العملاء

لنا الفخر أن نخدم مؤسسات بلادنا، ونسعد بتلقي أي تكليف منكم، شريطة أن يكون صادراً ذي الصفة الإدارية التي تخوله في هذا الطلب، و أن يكون ورقياً كتابياً، ويتفق الطرفان (العميل وشركة ستاروير) فيه على البنود التي تضمن للعميل عدم الإضرار به بأي شكلٍ من الأشكال، كما يتفقان على سرية البيانات وعدم تداولها إلا بين الموقعين عليها، حتى ولو كان ذلك بين أحد موظفي الطرفين، إذا لا يجوز تسليم التقرير مثلاً لغير المفوض الذي وقع على عقد الاختبارات الأمنية نفسه.

وتختلف صيغ العقود هنا وفقاً للغتها المطلوبة (عربي/انجليزي)، ووفقاً للوضع المالي، سواء كان مجانياً كلياً للمؤسسات الحكومية، أو مجانياً مبدئياً للكيانات التجارية نقدم هنا تقريراً لا يوضح سوى ثغرة واحدة فقط)، وغير المجاني للكيانات التجارية (التقرير الكامل).

وللاطلاع على عينة من تلك العقود، فقد أرفقنا هنا مثالاً لتعاقد مجاني مع بنك تجاري:

 

 

 

 

 

 

 

Agreement for SecurityTesting

Of The Portal
www.WEBSITE.xxx

Released& signed on00th Feb. 2005.

Between:

"Starware Internet Services"based in 20 Obour Buildings, Cairo, Egypt.
Represented by Mr.xxx, as the xxx.

Herein known as ‘First Party’

“xxxx” based in .
Represented by Mr. As & Head Of division

Herein known as ‘Second Party’

 

Thepartiesagree tothe following:

 

1.The First Party will perform a security test on the Second Party’s portal mentioned above as specified in the Schedule (“Services”) as long as it can perform the Services, externally and without asking for any assistance of any kind from the Second Party or its representatives, whether before, during or after the performance of the Services, subject of this contract, except in a new contract that both parties may enter into.

2.Security scans scope will be as follows:

A: Websites: xxx

B: LAN: Yes/No

 

3.The First Party is obligated to perform Services only in accordance with the objectives of security desired, and without prejudice to the basics and standards of the networking or user interfaces, as well as without the appearance of any effect of prejudicing the interests of the Second Party morally and intellectually.

4.It is not allowed for the First Party to cause any disruption or effect changes to the network or the websites of the Second Party for any reason, even for testing purposes, which could harm the interests of the Second Party in any form or way.

5.If the First Party wants to perform a penetration testing that could affect the level of service by the Second Party, then it should obtain an additional written consent from the Second Party. Or it should perform this test in a testing environment provided by the second party to avoid any disruption to the operation of the primary portal.

6.In providing the Services, the First Party Provider must (having due regard for the security concerns inherent in remote access and control of the portal) take appropriate action and maintain appropriate protocols to satisfy its obligations for the protection and security of Second Party’s data and clients.Without limitation the First Party must ensure that:

a.no security requirement of the Second Party is breached through the remote access or control of any server or other hardware or software other than as contemplated in the Schedule;

b.no unauthorized attempt whatsoever is made to access or use in any way the Second Party’s software systems other than as contemplated in the Schedule;

c.direct or indirect access to the Second Party’s system, hardware or software is absolutely restricted to those on the First Party’s personnel who have been approved by the Second Party and who have a need for such access and that access is limited to the minimum access necessary to enable the First Party to comply with its obligations under this contract;

d.none of the Second Party’s data is changed without the express prior written approval of the Second Party;

7.The report which is offered by the First Party to the Second Party will include one vulnerability/risk which can be detected by the First Party. It should be a current risk to the “Online System” of the Second Party. A proof for that security hole is also needed.

8.The Second Party acknowledges that the security report does not include any reference to fix or debug the holes referred to, and that it is fully aware that guidance on how to re-secure will only be provided upon signing an additional contract for paid fees, which is totally differentiated from this contract.

9.The parties mustmutually agree on the date ofthe penetration testing exercise to be conducted by the First Party.

10.The Second Party shall identify a contact person who is technically sound in order to represent the Second Party in dealing with the team of the First Party.

11.The First Party is not entitled to mention any details about the content of this contract or the findings of the testing procedures, to any third party, whether within the Second Party team or others.

a.Any access by the First Party to the Second Party’s portal is only with the clear identification the individual gaining such access; and

b.Any access by the First Party to the Second Party’s portal complies with any other requirements relating to remote access set out in the Schedule (Please refer to point#9).

c.The Second Party shall identify an administrative contact person who is responsible for the managerial agreements between the two parties, and to whom should the First Party present the mentioned security report.

12.The First Party is not entitled to claim for any amount of money for the services stated in this contract.

13.This contract (including any non-contractual obligations arising out of or in connection with the same) will be governed by and construed in accordance with the laws of Egypt as applied by the courts of Cairo.

 

 

First Party:Second Party:


دعوات

  • دعوة عامة للاشتراك في فريق السرت العربي
    انضم لفريقنا إن كنت ترى نفسك أهلاً لها أخلاقياً وفنياً.. اطلع أولاً على اتفاقية التعامل بين الفريق والعضو، وسجل بياناتك في صفحة "الفريق"، ونحن سوف نتصل بك قريباً جداً.
  • دعوة لحضور مسابقة الاختراق الأخلاقي للويب
    والتي تنعقد في مركز مؤتمرات مؤسسة أخبار اليوم، في المبنى الرئيسي الكائن في 6 شارع الصحافة المتفرع من شارع الجلاء بمنتصف القاهرة، والقريب من محطة مترو أنفاق "جمال عبد الناصر".