RE: Pen Testing Company and Legal Documentation

From: Fontanez Martin (Fontanez.Martin@pbgc.gov)
Date: Wed Feb 28 2007 - 11:26:03 EST

• Next message: Sam Rakowski: "Re: Penetration Testing Framework 0.24 released"
• Previous message: Darren Webb: "RE: BEA Weblogic pentest"
• In reply to: Ricardo Mourato: "Pen Testing Company and Legal Documentation"
• Next in thread: Levenglick, Jeff: "RE: Pen Testing Company and Legal Documentation"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hmm, if you are asking questions like these, you probably need to hire a
consultant or take appropriate course work in the area...

-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
On Behalf Of Ricardo Mourato
Sent: Monday, February 26, 2007 3:34 PM
To: pen-test@securityfocus.com
Subject: Pen Testing Company and Legal Documentation

hi folks, i'm thinking in creating a new department/service in my
company. In this case focusing in penetration testing, nowadays we offer
some services such as network consulting, VoIP, Server administration
(Linux, BSD and windows) and other services that companys like my own
do..
some of our customers frequently ask us about who can check if their
networks are secure, check their security policies and other thinks,
including penetration testing.
my problem is, what documentation do i need to do this? i need some
lawier to write any kind of agreement? or otherwise i can get into
troubles?
in more simple words, i think that i need papers (agreemnets, contracts,
or whatever...) to do some penetration testing LEGALLY without getting
on jail :P i'm correct?
tnks in advice.

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=7016
00000008bOW
------------------------------------------------------------------------

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------

• Next message: Sam Rakowski: "Re: Penetration Testing Framework 0.24 released"
• Previous message: Darren Webb: "RE: BEA Weblogic pentest"
• In reply to: Ricardo Mourato: "Pen Testing Company and Legal Documentation"
• Next in thread: Levenglick, Jeff: "RE: Pen Testing Company and Legal Documentation"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:37 EDT