Gordon (Sep 19)