Penetration Testing Agreement Template
This Penetration Testing Agreement (“Agreement”) is entered into on [Date], by and between:
Client:
Name: __________________________
Address: __________________________
Email: __________________________
Phone: __________________________
Service Provider:
Name: __________________________
Address: __________________________
Email: __________________________
Phone: __________________________
Collectively referred to as the “Parties.”
1. Purpose
The purpose of this Agreement is to authorize and govern penetration testing services to identify and mitigate potential vulnerabilities in the Client’s systems and infrastructure.
2. Scope of Work
The testing will cover the following:
-
Networks: [Specify IP ranges, servers, routers, etc.]
-
Applications: [Specify web apps, APIs, mobile apps, etc.]
-
Physical security (if applicable).
-
Social engineering attempts (if applicable).
Networks: [Specify IP ranges, servers, routers, etc.]
Applications: [Specify web apps, APIs, mobile apps, etc.]
Physical security (if applicable).
Social engineering attempts (if applicable).
Specific exclusions: [e.g., production databases, critical systems not to be tested].
A detailed scope of work is attached as Exhibit A.
3. Testing Schedule
Start date: [Date]
End date: [Date]
Testing will occur during the following hours to minimize operational disruptions: [Timeframe].
4. Methodology
The Service Provider shall conduct testing using recognized ethical hacking techniques and frameworks such as OWASP, NIST, or ISO standards.
No destructive or disruptive actions shall be taken without prior written consent.
5. Reporting
-
A preliminary report will be provided within [X days] of test completion.
-
A final comprehensive report, including vulnerabilities and remediation recommendations, will be delivered within [X days].
-
Reports shall be treated as confidential information.
A preliminary report will be provided within [X days] of test completion.
A final comprehensive report, including vulnerabilities and remediation recommendations, will be delivered within [X days].
Reports shall be treated as confidential information.
6. Confidentiality
Both Parties agree to maintain strict confidentiality regarding all information accessed or disclosed during the engagement, including vulnerabilities, system data, and results.
Confidential information shall not be shared with third parties without prior written consent.
7. Legal Authorization
The Client grants explicit legal authorization to the Service Provider to conduct penetration testing as defined in this Agreement.
The Client assumes responsibility for securing any necessary third-party consents (e.g., from hosting providers).
8. Liability Limitations
-
The Service Provider’s liability is limited to the total fees paid under this Agreement.
-
The Client agrees to indemnify the Service Provider against claims arising from the Client’s misuse of findings or failure to implement remediation steps.
The Service Provider’s liability is limited to the total fees paid under this Agreement.
The Client agrees to indemnify the Service Provider against claims arising from the Client’s misuse of findings or failure to implement remediation steps.
9. Fees and Payment
-
Total fee: $[Amount]
-
Payment terms: [X]% due upon signing, [X]% upon delivery of final report.
Late payments are subject to [X]% interest per month.
Total fee: $[Amount]
Payment terms: [X]% due upon signing, [X]% upon delivery of final report.
Late payments are subject to [X]% interest per month.
10. Termination
Either Party may terminate this Agreement with [X days] written notice.
Upon termination, the Client shall pay for all work completed up to the termination date.
11. Governing Law
This Agreement shall be governed by and construed in accordance with the laws of [State/Country].
12. Entire Agreement
This document constitutes the entire agreement between the Parties and supersedes all prior negotiations and agreements.
Signatures
Client Signature: ____________________________ Date: _________
Printed Name & Title: _________________________________________
Service Provider Signature: ____________________________ Date: _________
Printed Name & Title: _________________________________________