HOW WE WORK TOGETHER

Terms and Conditions
___

Part A: Engagement Terms

· 1. Scope of Services

· 2. Commercial Terms

· 3. Service Delivery

· 4. Client Responsibilities

· 5. Deliverables and Acceptance

Part B: Intellectual Property, Confidentiality and Data

· 6. Intellectual Property

· 7. Confidential Information

· 8. Client Data

Part C: On-Premises Appliance Deployment

· 9. Appliance Licence

· 10. Permitted Use

· 11. Prohibited Actions

· 12. Hypervisor Environment Requirements

· 13. Appliance Data Handling

· 14. Appliance Return and Destruction

· 15. Audit Rights

· 16. Virtualisation Limitations

Part D: Liability and Risk

· 17. Warranty Disclaimer

· 18. Limitation of Liability

· 19. Indemnity

· 20. Security Incident Notification

· 21. Force Majeure

Part E: General Conditions

· 22. Anti-Corruption

· 23. Termination

· 24. Assignment

· 25. Variation

· 26. Waiver

· 27. Severability

· 28. Entire Agreement

· 29. Relationship of Parties

· 30. Execution

· 31. Survival

· 32. Governing Law and Jurisdiction

Part F: Legislation and Regulations

· 33. Applicable Legislation

Part G: Glossary of Terms

· 34. Definitions

Part A: Engagement Terms

1. Scope of Services

1.1 Block8 provides AI-powered penetration testing services, including vulnerability assessment, exploitation testing, and security reporting. Services may be delivered remotely or through on-premises deployment of the Pallas Security Appliance, as specified in the Letter of Engagement (LoE).

1.2 The scope of each engagement is defined in the LoE. Block8 will perform the Services in accordance with the scope, methodology, and timeframes specified in the LoE.

1.3 The Client represents and warrants that they possess full and unencumbered ownership of, or have obtained all necessary authorisations, consents, and permissions for, all Internet Protocol (IP) addresses and Domain Name Service (DNS) addresses submitted to Block8 for testing, including authorisations from Internet Service Providers (ISP).

1.4 The Client hereby authorises Block8 to perform the testing activities described in the LoE on the specified targets. This authorisation constitutes the Client's informed consent for the purposes of Part 10.7 of the Criminal Code Act 1995 (Cth) and equivalent provisions in applicable jurisdictions. The Client acknowledges that this authorisation is essential for the lawful performance of the Services.

1.5 Prior to the commencement of each penetration test, Block8 will issue Rules of Engagement (RoE) specific to that test. The RoE will specify the targets, testing methodology, timing, escalation procedures, exclusions, and any operational constraints for the engagement. The Client must review and accept the RoE before testing commences. Testing will not proceed until the RoE has been accepted by the Client.

1.6 Where the RoE conflicts with the LoE, the RoE prevails to the extent of the inconsistency for that specific engagement. Where the RoE conflicts with these Terms and Conditions, these Terms and Conditions prevail.

2. Commercial Terms

2.1 Commercial agreements between Block8 and the Client are defined by the Letter of Engagement (LoE).

2.2 All engagements are provided on a fixed price basis, based on the fixed scope defined in the LoE.

2.3 LoEs are valid for 30 days from the date of issue.

2.4 Payment is required prior to delivery of the engagement unless otherwise specified in the LoE.

2.5 Block8 reserves the right to modify pricing, descriptions, and availability of Services without prior notice. Any such modifications do not affect engagements already subject to an executed LoE.

3. Service Delivery

3.1 Engagements comprise Scheduling, Testing, and Reporting phases.

3.2 Unless otherwise specified in the LoE, all penetration testing and vulnerability assessment activities will be performed remotely.

3.3 Where the LoE specifies on-premises deployment of the Pallas Security Appliance, the additional terms in Part C of these Terms and Conditions apply.

3.4 Block8 does not guarantee the availability, functionality, or accuracy of the Services at all times. Block8 is not liable for any interruptions or delays in the Services due to technical issues, maintenance, or other unforeseen circumstances.

3.5 All documentation will be provided using Block8 standard templates.

4. Client Responsibilities

4.1 The Client is responsible for ensuring that on the dates and times requested for testing, no business-critical activities are being undertaken involving the technologies scheduled for testing.

4.2 The Client acknowledges that penetration testing may, in rare circumstances, cause service interruption or outage. The Client accepts this risk and must take appropriate steps to prevent or mitigate any potential issues caused by testing.

4.3 The Client must provide Block8 with timely access to all systems, environments, and information reasonably required to perform the Services.

5. Deliverables and Acceptance

5.1 Deliverables are defined as Reports.

5.2 Deliverables will be deemed accepted if no response is received within 5 business days from the date of delivery.

5.3 Block8 offers a free re-test of all vulnerabilities within 60 days of the original test, allowing the Client to remediate identified vulnerabilities and obtain a clear test report with certificate.

Part B: Intellectual Property, Confidentiality and Data

6. Intellectual Property

6.1 Each party retains all rights to its intellectual property owned prior to entry into the engagement.

6.2 The use of a party's intellectual property by the other party under or in connection with the engagement does not transfer or imply the transfer of ownership.

6.3 Unless otherwise agreed in writing, all reports, findings, and deliverables produced by Block8 for the Client under the engagement ("Work Product") are owned by the Client upon payment in full. Block8 retains all rights in its pre-existing intellectual property, methodologies, tools, and frameworks used to produce the Work Product.

6.4 The Client may use the Work Product for its internal business purposes. The Client must not distribute, publish, or make available any Work Product to third parties without Block8's prior written consent, except as required by law or regulation.

6.5 Block8 has no liability where an allegation of infringement is the result of:

· a modification of the engagement not performed or approved by Block8; or

· use with any non-Block8 supplied third-party product.

7. Confidential Information

7.1 The Confidential Information of each party is valuable to it. Each party must keep the Confidential Information of the other party confidential.

7.2 A recipient of Confidential Information may only use it for the purposes of performing its obligations under the engagement.

7.3 A recipient must not disclose Confidential Information except:

· where the recipient is Block8: to employees, officers, and directors of Block8 on a strict "need to know" basis;

· where the recipient is the Client: to employees, officers, and directors of the Client; or

· to any other person with the discloser's prior written consent, provided such persons are bound by confidentiality obligations consistent with this agreement.

7.4 Confidentiality obligations commence on the date of the engagement and continue for two (2) years after the engagement expires or is terminated, unless the discloser is bound by a third-party obligation requiring a longer or indefinite period.

7.5 On termination, each party must, at the other party's option, destroy or return the other party's Confidential Information, including any copies.

8. Client Data

8.1 Client Data remains the property of the Client at all times.

8.2 Except as required by law, Block8 must:

· not use Client Data for any purpose other than performing its obligations under the engagement;

· not sell, commercially exploit, mine, analyse, let for hire, assign rights in, or otherwise dispose of any Client Data;

· not make Client Data available to any third party other than an approved subcontractor and then only as necessary for the subcontractor to perform; and

· not remove or transfer Client Data to any non-Client premises or systems without the Client's prior written approval.

Part C: On-Premises Appliance Deployment

This Part applies where the Letter of Engagement specifies the deployment of the Pallas Security Appliance to the Client's infrastructure. The terms in this Part supplement the terms in Parts A and B. Where this Part conflicts with Parts A or B, this Part prevails to the extent of the inconsistency.

9. Appliance Licence

9.1 Block8 grants the Client a non-exclusive, non-transferable, non-sublicensable, revocable licence to use the Appliance solely for the purpose of the engagement described in the Letter of Engagement, for the duration of the Engagement Period only.

9.2 This licence does not include any right to access, inspect, modify, copy, or create derivative works from the Appliance Software, the Appliance's disk image (VHD/VMDK), file systems, or container images, except as expressly permitted by this Part or by mandatory provisions of applicable law that cannot be excluded by contract.

9.3 All Appliance Software, and all intellectual property rights therein, remain the sole and exclusive property of Block8 at all times.

9.4 Block8 represents and warrants that, to the best of its knowledge, the Appliance Software does not infringe the intellectual property rights of any third party. Block8 will indemnify the Client against any third-party claim that the Appliance Software infringes that third party's intellectual property rights, provided the Client:

· promptly notifies Block8 in writing of the claim;

· grants Block8 sole control of the defence and settlement of the claim; and

· provides Block8 with reasonable assistance at Block8's cost.

9.5 The licence terminates automatically upon completion, termination, or expiry of the Engagement Period.

10. Permitted Use

The Client may:

· operate the Appliance in accordance with Block8's deployment guide and operational documentation;

· access the Appliance's management interface using the credentials provided by Block8;

· review and use the reports, findings, and deliverables generated by the Appliance as outputs of the engagement; and

· take virtual machine backups of the Appliance for disaster recovery purposes only, provided such backups are encrypted, subject to the same access controls and obligations as the Appliance itself, and destroyed in accordance with clause 14.

11. Prohibited Actions

11.1 The Client must not, and must ensure that its employees, contractors, and agents do not:

· reverse engineer, decompile, disassemble, or otherwise derive the source code or design of any Appliance Software, except to the extent that such activity is expressly permitted by sections 47B(3), 47D, or 47E of the Copyright Act 1968 (Cth) and cannot be excluded by agreement under section 47H of that Act, or by equivalent mandatory provisions of the law of the jurisdiction in which the Client is located that cannot be excluded by contract;

· copy, extract, export, or create derivative works from the Appliance's disk image, file systems, container images, or any component thereof;

· take memory snapshots, checkpoints, or memory dumps of the running Appliance virtual machine for any purpose other than disaster recovery expressly agreed in writing with Block8;

· mount, inspect, or modify the Appliance's virtual disk image (VHD/VMDK) outside of normal operational use;

· attempt to bypass, circumvent, or disable any security mechanism of the Appliance, including but not limited to disk encryption, boot protection, authentication controls, or network access restrictions;

· share, distribute, or make available to any third party any component, configuration, or output of the Appliance beyond the agreed deliverables of the engagement; or

· use the Appliance, or any information derived from the Appliance, to develop, enhance, or inform any product or service that competes with Block8's services, or provide such information to any third party for that purpose.

11.2 The Client must implement reasonable technical and administrative controls to prevent the actions described in clause 11.1.

12. Hypervisor Environment Requirements

The Client must:

· restrict Hypervisor administrative access to authorised personnel only, with access logged and auditable;

· not enable virtual machine checkpoint or snapshot functionality on the Appliance during the Engagement Period unless expressly agreed in writing with Block8;

· notify Block8 without unreasonable delay, and in any event within 24 hours, of any suspected or actual unauthorised access to the Hypervisor environment hosting the Appliance; and

· provide Block8 with reasonable access to Hypervisor audit logs upon request for the purpose of verifying compliance with this clause.

13. Appliance Data Handling

13.1 All penetration testing data, scan results, and findings generated by the Appliance during the engagement are jointly confidential information between Block8 and the Client, subject to the confidentiality provisions in Part B.

13.2 The Client acknowledges that the Appliance contains encrypted data stores. The passphrase for these stores is set during provisioning. Block8 is not responsible for data loss resulting from loss of the encryption passphrase by the Client.

13.3 Upon engagement completion, Block8 will initiate a secure factory reset of the Appliance that cryptographically destroys all engagement data and encryption keys.

14. Appliance Return and Destruction

14.1 Upon completion, termination, or expiry of the Engagement Period:

· Block8 will initiate a secure factory reset of the Appliance remotely, cryptographically destroying all engagement data and encryption keys;

· the Client must, within 7 business days, permanently delete all copies of the Appliance disk image (VHD/VMDK) from all storage media, including backups, snapshots, and disaster recovery systems;

· the Client must provide written confirmation of destruction, signed by an authorised officer of the Client, within 5 business days upon Block8’s request; and

· Block8 reserves the right to remotely disable the Appliance if the Client has not provided destruction confirmation within the required timeframe.

14.2 This clause does not require the Client to delete data that the Client is required to retain under applicable law or regulation, provided the Client notifies Block8 in writing of any such retention requirement and the specific data retained.

15. Audit Rights

Block8 reserves the right, upon reasonable written notice to the Client, to audit the Hypervisor environment hosting the Appliance, including review of checkpoint and snapshot logs, access records, and administrative activity logs, for the purpose of verifying the Client's compliance with this Part.

16. Virtualisation Limitations

16.1 The Client acknowledges that virtual machine deployment inherently places trust in the Hypervisor environment. Block8 has implemented industry-standard security measures within the Appliance, including full-disk encryption, boot protection, network isolation, and access controls.

16.2 Block8 does not warrant that its security measures will prevent all forms of access by a Hypervisor Administrator who deliberately circumvents the Appliance's security controls through exploitation of the Hypervisor's inherent visibility into the virtual machine's memory and storage. This limitation applies to all virtual machine deployments across the industry and is not specific to Block8 or the Appliance. The protections in clauses 11 (Prohibited Actions), 12 (Hypervisor Environment Requirements), and 15 (Audit Rights) are contractual controls that address this residual risk.

Part D: Liability and Risk

17. Warranty Disclaimer

17.1 The Services are provided "as is." To the fullest extent permitted by law, Block8 disclaims all warranties, express or implied, including implied warranties of merchantability and fitness for a particular purpose. Block8 does not warrant that the Services will identify all vulnerabilities or that the Client's systems will be secure following the engagement.

17.2 Nothing in this clause excludes, restricts, or modifies any consumer guarantee or right that applies under the Australian Consumer Law (Schedule 2, Competition and Consumer Act 2010) or any equivalent legislation that cannot be excluded, restricted, or modified by agreement.

18. Limitation of Liability

18.1 To the fullest extent permitted by law, except for intellectual property infringement claims, breach of confidentiality, personal injury or death, loss or damage to property of the Client, fraud, or wilful misconduct, Block8's liability to the Client for any damage, loss, or liability for any cause whatsoever, regardless of the form of action, is limited to the total amount of fees paid by the Client under the applicable engagement during the 12 months preceding the event giving rise to the claim.

18.2 The limitation of liability in clause 18.1 does not apply to a breach of clause 11 (Prohibited Actions) by the Client. The Client's liability for breach of clause 11 is uncapped.

18.3 In the event of a breach of clause 11 (Prohibited Actions) or clause 12 (Hypervisor Environment Requirements) by the Client, the Client is liable for:

· the commercial value of any intellectual property accessed, copied, or derived as a result of the breach;

· Block8's reasonable costs of incident response, investigation, and remediation;

· any loss of revenue, loss of anticipated profits, or loss of business opportunity suffered by Block8 that is reasonably attributable to the breach; and

· Block8's legal costs on a solicitor-client basis incurred in enforcing these Terms.

19. Indemnity

19.1 The Client indemnifies Block8 against any loss, damage, cost, expense, or claim arising from:

· the Client's failure to comply with the Hypervisor environment requirements in clause 12;

· the Client's failure to comply with the return and destruction obligations in clause 14; or

· any breach of the prohibited actions in clause 11.

20. Security Incident Notification

20.1 The Client must notify Block8 without unreasonable delay, and in any event within 24 hours, of any suspected or actual security incident affecting the Appliance or the Hypervisor environment hosting it.

20.2 Block8 will notify the Client without unreasonable delay, and in any event within 72 hours, if Block8 becomes aware of any security incident affecting the Appliance that has resulted, or is likely to result in, unauthorised access to Client data.

21. Force Majeure

Neither party is liable for failure to perform its obligations under these Terms to the extent caused by circumstances beyond its reasonable control, including but not limited to natural disasters, war, terrorism, pandemic, or government action. For the avoidance of doubt, cyber attacks, security incidents, data breaches, and technology failures are expressly excluded from this clause and are governed by the security incident notification and liability provisions of these Terms.

Part E: General Conditions

22. Anti-Corruption

22.1 Each party warrants that it has not made, and will not make, any unlawful payment or offer of anything of value to any public official or other person in breach of any applicable anti-corruption law in connection with this engagement.

22.2 Each party must cooperate with reasonable requests from the other party for information relating to anti-corruption compliance.

23. Termination

23.1 Either party may terminate the engagement by written notice if the other party materially breaches these Terms and fails to remedy the breach within 14 days of written notice of the breach.

23.2 Block8 may additionally suspend or terminate the Client's access to the Services immediately and without notice for any violation of clause 11 (Prohibited Actions).

23.3 Upon termination, the Client's right to use the Services ceases immediately, and Block8 may delete the Client's data unless required by law to retain it.

23.4 On termination of the engagement, the accrued rights and remedies of each party remain unaffected.

24. Assignment

Except as expressly permitted by these Terms, a party must not assign any of its rights and obligations without the prior written consent of the other party. That consent may be given or withheld at a party's absolute discretion.

25. Variation

No variation of these Terms is valid unless it is in writing and signed by or on behalf of each of the parties.

26. Waiver

Any waiver by a party of any term, condition, or obligation, whether express or implied, does not operate as a waiver of a continuing or recurring breach of the same or any other term, condition, or obligation.

27. Severability

The provisions of these Terms are divisible and severable. If any provision is found or declared invalid, void, voidable, or unenforceable, the remaining provisions remain valid and enforceable.

28. Entire Agreement

These Terms, together with the applicable Letter of Engagement and Rules of Engagement, embody the entire agreement and understanding between the parties with respect to all matters referred to in them. The order of precedence is: (1) these Terms and Conditions; (2) the Rules of Engagement; (3) the Letter of Engagement.

29. Relationship of Parties

29.1 These Terms do not create a partnership, agency, fiduciary, or any other relationship except the relationship of contracting parties.

29.2 No party is liable for an act or omission of another party except to the extent set out in these Terms.

29.3 A person who is not a party to these Terms does not have any rights under or in connection with them.

30. Execution

30.1 These Terms are properly executed if each party executes the engagement agreement or an identical document.

30.2 Evidence of execution may be shown by email or a PDF copy of the executed agreement.

31. Survival

Subject to the conditions applied to Intellectual Property, Confidentiality, and Client Data, the obligations in these Terms survive the termination or purported termination of the engagement. The provisions of Part C (On-Premises Appliance Deployment) — including clause 11 (Prohibited Actions), clause 14 (Return and Destruction), and clause 18.2 (uncapped liability for Prohibited Actions breach) — survive termination indefinitely.

32. Governing Law and Jurisdiction

32.1 These Terms are governed by the laws of Western Australia, Australia.

32.2 Any dispute arising under or in connection with these Terms will be resolved in accordance with the dispute resolution provisions of the Letter of Engagement. If no dispute resolution provisions are specified, the parties submit to the exclusive jurisdiction of the courts of Western Australia and any courts competent to hear appeals from those courts.

Part F: Legislation and Regulations

33. Applicable Legislation

The following laws and regulations apply to engagements carried out in the stated jurisdictions or concerning the specified subject matter:

Australian Commonwealth Legislation

· Privacy Act 1988 (Cth) and subsequent amendments

· Copyright Act 1968 (Cth) — including sections 47B, 47D, 47E, 47H (computer program exceptions)

· Corporations Act 2001 (Cth)

· Cybercrime Act 2001 (Cth)

· Criminal Code Act 1995 (Cth) — Part 10.7 (computer offences)

· Cyber Security Act 2024 (Cth) — mandatory ransomware reporting obligations

Australian State and Territory Privacy Legislation

· Information Privacy Act 2014 (Australian Capital Territory)

· Information Act 2002 (Northern Territory)

· Privacy and Personal Information Protection Act 1998 (New South Wales)

· Information Privacy Act 2009 (Queensland)

· Personal Information Protection Act 2004 (Tasmania)

· Privacy and Data Protection Act 2014 (Victoria)

· Freedom of Information Act 1992 (Western Australia)

International Legislation

· EU General Data Protection Regulation (EU 2016/679) — where Client data includes data of EU residents

· EU Directive 2009/24/EC (Computer Programs Directive) — Article 6 (interoperability decompilation right) where the Client is located in the EU

Part G: Glossary of Terms

34. Definitions

In these Terms and Conditions, unless the context otherwise requires:

Adaptive Process

A dynamic approach that adjusts its behaviour or parameters in response to changing conditions or feedback. It involves continuous monitoring, evaluation, and modification to achieve optimal performance or outcomes.

Artificial Intelligence. Human intelligence simulated by software-coded activities, enabling machines to perform tasks that typically require human cognition.

Appliance

See Pallas Security Appliance.

Appliance Software

All software, tooling, methodologies, AI models, prompts, configurations, scripts, container images, and automation contained within the Pallas Security Appliance.

Block8/Block8.ai

Block8.ai Pty Ltd (ACN 682 456 140, ABN 42 682 456 140).

Client

The party entering into a Letter of Engagement or Statement of Work with Block8 for the provision of Services.

Client Data

Data owned by the Client that is provided to or accessed by Block8 in the course of performing the Services.

Cloud

Cloud Computing. The use of a network of remote servers hosted on the internet to store, manage, and process data, rather than using a local server or a personal computer. The most common cloud computing services are provided by Amazon, Microsoft and Google.

Cloud Based Scalability

Use of cloud technology to provide an infinitely scalable solution allowing the organisation to grow in the confidence that the cloud solution has the capability to match that growth.

Confidential Information

Information that is considered by either party to be data which is private to that organisation and should not be shared or made publicly available. This term may incorporate privacy information.

Cyber

The term commonly used in place of "information security" to define the industry of protecting the Confidentiality, Integrity and Availability of the information that is owned by or entrusted to an organisation.

Engagement Period

The period specified in the Letter of Engagement during which the Services are to be performed or the Appliance is deployed to the Client's infrastructure.

Exploit

The act of taking advantage of a weakness or flaw in a system, software, or hardware to gain unauthorised access, execute malicious code, or cause harm.

Human Validation

Block8's process of employing human penetration testing Subject Matter Experts (SME) to validate all AI processes, reducing the potential for error and providing clients with the best of both worlds.

Hypervisor

The virtualisation platform (such as Microsoft Hyper-V, VMware ESXi, or equivalent) that creates and manages virtual machines on the Client's physical server infrastructure.

Hypervisor Administrator

Any person with administrative access to the Hypervisor hosting the Appliance, including the ability to create, modify, snapshot, or inspect virtual machines.

JIT

Just in Time. The practice of providing access to systems, information, or services only when required for a justified task.

Legislation

The implementation of law through the production and approval of Acts such as the Privacy Act.

LLM

Large Language Model. A language model trained and used in AI by machine learning processes, consisting of vast amounts of textual content.

LoE

Letter of Engagement. The document that defines in detail the service to be provided, including targets, originating IP addresses, conditions, and contact details. The LoE is normally required to have been signed by the Client before a test can commence.

Next Generation Penetration Testing

Block8 provides the next level of evolution in penetration testing, utilising the power of AI technologies and the vast experience gained by human penetration test experts.

OAIC

The Office of the Australian Information Commissioner. The government regulatory body that regulates the Privacy Act and its subsequent amendments.

Pallas Security Appliance (or "Appliance")

Block8's proprietary virtual machine image containing the AI-driven penetration testing framework, deployed to client infrastructure for on-premises security assessment engagements.

PCI

Payment Card Industry. The industry regulation for the secure handling of credit card information. Any organisation that wishes to store, process or transmit credit card information is required to comply with the PCI Data Security Standard (DSS).

Penetration Test

A controlled attack on a computer system, network, or application to identify security vulnerabilities that threat actors might exploit.

Privacy

A fundamental human right that underpins freedom of association, thought and expression, as well as freedom from discrimination. In Australia, privacy is defined through the Privacy Act 1988 (Cth) and subsequent amendments.

Regulatory Compliance

The regulators of many industries impose compliance requirements upon organisations working within that industry.

Report

The document providing information regarding the conduct of the test, including an Executive Summary, details of key findings, and detailed remediation advice.

Re-Test

A subsequent test that takes into account remediation activities performed by the Client following the initial penetration test.

RoE

Rules of Engagement. The document issued by Block8 prior to each penetration test specifying the targets, testing methodology, timing, escalation procedures, exclusions, and operational constraints for that specific engagement. The Client must accept the RoE before testing commences.

Self Service Reporting

Block8 provides the ability for clients to define their own reporting requirements, ensuring that an organisation receives the level of reporting specifically necessary to that organisation.

Services

The penetration testing, vulnerability assessment, security reporting, and related services provided by Block8 under a Letter of Engagement.

SoW

Statement of Work. The agreed definition of the service to be provided, including details of scope and extent of work.

T&Cs

Terms and Conditions. These Terms and Conditions as published and updated from time to time.

Test

An assessment by which an organisation can gain a detailed understanding of the security status of their networks and systems.

Threat Actor

Any individual, group, or entity that intentionally causes harm or disruption to computer systems, networks, or data, often by exploiting vulnerabilities.

Threat Intelligence

The process of gathering, analysing, and interpreting information about existing and potential cyber threats to help organisations proactively defend against them.

Vulnerability

A weakness in a computer system, network, device, or software that can be exploited by a threat actor to gain unauthorised access, cause damage, or disrupt operations.

Vulnerability Assessment (VA)

The identification of vulnerabilities within a target environment. VA is the first phase in a penetration test.

Web Application

A software program that is internet-facing and can be accessed by authorised persons from locations external to the hosting organisation.

Work Product

All reports, findings, deliverables, and documentation produced by Block8 for the Client under an engagement.ation.