.

Resources: Engagement Documents

<<

KrisTeason

User avatar

Hero Member
Hero Member

Posts: 515

Joined: Sat Sep 08, 2007 7:48 pm

Location: /dev/null

Post Wed Apr 03, 2013 1:14 pm

Resources: Engagement Documents

Often do we hear while taking various Ethical Hacking Training that it is extremely important to define a clear scope, rules of engagement, and pentesting contract prior to starting the engagement. How else would we get our Get out of Jail Free card right? Could someone possibility point me to some open resources of public documents one could use to form their own Pentesting Contract, Rules of Engagement, or anything else that an individual would need to get started officially with a potential client?
eCPPT (Silver/Gold), eWPT, GSEC, GISP, GCIH, OSCP, OSWP
<<

caissyd

User avatar

Hero Member
Hero Member

Posts: 894

Joined: Thu Dec 31, 2009 11:20 am

Location: Ottawa, Canada

Post Wed Apr 03, 2013 1:50 pm

Re: Resources: Engagement Documents

SANS has some useful documents here: http://pen-testing.sans.org/resources/downloads

Is this what you have been looking for?
OSCP, GPEN, GWAPT, GSEC, CEH, CISSP
(aka H1t.M0nk3y)
<<

KrisTeason

User avatar

Hero Member
Hero Member

Posts: 515

Joined: Sat Sep 08, 2007 7:48 pm

Location: /dev/null

Post Wed Apr 03, 2013 3:39 pm

Re: Resources: Engagement Documents

These are perfect. If there are other ones like this out there that anyone knows about. Please link me. Thanks h1t m0nk3y.
eCPPT (Silver/Gold), eWPT, GSEC, GISP, GCIH, OSCP, OSWP
<<

dynamik

Recruiters
Recruiters

Posts: 1119

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Wed Apr 03, 2013 4:06 pm

Re: Resources: Engagement Documents

Also http://www.counterhack.net/permission_memo.html

However, if you're serious, I'd recommend having legal counsel, who is familiar with this type of service, put something together for you. You should also get the proper insurance. Doing this wrong can ruin your career.

If anyone's interested, send me a PM, and I'll put you in touch with the guy I used. I think it was around $1000-1500 for the SoW template and contract. It's not cheap, but these are critical items to get right, and the cost of things going wrong will be substantially higher.
The day you stop learning is the day you start becoming obsolete.
<<

m0wgli

User avatar

Sr. Member
Sr. Member

Posts: 308

Joined: Fri Jul 20, 2012 3:34 pm

Post Wed Apr 03, 2013 4:14 pm

Re: Resources: Engagement Documents

Although it's written with the purpose of a client engaging a tester, Penetration Testing: The Third Party Hacker, it may be helpful in covering the points a client may require. As already mentioned by ajohnson it highlights the need for liability insurance, which I don't see mentioned too often in training.
Last edited by m0wgli on Wed Apr 03, 2013 4:25 pm, edited 1 time in total.
Security + | OSWP | eCPPT (Silver & Gold) | CSTA
<<

venom77

User avatar

Hero Member
Hero Member

Posts: 1905

Joined: Mon Dec 11, 2006 3:23 pm

Post Tue Apr 09, 2013 6:33 am

Re: Resources: Engagement Documents

Check with an insurance person. As mentioned, you need liability and errors/omissions coverage. They're usually aware of "technology" packages. I'm sure price varies by location. Here it was about $1500/year I believe.

As for resources, I'm not really aware of any. I can't share company documents but I can try and answer any specific questions you might have (as can others here I'm sure).

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 1 guest

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software