Penetration Testing Contract The below text is a sample contract only and does not obligate XSECURITY to perform

services nder any specified terms or conditions! This contract is for ed cational p rposes only! "nly valid signed contracts will be considered binding! This contract is between XSECURITY #hereinafter referred to as the $provider%& and 'enetration Testing Services b yer #hereinafter referred to as the $client%& for the s pply of 'enetration Testing services by the provider for the client! (hereas the provider provides certain comp ter and systems sec rity cons lting and testing services incl ding 'enetration Testing services) and (hereas the client wishes to retain the provider to provide comp ter and systems sec rity services) specifically 'enetration Testing services) therefore The client does hereby retain the provider for the p rpose of providing 'enetration Testing services on the client*s comp ters and+or systems! The ob,ective of the 'enetration Testing service is to identify and report on sec rity v lnerabilities to allow the client to close the iss es in a planned manner) th s significantly raising the level of their sec rity protection! The client nderstands that Internet sec rity is a contin ally growing and changing field and that testing by XSECURITY does not mean that the client*s site is sec re from every form of attac-! There is no s ch thing as .//0 sec rity testing) and for example it is never possible to test for v lnerabilities in software or systems that are not -nown at the time of testing or the mathematically complete set of all possible inp ts+o tp ts for each software component in se! 1 rther sec rity breaches can and fre2 ently do come from internal so rces whose access is not a f nction of system config ration and+or external access sec rity iss es! The client has provided the provider with certain re2 ired information regarding the scope and range of the tests and the client hereby warrants that all information provided is tr e and acc rate and that the client owns or is a thori3ed to represent the owners of the comp ters and systems described! The client f rther warrants and represents that he+she is a thori3ed to enter into binding legal agreements! The provider has provided a written 2 ote for the services contracted! The client prior to any services being performed by the provider shall ma-e payment for contracted services in f ll! 4 copy of the written 2 ote is attached to this contract as Sched le 4!

The provider anticipates completion of the 2 oted services within 56 days of -ic-7off! 8ic-7off is defined as the day first day that the provider has received cleared payment in f ll for all services as well as original signed contracts! Since the services rendered re2 ire a -ic-7off interview and a post7scan review cond cted with the client) final sched le o tcome is contingent pon client availability! In the event that the services rendered are ongoing) the sched le applies only to the first occ rrence of testing with f rther occ rrences to be sched led individ ally and+or periodically! The provider shall be nder no liability whatever to the b yer for any indirect loss and+or expense #incl ding loss of profit& s ffered by the b yer arising o t of a breach by the provider of this contract! In the event of any breach of this contract by the provider the remedies of the b yer shall be limited to a maxim m of fees paid by the client! 9oth parties shall maintain this contract as confidential! :o information abo t this contract) contract terms) or contract fees shall be released by either party! Information abo t the client*s b siness or comp ter systems or sec rity sit ation that the provider obtains d ring the co rse of it*s wor- will be released to any third party witho t prior written approval! The provider may assign or s b7contract all or any part of its rights and obligations nder this contract to third parties witho t the client*s prior written consent! The provider tili3es a team approach employing experts to test different sec rity aspects! 4ll s b7 contractors employed by the provider shall) however) be bo nd by the terms and conditions of this contract! The provider and the client have imparted and may from time to time impart to each other certain confidential information relating to each other*s b siness incl ding specific doc mentation! Each party agrees that it shall se s ch confidential information solely for the p rposes of the service and that it shall not disclose directly or indirectly to any third party s ch information either expressed or otherwise! (here disclos re to a third party by either party is essential s ch party with the agreement of the other party will prior to any s ch disclos re obtain from any s ch third party d ly binding agreements to maintain in confidence the information to be disclosed to the same extent at least as the parties are bo nd! This contract is s b,ect to the laws of the State of :ew Yor-) US4! 4ll disp tes arising o t of this contract shall be s b,ect to the excl sive , risdiction of the State of ;aryland) US4! :either party shall be liable for any defa lt d e to any act of <od) war) stri-e) loc-o t) ind strial action) fire) flood) dro ght) storm or other event beyond the reasonable control of either party!

XSECURITY Signat re

Title

=ate

Company X

Signat re

Title

=ate