AUTHORIZATION, CONSENT AND INDEMNITY TO CONDUCT SECURITY ASSESSMENT (TURBOSEC VULNERABILTY ASSESSMENT) TESTS ON ORGANIZATION'S WEB SITE(S) / WEB APPLICATION(S).
You hereby authorize Skarpsinne InfoTech(which term includes any and all personnel and officers of the company, whether directly or indirectly employed, and partners or third-party providers that are duly authorized and responsible for the execution of this free demo) to conduct security assessment and testing activities of the Web application(s) described below.
LIST OF ASSETS UNDER PURVIEW OF TURBOSEC:
- Auditing your web application
- 3 day web application audit
- Executive report on completion
The following restrictions shall apply to this authorization:
This authorization shall be in effect from the time you agree by signing up for demo
Pursuant to granting this authorization, You declare that:
- You are the owner of the website to be tested and that the undersigned has the proper authority to allow Skarpsinne InfoTech to perform the necessary security assessment, testing and / or verification activities.
- You have created a full back up all systems to be tested and has verified that the backup procedure will enable you to restore systems to their pre-test state as Skarpsinne InfoTech do not assume any responsibility of restoration of systems to original state. This is only done under circumstances caused by the use of any non-destructive exploit or payload drop.
- Client Name recognizes and appreciates the fact that the services to be provided will be delivered by the use of network tools and techniques devised to detect security vulnerabilities, and that it is impossible to identify all the weaknesses or risks involved.
- Client Name is authorizing Skarpsinne InfoTech to carry out such activities to detect security vulnerabilities and, as permitted within the scope of the contract, to penetrate / exploit the vulnerabilities as a risk / threat identification exercise.
- Client Name understands and accepts that a vulnerability assessment, penetration test, or application security assessment is carried out by hacking into the systems /infrastructure / applications and that the techniques may be similar to those used by a malicious person.
- Client Name accepts that they have been appropriately and adequately informed about that tests to be carried out in respect of the approach, methodology, tools, exploits, ethical issues and risks. That these tests are designed to be non-destructive, however, in the event of any disruption (due to the testing) Skarpsinne InfoTech will not be held liable for any losses or claims. Our testers will exploit vulnerabilities that are discovered, only for the purpose of obtaining a screen shot as a proof-of-concept that will be submitted as a part of the report.
- Our standard test procedure includes rollback (in event of an intrusion incident) and cleanup (after completion of test activities). As indicated earlier in this document we are not responsible for returning the test environment to current state but will only rollback any change caused as a result of any exploit or payload that has been used by us during the course of the testing.
- Client Name is aware that the laws of different countries may apply to the activities to be carried out, and, as owners of the facilities, infrastructure, applications or websites in the various geographies, they are hereby, unconditionally, indemnifying Skarpsinne InfoTech from any action, claim, liability or accusation arising out of the execution of the contract under reference.
It is stated for the record that a non-disclosure agreement (NDA) has been executed by Skarpsinne InfoTech in favor of Client Name and that the terms of the NDA apply to any and all personnel authorized to work on this testing assignment. As a reverse NDA, executed by Client Name in favor of Skarpsinne InfoTech, it is agreed that the any reports submitted will not be shared with third parties (unless agreed to) and will be used for internal risk management purposes as reports will carry Skarpsinne InfoTech proprietary information relating to approach, methodology and knowledgebase.
Under the official seal and signature, the Client Name agrees and accepts the various terms indicated above and confirms the consent to the same and to the indemnification of Skarpsinne InfoTech as the vendor of the required services.
Both parties also agree to the inclusion of any other terms, conditions and guidelines, not stated above but as per established good and ethical industry and business practices may also apply in the spirit of this agreement along with mutual contractual obligations. The terms and conditions of this document will be read in addition to the obligations under the non-disclosure, purchase contract or other agreements / MoUs that may have been executed between the two parties.