If I was to do a web app test on a companies site and I didn't spot something and the company was breached via the app I tested what come back could I possibly have ?
How could I protect myself legally ?
If I was to do a web app test on a companies site and I didn't spot something and the company was breached via the app I tested what come back could I possibly have ?
How could I protect myself legally ?
Pentest reports should never give assurance. You can't state that a webapplication is secure, you can only state you didn't find anything or that you did find things. It's important you do not make yourself liable and that your contracts are waterproof as to ensure you do not imply that you guarantee the security of the application.