From: David M. Zendzian (dmz@dmzs.com)
Date: Wed Jul 12 2006 - 18:54:58 EDT
I know you will receive a lot of responses but a question about you and your business...
Do you have a company lawyer? You will need to modify whatever examples you receive to match your business and customers.
Do you have liability insurance? If I need to explain why then you shouldn't be doing this work :)
Good luck!
dmz
-----Original Message-----
From: rkraus@telcomtex.net
To: pen-test@securityfocus.com
Sent: 7/12/06 9:33 AM
Subject: Pen Test Contracts
Hello All, I am curious if anyone happens to have a few documents that may assist me. I am not looking to re-create the wheel and would appreciate any help. I am looking for a few templates that I can use for (of course I would modify them to reflect my organizations): 1. Internal Approval for penetration testing. This is the type you would use to gain written approval from your internal management to perform penetration testing on your own network. 2. Customer Approval Contract for External Penetration Testing - This form is used for getting written approval from your customers to perform penetration testing on their networks. This usually will include the scope and any guidelines for the engagement of the pen-testing activities. 3. Proposal. If anyone has a example of a proposal for costing information for different services. I have found a few on the internet but most are very brief and do not cover what I would think a normal agreement would cover. If you wish to email me directly I would no
t mind at all. Thanks for any assistance the mail-list can provide!! Thanks, Rob Kraus
------------------------------------------------------------------------------
This List Sponsored by: Cenzic
Concerned about Web Application Security?
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's
Choice Award from eWeek. As attacks through web applications continue to rise,
you need to proactively protect your applications from hackers. Cenzic has the
most comprehensive solutions to meet your application security penetration
testing and vulnerability management needs. You have an option to go with a
managed service (Cenzic ClickToSecure) or an enterprise software
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can
help you: http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to confirm your
results from other product. Contact us at request@cenzic.com for details.
------------------------------------------------------------------------------
------------------------------------------------------------------------------
This List Sponsored by: Cenzic
Concerned about Web Application Security?
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's
Choice Award from eWeek. As attacks through web applications continue to rise,
you need to proactively protect your applications from hackers. Cenzic has the
most comprehensive solutions to meet your application security penetration
testing and vulnerability management needs. You have an option to go with a
managed service (Cenzic ClickToSecure) or an enterprise software
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can
help you: http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to confirm your
results from other product. Contact us at request@cenzic.com for details.
------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:56:15 EDT