[Owasp-leaders] Sample Scan Auth Letter

Josh Sokol josh.sokol at owasp.org
Fri Sep 27 14:08:05 UTC 2013


Patrick,

This is the one that I've been using for years....

*Memorandum for File *

*Subject: *Vulnerability Assessment and Penetration Testing Authorization

*Date:* 9/27/2013



To properly secure this organization's information technology assets, the
information security team is required to assess our security stance
periodically by conducting vulnerability assessments and penetration
testing.  These activities involve scanning our desktops, laptops, servers,
network elements, and other computer systems owned by this organization on
a regular, periodic basis to discover vulnerabilities present on these
systems.  Only with knowledge of these vulnerabilities can our organization
apply security fixes or other compensating controls to improve the security
of our environment.

The purpose of this memo is to grant authorization to specific members of
our information security team to conduct vulnerability assessments and
penetration tests against this organization's assets.  To that end, the
undersigned attests to the following:

1) <INSERT TESTER NAMES HERE> have permission to scan the organization's
computer equipment to find vulnerabilities.  This permission is granted
from 9/27/2013 until 9/27/2014.

2) <INSERT EXECUTIVE NAME HERE> has the authority to grant this permission
for testing the organization's Information Technology assets.



Signature:  _______________________

<EXECUTIVE NAME>

<EXECUTIVE TITLE>

Date: __________________________



On Fri, Sep 27, 2013 at 9:02 AM, Patrick Laverty
<patrick.laverty at owasp.org>wrote:

> Does anyone have a sample of a scanning authorization letter they're able
> and willing to share? This is different from the scope of work, this is
> more the get out of jail free letter. This is "I'm going to scan your x, y,
> z on this date, and your stuff could break." and where it gets signed by
> both parties.
>
> I'm googling but not coming up with much for samples.
>
> Thank you.
>
> Patrick Laverty
> OWASP RI
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20130927/c2e0b062/attachment.html>


More information about the OWASP-Leaders mailing list