Penetration Testing mailing list archives
RE: Pen Testing Company and Legal Documentation
From: "Levenglick, Jeff" <JLevenglick () fhlbatl com>
Date: Wed, 28 Feb 2007 15:32:27 -0500
I would agree. Pen testing involves a lot of "cover your a$$". Not only do you need signed docs to cover what you will be testing and when, but you need docs to explain what you are and are not guaranteeing. In other words - If you pen test them today and give them a thumbs up, you need to make sure that they do not hold you libel if they get hacked in the future. Ex: a doc that explains that OS's need to be patched current and is their responsibility or explain that a bug found after your pen test is not your fault....ect.. -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Fontanez Martin Sent: Wednesday, February 28, 2007 11:26 AM To: Ricardo Mourato; pen-test () securityfocus com Subject: RE: Pen Testing Company and Legal Documentation Hmm, if you are asking questions like these, you probably need to hire a consultant or take appropriate course work in the area... -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Ricardo Mourato Sent: Monday, February 26, 2007 3:34 PM To: pen-test () securityfocus com Subject: Pen Testing Company and Legal Documentation hi folks, i'm thinking in creating a new department/service in my company. In this case focusing in penetration testing, nowadays we offer some services such as network consulting, VoIP, Server administration (Linux, BSD and windows) and other services that companys like my own do.. some of our customers frequently ask us about who can check if their networks are secure, check their security policies and other thinks, including penetration testing. my problem is, what documentation do i need to do this? i need some lawier to write any kind of agreement? or otherwise i can get into troubles? in more simple words, i think that i need papers (agreemnets, contracts, or whatever...) to do some penetration testing LEGALLY without getting on jail :P i'm correct? tnks in advice. ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=7016 00000008bOW ------------------------------------------------------------------------ ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=7016 00000008bOW ------------------------------------------------------------------------ ----------------------------------------- This e-mail message is private and may contain confidential or privileged information. ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
Current thread:
- RE: Pen Testing Company and Legal Documentation Levenglick, Jeff (Mar 01)