Penetration Testing Authorisation

CyberOrbit makes real, active network connections to the systems you specify and actively attempts to identify and, where you enable it, exploit security weaknesses in them. Without your written authorisation, that activity is a criminal offence in Australia (Criminal Code Act 1995 (Cth) s.477), the United Kingdom (Computer Misuse Act 1990), the United States (Computer Fraud and Abuse Act, 18 U.S.C. § 1030), and comparable laws elsewhere. Your attestation at the point of scan creation is CyberOrbit's — and your — legal record that testing was authorised.

Each time you create a scan, you confirm — personally and on behalf of your organisation — that:

• You are duly authorised by your organisation to grant permission for active security testing.
• You have full legal authority over, or have obtained binding written authorisation from the legal owner of, every domain, IP address, application, and system you list as a target.
• You have obtained any consent required from third parties whose systems form part of, or host, the target (for example, hosting providers, cloud platforms, ISPs, and managed service providers).
• You understand that initiating a scan without proper authorisation may constitute a criminal offence and expose you and your organisation to civil and criminal liability.

CyberOrbit will only test the targets you explicitly specify when creating a scan. No testing will be performed against systems outside that scope. If a scan discovers that a target shares infrastructure with third-party systems not listed in scope, CyberOrbit will stop and report rather than proceed. You are responsible for ensuring your listed targets are within scope for testing and that you hold the appropriate authority for each one.

CyberOrbit assessments are designed to:

• Use the least-destructive approach sufficient to confirm a vulnerability — proof-of-concept, not exploitation for impact.
• Avoid accessing, exfiltrating, modifying, or destroying real data beyond what is necessary to confirm a finding.
• Stop immediately if evidence of an active compromise or an out-of-scope system is detected.
• Never install backdoors, persistence mechanisms, reverse shells, or any tool that survives after the assessment completes.

Your attestation — including your full name, job title, timestamp, IP address, and the exact authorisation text shown — is stored in our database against every scan you create. This record is your legal protection as much as ours. CyberOrbit retains authorisation records for a minimum of 7 years in accordance with Australian legal record-keeping obligations.

This authorisation supplements, and is governed by, the CyberOrbit Terms of Service. Where this authorisation and the Terms of Service conflict on the subject of testing scope, conduct, or authorisation, this authorisation prevails.

If you have questions about the scope or legal basis of a planned assessment, contact our legal team before initiating the scan.