Results 1 to 6 of 6

Thread: pentesting NDA

  1. #1
    Just burned his ISO
    Join Date
    Jan 2010
    Posts
    2

    Default pentesting NDA

    i am new to this field and i got a project of pentesting a small medical house. i need a pentesting Non-disclosure agreement template so that i can be on the safe side.

  2. #2
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    Quote Originally Posted by jshuja View Post
    i am new to this field and i got a project of pentesting a small medical house. i need a pentesting Non-disclosure agreement template so that i can be on the safe side.
    The best thing for you to do would be to contact a lawyer or two.
    This link will get you started, with some very generic information.
    Pre-site Inspection
    There are a lot of areas that may or may not be affected depending on the scope of the work to be done, having said that there may or may not be different rules/laws to pay attention to.
    Testing a medical companies' patient database will be governed by different rules than say an asterix voip system.
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  3. #3
    Just burned his ISO
    Join Date
    Jan 2010
    Posts
    2

    Default

    thank u for the link. but i am worried about different ways in which i can get the blame for something i wouldnt do...

  4. #4
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    Quote Originally Posted by jshuja View Post
    thank u for the link. but i am worried about different ways in which i can get the blame for something i wouldnt do...
    Which is why I mentioned contacting a lawyer. I don't think others would disagree with me either.
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  5. #5
    Developer
    Join Date
    Mar 2007
    Posts
    6,126

    Default

    This is a perfect example of why weekend warrior pentesting is not a good idea. Most companies have spent lots of money on their nda's and its generally considered a trade secret. If you are unsure of your self do those people a favor and hook them up with a real company.

  6. #6

    Default

    I agree with archangel.amael and purehate. You need to consult a lawyer. Preferably, a lawyer that either specializes in or is familiar with IT and technology. I also recommend (as would the lawyer probably) that you procure E&O insurance before you start your test. That way, if something does go south, you are financially covered.

    You state that your test is against a medical establishment. There are various laws and rules specific to this field. In the United States, I recommend that you brush up on HIPAA laws. If you are in another country, they probably have something similar that you should read up on.

    Maybe you should take up purehate's recommendation and hook up with a company that has experience doing this. If nothing else, for consultation on how to proceed.

    Good luck

    cybrsnpr

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •