New Training: Explaining Key Legal Concepts
In this 5-video skill, CBT Nuggets trainer Shawn Powers discusses the legal concepts that pertain directly to penetration testing at a professional level. Watch this new CompTIA training.
Learn CompTIA with one of these courses:
This training includes:
16 minutes of training
You’ll learn these topics in this skill:
Legal Concepts Introduction
Identifying Legal Contracts
Considering Environmental and Location Factors
Obtaining Written Authorization
Obeying Corporate Policies
Why You Always Need Authorization in a Penetration Testing Contract
A contract to perform penetration testing is not your typical computer services contract, as there can be serious legal ramifications if things go awry. In the United States, it's a crime to access or attempt to access a computer or computer network without authorization or in excess of this authorization.
As what constitutes authorization can be difficult to define, a penetration testing contract should not only grant you authorization to perform the testing but should also state that your customer has the legal authority to authorize the test. This is what is known as a "get out of jail free" card.
But there are also other important elements of a penetration testing contract. It should indicate what you will and won't do and specify the exact scope of the test, such as on what IP addresses you will test. If you are testing software that exists on the cloud, you should further get permission from the cloud provider.