New Training: Explaining Key Legal Concepts

In this 5-video skill, CBT Nuggets trainer Shawn Powers discusses the legal concepts that pertain directly to penetration testing at a professional level. Watch this new CompTIA training.

Learn CompTIA with one of these courses:

• CompTIA PenTest+ (PT0-001)

• Penetration Testing Planning and Scoping

This training includes:

• 5 videos

• 16 minutes of training

You’ll learn these topics in this skill:

• Legal Concepts Introduction

• Identifying Legal Contracts

• Considering Environmental and Location Factors

• Obtaining Written Authorization

• Obeying Corporate Policies

Why You Always Need Authorization in a Penetration Testing Contract

A contract to perform penetration testing is not your typical computer services contract, as there can be serious legal ramifications if things go awry. In the United States, it's a crime to access or attempt to access a computer or computer network without authorization or in excess of this authorization.

As what constitutes authorization can be difficult to define, a penetration testing contract should not only grant you authorization to perform the testing but should also state that your customer has the legal authority to authorize the test. This is what is known as a "get out of jail free" card.

But there are also other important elements of a penetration testing contract. It should indicate what you will and won't do and specify the exact scope of the test, such as on what IP addresses you will test. If you are testing software that exists on the cloud, you should further get permission from the cloud provider.