Home page logo
/

pen-test logo Penetration Testing mailing list archives

RE: Papers prior to pen-test
From: jgervacio () seguridad unam mx
Date: Tue, 19 Sep 2006 16:59:59 -0500

PENETRATION TESTING CONTRACT
http://www.pwcrack.com/penetration_contract.shtml

Penetration Testing Contract
http://infosecond.com/store/library/Security/Penetration%20Testing%20Contract.pdf
http://72.14.209.104/search?q=cache:-zzf2czXgKEJ:infosecond.com/store/library/Security/Penetration%2520Testing%2520Contract.pdf+Penetration%2520Testing%2520Contract.pdf&hl=es&gl=ar&ct=clnk&cd=1
http://infosecond.com/store/library/Security/Penetration%20Test%20Parameters%20Questionnaire.pdf
http://72.14.209.104/search?q=cache:r11mSks3qkUJ:infosecond.com/store/library/Security/Penetration%2520Test%2520Parameters%2520Questionnaire.pdf+Penetration%2520Test%2520Parameters%2520Questionnaire.pdf&hl=es&gl=ar&ct=clnk&cd=1

Contract drafting for an engagement
http://www.networksecurityarchive.org/html/Pen-Test/2006-05/msg00253.html

--g3--
Quoting Bud Gordon <bud.gordon () hughes net>:

I am no lawyer, but how about this?

Memorandum for File

Subject: Information Technology Security Testing Authorization

Date: MMDDYY

To properly secure its information technology assets, the <Company> is
required to assess its security stance periodically by conducting
information security testing.  These activities involve testing
<Company> computer systems to discover vulnerabilities present on these
systems. Only with knowledge of these vulnerabilities can the <Company>
apply security fixes or other compensating controls to improve the
security of the <Company> information infrastructure.

It is understood that information security testing involves manipulating
system processes and services, and that this process may cause a host to
become unstable.  Even though the likelihood of a system failure is
small, critical or sensitive data should be backed up prior to testing.

The purpose of this memo is to grant authorization <pen tester> to
conduct security testing of the <Company>'s assets.  To that end, the
undersigned attests to the following:

1) The personnel named below have permission to scan / test the
<Company>'s computer equipment to find vulnerabilities.  This permission
is granted for from [date] until [date].

2) <CIO> has the authority to grant this permission for testing the
organization's Information Technology assets.

Bud


-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of Maxime Ducharme
Sent: Tuesday, September 19, 2006 11:47 AM
To: pen-test () securityfocus com
Subject: Papers prior to pen-test


Hello guys

I'm looking for examples of a kind of "contract" prior
to a pen-test, I mean writing down responsabilities
for each parties before doing a pen-test in case anything
goes wrong.

Any ideas ?

TIA

Maxime Ducharme



------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
------------------------------------------------------------------------




------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
------------------------------------------------------------------------




------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault