Terms of Engagement

1. Scope of Services

1.1 Authorized Testing

Researcherlian agrees to perform security assessment services as mutually agreed upon in the Statement of Work (SOW) or testing request form. The scope includes:

• Web application security testing
• API security analysis
• Mobile application assessment
• Vulnerability identification and verification
• Detailed reporting with remediation guidance

1.2 Out of Scope

The following activities are explicitly excluded unless otherwise agreed in writing:

• Denial of Service (DoS) attacks
• Social engineering or phishing attempts
• Physical security assessments
• Testing of third-party systems without explicit authorization
• Exploitation that could cause data loss or service disruption

2. Client Responsibilities

2.1 Ownership Verification

Client represents and warrants that they own or have explicit written authorization to test all systems, applications, and data provided for assessment. Client agrees to provide proof of ownership upon request, which may include:

• Domain email verification
• DNS TXT record confirmation
• Meta tag verification on website
• Legal documentation of ownership

2.2 Notification

Client shall notify all relevant stakeholders, including IT staff, developers, and third-party service providers, of the scheduled security testing to prevent unnecessary alerts or incident response activations.

2.3 Access and Credentials

If testing requires authenticated access, Client shall provide necessary credentials and ensure they have the appropriate permission levels for comprehensive testing.

3. Testing Methodology

3.1 Approach

Researcherlian employs industry-standard testing methodologies including:

• OWASP Testing Guide
• PTES (Penetration Testing Execution Standard)
• NIST SP 800-115
• Custom research techniques

3.2 Tools and Techniques

Testing may involve both automated and manual techniques, including:

• Automated vulnerability scanning
• Manual penetration testing
• Code review (if source code provided)
• Traffic interception and analysis

4. Deliverables

4.1 Security Assessment Report

Upon completion, Researcherlian will provide a comprehensive report including:

• Executive summary for management
• Technical findings with proof of concept
• Risk ratings (Critical, High, Medium, Low)
• Step-by-step remediation guidance
• Retesting recommendations

4.2 Timeline

Initial reports will be delivered within 5-10 business days after testing completion, depending on scope complexity. Urgent critical findings may be communicated immediately.

5. Confidentiality

5.1 Non-Disclosure

Researcherlian agrees to maintain strict confidentiality regarding all Client information, including:

• System architecture and code
• Identified vulnerabilities
• Business logic and proprietary information
• Employee and customer data

5.2 Data Handling

All Client data will be:

• Stored on encrypted systems
• Accessible only to authorized researchers
• Deleted within 30 days after project completion unless otherwise agreed
• Never shared with third parties without explicit consent

6. Limitations of Liability

6.1 No Guarantee

While Researcherlian exercises reasonable care and skill, security assessments cannot guarantee the discovery of all vulnerabilities. No testing methodology can provide 100% assurance of security.

6.2 Liability Cap

To the maximum extent permitted by law, Researcherlian's total liability shall not exceed the fees paid for the specific engagement giving rise to the claim.

6.3 Service Interruption

Researcherlian is not liable for any service interruptions, data loss, or business interruption resulting from security testing, provided such testing was conducted within the agreed scope and with reasonable care.

7. Intellectual Property

7.1 Client IP

All Client intellectual property, including tested systems, code, and data, remains the sole property of the Client.

7.2 Researcher IP

Researcherlian retains ownership of testing methodologies, tools, and generic findings not specific to Client systems. The final report is licensed for Client's internal use.

8. Payment Terms

8.1 Fees

Testing fees are as agreed in the SOW or testing request confirmation. Unless otherwise specified:

• 50% deposit required before testing commences
• 50% due upon report delivery
• Invoices payable within 15 days

8.2 Cancellation

Cancellations received less than 48 hours before scheduled testing may incur a 25% cancellation fee.

9. Termination

9.1 By Client

Client may terminate the engagement at any time with written notice. Fees for work completed up to termination date will be due.

9.2 By Researcherlian

Researcherlian may terminate with immediate notice if Client violates these Terms, including unauthorized testing scope expansion or failure to provide required access.

10. Governing Law

These Terms shall be governed by and construed in accordance with the laws of Nigeria, without regard to its conflict of laws provisions. Any disputes shall be resolved through binding arbitration in Katsina, Nigeria.