Network Security: Detailed info on Re: Papers prior to pen-test

Subject:	Re: Papers prior to pen-test
Date:	Wed, 20 Sep 2006 14:53:14 +0100

Did you the legal project at OWASP?

On 19/09/06, Bud Gordon <bud.gordon@hughes.net> wrote:

I am no lawyer, but how about this?

Memorandum for File

Subject: Information Technology Security Testing Authorization

Date: MMDDYY

To properly secure its information technology assets, the <Company> is
required to assess its security stance periodically by conducting
information security testing.  These activities involve testing
<Company> computer systems to discover vulnerabilities present on these
systems. Only with knowledge of these vulnerabilities can the <Company>
apply security fixes or other compensating controls to improve the
security of the <Company> information infrastructure.

It is understood that information security testing involves manipulating
system processes and services, and that this process may cause a host to
become unstable.  Even though the likelihood of a system failure is
small, critical or sensitive data should be backed up prior to testing.

The purpose of this memo is to grant authorization <pen tester> to
conduct security testing of the <Company>'s assets.  To that end, the
undersigned attests to the following:

1) The personnel named below have permission to scan / test the
<Company>'s computer equipment to find vulnerabilities.  This permission
is granted for from [date] until [date].

2) <CIO> has the authority to grant this permission for testing the
organization's Information Technology assets.

Bud


-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
On Behalf Of Maxime Ducharme
Sent: Tuesday, September 19, 2006 11:47 AM
To: pen-test@securityfocus.com
Subject: Papers prior to pen-test


Hello guys

I'm looking for examples of a kind of "contract" prior
to a pen-test, I mean writing down responsabilities
for each parties before doing a pen-test in case anything
goes wrong.

Any ideas ?

TIA

Maxime Ducharme

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
------------------------------------------------------------------------


------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
------------------------------------------------------------------------

--
Eoin Keary OWASP - Ireland
http://www.owasp.org/local/ireland.html

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------

<Prev in Thread]	Current Thread	[Next in Thread>
Papers prior to pen-test, Maxime Ducharme RE: Papers prior to pen-test, Bud Gordon RE: Papers prior to pen-test, jgervacio Re: Papers prior to pen-test, Eoin <= RE: Papers prior to pen-test, Steve Armstrong RE: Papers prior to pen-test, Maxime Ducharme

Previous by Date:	[Full-disclosure] [Oracle] Rainbow crack table Oracle patch., Fabien Kraemer
Next by Date:	Ethical Hacking online course, winlefu
Previous by Thread:	RE: Papers prior to pen-test, jgervacio
Next by Thread:	RE: Papers prior to pen-test, Steve Armstrong
Indexes:	[Date] [Thread] [Top] [All Lists]