Forethreat performs offensive security testing only under explicit written authorization. The documents below govern every engagement and protect both you and us.
No testing is performed against any system without (1) a signed services agreement, (2) an agreed written scope and rules of engagement, and (3) a signed Authorization to Test from a party with the authority to grant it. If a target is hosted by a third party (e.g., a cloud provider), additional provider authorization may be required and is the client's responsibility to confirm.
Each client engagement is governed by a standard document set. We provide these for signature before work begins:
Training and bootcamp participants additionally agree to a Training Services Agreement and a Code of Conduct / Acceptable-Use & Ethics policy.
Findings, client data, and engagement artifacts are treated as strictly confidential, stored securely, and retained only as long as needed to deliver and support the engagement, after which they are securely destroyed on request and per the agreement.
This website does not sell personal information. Information you submit (e.g., by email) is used solely to respond to your inquiry and deliver services. Payment processing is handled by third-party processors (Stripe, PayPal); Forethreat does not store full card numbers.
Penetration testing is a point-in-time, best-effort activity and cannot guarantee discovery of every vulnerability or prevent all breaches. Services are provided subject to the limitation of liability set out in the signed agreement.
