From: Levenglick, Jeff (JLevenglick@fhlbatl.com)
Date: Wed Feb 28 2007 - 15:32:27 EST
I would agree.
Pen testing involves a lot of "cover your a$$".
Not only do you need signed docs to cover what you will be testing and
when, but you need docs to explain what you are and are not
guaranteeing.
In other words - If you pen test them today and give them a thumbs up,
you need to make sure that they do not hold you libel if they get hacked
in the future. Ex: a doc that explains that OS's need to be patched
current and is their responsibility or explain that a bug found after
your pen test is not your fault....ect..
-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
On Behalf Of Fontanez Martin
Sent: Wednesday, February 28, 2007 11:26 AM
To: Ricardo Mourato; pen-test@securityfocus.com
Subject: RE: Pen Testing Company and Legal Documentation
Hmm, if you are asking questions like these, you probably need to hire a
consultant or take appropriate course work in the area...
-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
On Behalf Of Ricardo Mourato
Sent: Monday, February 26, 2007 3:34 PM
To: pen-test@securityfocus.com
Subject: Pen Testing Company and Legal Documentation
hi folks, i'm thinking in creating a new department/service in my
company. In this case focusing in penetration testing, nowadays we offer
some services such as network consulting, VoIP, Server administration
(Linux, BSD and windows) and other services that companys like my own
do..
some of our customers frequently ask us about who can check if their
networks are secure, check their security policies and other thinks,
including penetration testing.
my problem is, what documentation do i need to do this? i need some
lawier to write any kind of agreement? or otherwise i can get into
troubles?
in more simple words, i think that i need papers (agreemnets, contracts,
or whatever...) to do some penetration testing LEGALLY without getting
on jail :P i'm correct?
tnks in advice.
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=7016
00000008bOW
------------------------------------------------------------------------
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=7016
00000008bOW
------------------------------------------------------------------------
-----------------------------------------
This e-mail message is private and may contain confidential or
privileged information.
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:37 EDT