1. Authorization to Test
By submitting this form and completing payment, you ("the Client") expressly authorize PwnMyVibe ("the Tester") to perform automated and AI-assisted security testing against the web application URL specified above ("the Target"). This authorization constitutes a written agreement permitting security testing as required under applicable computer fraud and abuse laws.
2. Ownership & Authority Representation
You represent and warrant that:
- You are the owner, authorized administrator, or authorized representative of the Target application;
- You have the legal right and authority to authorize security testing against the Target;
- This testing does not violate any agreements, terms of service, or laws applicable to you or the Target;
- If the Target is hosted on a third-party platform (e.g., AWS, Vercel, Netlify), you have reviewed and are in compliance with that platform's acceptable use policy regarding penetration testing.
⚠️ Submitting a URL you do not own or are not authorized to test is illegal and may constitute a violation of the Computer Fraud and Abuse Act (CFAA) or equivalent laws in your jurisdiction.
3. Scope of Testing
The penetration test will include, but is not limited to:
- Passive and active reconnaissance (DNS, WHOIS, certificate transparency, port scanning)
- Web application scanning (technology fingerprinting, directory enumeration)
- SSL/TLS configuration analysis
- OWASP Top 10 vulnerability testing (injection, auth flaws, misconfigurations, etc.)
- API endpoint discovery and security assessment
- Frontend source code analysis for exposed credentials or secrets
Testing is limited to the single URL/domain submitted and publicly accessible components. We do not test internal networks, perform social engineering, conduct denial-of-service attacks, or attempt to exfiltrate real user data.
4. Non-Destructive Testing
Our testing methodology is designed to be non-destructive. We probe and analyze but do not intentionally exploit vulnerabilities in ways that would damage data integrity, application availability, or user privacy. However, security testing inherently carries a small risk of unintended side effects.
5. Limitation of Liability
PwnMyVibe provides this service "as-is" without warranty of any kind. We do not guarantee that all vulnerabilities will be discovered. The report is a point-in-time assessment and does not constitute ongoing security monitoring, legal advice, compliance, or professional security certification. We are not liable for any damages arising from the testing or from failure to remediate identified vulnerabilities.
6. Confidentiality
All findings, reports, and data collected during the test will be treated as confidential. Reports are delivered exclusively to the email address provided. Test data is deleted from our systems within 30 days of report delivery.
7. Indemnification
You agree to indemnify and hold harmless PwnMyVibe, its operators, and affiliates from any claims, damages, or legal proceedings arising from your misrepresentation of ownership, unauthorized testing requests, or third-party claims related to the Target.
8. Refund Policy
Due to the nature of the service, refunds are generally not available once testing has commenced. If we are unable to complete testing for technical reasons, a full refund will be issued.
9. Governing Law
This agreement shall be governed by and construed in accordance with applicable laws. Disputes shall be resolved through good-faith negotiation before pursuing formal legal remedies.