From: Eoin (eoin.keary@owasp.org)
Date: Wed Sep 20 2006 - 09:53:14 EDT
Did you the legal project at OWASP?
On 19/09/06, Bud Gordon <bud.gordon@hughes.net> wrote:
> I am no lawyer, but how about this?
>
> Memorandum for File
>
> Subject: Information Technology Security Testing Authorization
>
> Date: MMDDYY
>
> To properly secure its information technology assets, the <Company> is
> required to assess its security stance periodically by conducting
> information security testing. These activities involve testing
> <Company> computer systems to discover vulnerabilities present on these
> systems. Only with knowledge of these vulnerabilities can the <Company>
> apply security fixes or other compensating controls to improve the
> security of the <Company> information infrastructure.
>
> It is understood that information security testing involves manipulating
> system processes and services, and that this process may cause a host to
> become unstable. Even though the likelihood of a system failure is
> small, critical or sensitive data should be backed up prior to testing.
>
> The purpose of this memo is to grant authorization <pen tester> to
> conduct security testing of the <Company>'s assets. To that end, the
> undersigned attests to the following:
>
> 1) The personnel named below have permission to scan / test the
> <Company>'s computer equipment to find vulnerabilities. This permission
> is granted for from [date] until [date].
>
> 2) <CIO> has the authority to grant this permission for testing the
> organization's Information Technology assets.
>
> Bud
>
>
> -----Original Message-----
> From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
> On Behalf Of Maxime Ducharme
> Sent: Tuesday, September 19, 2006 11:47 AM
> To: pen-test@securityfocus.com
> Subject: Papers prior to pen-test
>
>
> Hello guys
>
> I'm looking for examples of a kind of "contract" prior
> to a pen-test, I mean writing down responsabilities
> for each parties before doing a pen-test in case anything
> goes wrong.
>
> Any ideas ?
>
> TIA
>
> Maxime Ducharme
>
>
>
> ------------------------------------------------------------------------
> This List Sponsored by: Cenzic
>
> Need to secure your web apps?
> Cenzic Hailstorm finds vulnerabilities fast.
> Click the link to buy it, try it or download Hailstorm for FREE.
> http://www.cenzic.com/products_services/download_hailstorm.php
> ------------------------------------------------------------------------
>
>
>
>
> ------------------------------------------------------------------------
> This List Sponsored by: Cenzic
>
> Need to secure your web apps?
> Cenzic Hailstorm finds vulnerabilities fast.
> Click the link to buy it, try it or download Hailstorm for FREE.
> http://www.cenzic.com/products_services/download_hailstorm.php
> ------------------------------------------------------------------------
>
>
-- Eoin Keary OWASP - Ireland http://www.owasp.org/local/ireland.html ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:56:59 EDT