But since I havn't worked by contract before I would like a nudge in the right direction when it comes to the contracting-part.
Bottomline on the test:
A company that offers hosting and webdesign is in the need of a pentest on their webplatform which include sites designed and coded by them that is hosted on their server.
So basically I will do a "full" pentest, excluding password-attacks and DoS-attacks.
The only thing I get down in the contract so far is:
- The company permits me, under a period of time, conduct the pentest.
- All information and results are confidential.
- As a result of the test, a presentation with the admin which include fixes.
- The test will be conducted within the companies network.
I know that I'm missing ALOT but I would really need someone to nudge me in the right direction.