1. Scope of Services
TheCyberXcompany (CyberX)provides Attack Surface Assessments focused on identifying externally visible assets, exposures, vulnerabilities, and related security risks. All assessments are performed from an external perspective and are limited to the agreed-scale as confirmed in writing. These services do not include internal penetration testing, social engineering, denial of service (DoS) testing, formal compliance certification, or continuous security monitoring unless explicitly agreed otherwise in a separate Service Level Agreement (SLA).
2. Nature of the Assessment
An Attack Surface Assessment represents a point-in-time evaluation based on information and exposures available during the specific assessment period. Security risks may change rapidly due to environmental updates, newly discovered vulnerabilities, or external factors beyond the control of CyberX. CyberX does not guarantee the discovery of all possible vulnerabilities or the complete absence of security risks.
3. Authorization and Ownership
By requesting an assessment, the client confirms they are legally authorized to request testing on the specified domains, systems, or digital assets. The client remains fully responsible for ensuring that assessments are conducted only on assets they own or are explicitly permitted to test.
4. Reporting and Use of Results
Assessment results are delivered in a written Architectural Security Briefing intended for the internal use of the client. Reports may not be shared with third parties, published, or redistributed without prior written consent from TheCyberXcompany, except where required by law or for formal audit preparation.
5. No Exploitation or Disruption
TheCyberXcompany performs all assessments in a non-destructive manner. No deliberate exploitation of vulnerabilities, service disruption, or data modification is performed unless explicitly requested and agreed upon in writing for advanced red-teaming purposes.
6. Recurring Assessments
Recurring Attack Surface Assessments consist of periodic reassessments based on the agreed frequency (e.g., Semi-Annual). Each assessment cycle is an independent evaluation reflecting the attack surface at that specific moment and does not constitute real-time or continuous monitoring unless specifically contracted as a bespoke monitoring service.
7. Pricing and Payment
Pricing is determined by the scope, complexity, and agreed assessment frequency. Payment can be made through credit card for online transactions or via bank transfer upon receiving a formal invoice. Invoices are payable within the agreed payment term as stated on the invoice. Additional work outside the initial agreed scope will only be performed after written approval and a supplementary quote.
8. Limitation of Liability
The liability of TheCyberXcompany is strictly limited to the fees paid for the specific assessment to which a claim relates. TheCyberXcompany shall not be liable for indirect damages, loss of revenue, reputational damage, or consequential loss arising from the findings or the assessment process.
9. Confidentiality
TheCyberXcompany treats all client information, findings, and assessment results as strictly confidential. We will not disclose any data to third parties without prior written consent, unless legally compelled to do so by competent authorities.
10. Modifications to Terms
TheCyberXcompany reserves the right to modify these Terms and Conditions at any time. Clients will be notified of any significant changes that affect ongoing service agreements. Continued use of the services following such modifications constitutes acceptance of the revised terms.