If I was to do a web app test on a companies site and I didn't spot something and the company was breached via the app I tested what come back could I possibly have ?
How could I protect myself legally ?
Asked
Active
Viewed 108 times
2
-
2If you were contracted to test it, it depends on the terms of your contract. Whether or not you were contracted, it depends on local law. Read your contract and talk to a lawyer in your jurisdiction; legal advice is off-topic here. – cpast Feb 18 '15 at 20:21
1 Answers
3
Pentest reports should never give assurance. You can't state that a webapplication is secure, you can only state you didn't find anything or that you did find things. It's important you do not make yourself liable and that your contracts are waterproof as to ensure you do not imply that you guarantee the security of the application.
Lucas Kauffman
- 54,169
- 17
- 112
- 196