We will ask the Client to provide a written consent to perform security tests. We will need a proof of Client's ownership of a related service.
We will conduct security testing over a period of 1-3 days. We then report one discovered security flaw, and provide a general insight into the shape of Client platform's security.
We keep all given access confidential. All provided code or technical information, if any, will be stored on an encrypted device and destroyed after the testing is completed.
We keep all discovered security flaws, generated reports and its contents strictly confidential.
We reserve the right to mention Client's brand name, company name, and that we performed cyber security tests on our websites.
In case there is no staging or test environment provided we will only be able to use non-intrusive measures. We can only perform intrusive tests on a staging environment. We might refuse to perform security testing on a live environment.
We don't take responsibility for any possible issues, damage or performance decrease, as a result of security testing. Tests are free thus come with no warranty.