Legal

Terms & Conditions

Please read these terms carefully before engaging our penetration testing services.

Last updated:

1. Service Overview

InfosecPentest AI ("we," "us," "our") provides AI-assisted, intelligence-driven penetration testing services for web applications. Our methodology combines:

  • AI-Augmented Automated Testing — Our proprietary AI agents handle approximately 70% of the testing workload, performing structured reconnaissance, vulnerability scanning, and exploit validation in significantly less time than traditional methods.
  • Manual Expert Validation — Every engagement includes manual penetration testing by experienced security researchers to validate findings, test business logic, and uncover vulnerabilities that automated tools may miss.
  • Comprehensive Reporting — Detailed reports covering all findings from Informational to Critical severity, with proof-of-concept exploits and remediation guidance.

2. Engagement & Authorization

By engaging our services, you ("the Client") confirm and agree to the following:

  • You are the legal owner or have explicit written authorization from the owner of the system(s) to be tested.
  • You will provide the agreed-upon scope (domain names, URLs, IP ranges) in writing before testing begins.
  • Testing will only be performed within the authorized scope. Any out-of-scope testing requires separate written approval.
  • You accept that penetration testing may cause temporary service disruptions, although we take every precaution to minimize impact.

3. Payment Terms

💳 Full Payment Required Before Testing

Full payment must be received before any testing activity begins. Upon payment confirmation, our team will schedule the engagement and commence testing as per the agreed timeline.

  • Payment before commencement — No reconnaissance, scanning, or manual testing will be initiated until the full engagement fee has been received and confirmed.
  • Scope confirmation — After payment, the Client must confirm the testing scope (domains, URLs) in writing. Testing begins only after both payment and scope are finalized.
  • Full effort guaranteed — Every engagement receives the same level of effort: our AI agents perform automated testing (~70% of coverage), followed by manual expert testing for business logic, authentication flows, and edge cases.
  • Invoice & receipt — A formal invoice and payment receipt will be provided for every engagement.

4. Service Tiers

We offer the following engagement tiers:

Standard Audit — $1,000 / 3 Days

Single domain scope. Full OWASP Top 10 coverage. AI-augmented + manual testing. Verified findings report.

Advanced Red — $3,500 / 15 Days

Multi-domain infrastructure. Extended deep testing. AI-augmented exploit discovery. Comprehensive remediation report.

Custom engagements are available upon request. All pricing is in USD unless otherwise stated.

5. Our Commitment & Deliverables

We are committed to delivering thorough, professional security assessments. For every engagement:

  • All bugs are reported — Whether Informational, Low, Medium, High, or Critical severity — every finding is documented. It is our duty to help secure your application, and no finding is too small to report.
  • Proof-of-concept included — Each vulnerability includes a proof-of-concept exploit or detailed reproduction steps so you can verify and remediate the issue.
  • CVSS scoring — All findings are scored using the Common Vulnerability Scoring System for standardized risk assessment.
  • Remediation guidance — Step-by-step remediation recommendations are provided for every finding.
  • Post-report support — We are available to answer questions about our findings and provide clarification during the remediation phase.

6. Testing Methodology

Our hybrid testing model works as follows:

  • Phase 1 — AI Reconnaissance: Automated attack surface mapping, endpoint discovery, and technology fingerprinting.
  • Phase 2 — Knowledge Analysis: CVE correlation against your detected technology stack using structured vulnerability databases.
  • Phase 3 — AI-Assisted Exploitation: AI agents generate and execute context-aware payloads for OWASP Top 10 vulnerability classes (IDOR, RCE, SSRF, XSS, SQL Injection, etc.).
  • Phase 4 — Manual Validation: Security researchers manually verify all automated findings and perform additional tests for business logic flaws, authentication bypass, and chained attack vectors.
  • Phase 5 — Reporting: Comprehensive report generation with executive summary, technical details, and remediation plan.

7. Confidentiality

  • All information obtained during testing is treated as strictly confidential.
  • We will never disclose vulnerabilities, test data, or client information to any third party without prior written consent.
  • Test data is securely deleted 90 days after the engagement concludes unless otherwise agreed in writing.
  • We do not use client systems, data, or findings for marketing, case studies, or training purposes without explicit permission.

8. Limitation of Liability

  • Our testing services are performed on a best-effort basis. We cannot guarantee the discovery of all vulnerabilities.
  • We are not liable for any damages, losses, or service interruptions that may occur as a result of authorized testing activities.
  • Our total liability for any claim related to our services shall not exceed the total fee paid for the specific engagement.
  • We are not responsible for vulnerabilities introduced after the testing period concludes.

9. Client Responsibilities

  • Provide accurate scope information and access credentials (if applicable) before testing begins.
  • Ensure that all necessary internal approvals and authorizations are obtained prior to the engagement.
  • Notify us promptly of any changes to the testing scope or schedule.
  • Implement recommended remediation measures in a timely manner (at your own discretion).

10. Intellectual Property

  • Custom tools, scripts, and AI models used during testing remain the intellectual property of InfosecPentest AI.
  • Deliverable reports and findings become the property of the Client upon full payment.
  • Clients may not reverse-engineer, redistribute, or resell our testing tools or proprietary methodologies.

11. Governing Law

These terms shall be governed by and construed in accordance with applicable laws. Any dispute arising from these terms or our services shall be resolved through good-faith negotiation first, and through binding arbitration if necessary.

12. Modifications

We reserve the right to update these terms at any time. Changes will be posted on this page with an updated revision date. Continued use of our services after changes constitutes acceptance of the revised terms.

13. Contact

For questions about these terms, please reach out:

⏰ Quick response available 10 AM – 10 PM IST