Guide to DAST (Dynamic Application Security Testing)
Your primer for application security testing.
We explain the concept of penetration testing.
Comprehensive overview of vulnerability management.
All the necessary knowledge to get started with DevSecOps
We take a deeper look into securing & protecting your APIs!
All you need to know about keys of unit testing & best practices.
We explore fuzzing and evaluate if it's the next big thing in cybersec.
Terms of Service
These Terms of Service (“Agreement“) constitutes a legal contract between you (“you” or “Customer“) and Bright Security, Inc., a Delaware corporation with its principal place of business at 60 Crestview drive, San Rafael, ca 94903, USA (“Company”) (each, as a “Party” and collectively, as the “Parties”). By (a) clicking “I agree”, “Accept” or other similar button, (b) by installing, accessing and/or using the Platform or its related services provided thereunder, you accept and agree to be bound by the terms of this agreement as of the date of its acceptance by you (the “Effective Date“). By agreeing to be bound by the terms of this agreement, you also represent that you: (i) have the authority to act on behalf of and bind your company or other legal entity to these terms; (ii) are binding your company or other legal entity to these terms, in which case the terms “customer” and “you” in this paragraph refer to such entity; and (iii) waive any rights or requirements under any laws or regulations in any jurisdiction which require an original (non-electronic) signature or delivery or retention of non-electronic records, to the extent permitted under applicable law. If you do not wish to be bound by the terms of this agreement or do not have the authority to enter into this agreement on behalf of your company or other legal entity do not accept this agreement and do not access and/or use the platform or its related services.
1.2 The Platform may be accessed solely by Customer’s employees or contractors who are explicitly authorized by Customer to access and use the Platform, in accordance with this Agreement, during the Subscription Term (each, a “User”). Customer shall immediately report any unauthorized access or use of the Platform to Company. In order to access the Platform, Customer and/or its Users may be required to set up an administrative account with Company (“Account”). Customer will ensure that the Users comply with this Agreement at all times; and shall be fully responsible and liable for any breach of this Agreement by a User. Customer shall be further responsible and liable for all activities of its Users and all activities that occur under or in its Account. Customer will require that all Users keep their user ID and password information strictly confidential. Unauthorized access or use of the Platform must be immediately reported to the Company.
1.3 If Company explicitly provides Customer the right to allow its Affiliates to use the Platform, Customer shall ensure that each such Affiliate complies with the terms and conditions therein and Customer shall be responsible for any breach of this Agreement by any such Affiliate. “Affiliate” means any entity that Controls, is Controlled by, or is under common Control with the Customer, where “Control” means ownership, directly or indirectly, of 50% or more of the voting interest with the power to direct or cause the direction of the management and policies of such entity. The defined term “Customer” includes any authorized Customer Affiliates and the defined term “User” includes employees or contractors of an authorized Customer Affiliates who are explicitly authorized by such Affiliates to access and use the Platform.
1.4 During the Subscription Term, Company shall provide support and maintenance services in accordance with the standard service levels provided to its general customers or as otherwise provided in the Order.
1.5 The Platform, any services detailed in the Order, and the support and maintenance services shall be referred to as the “Services”.
For Customers purchasing from Company, Customer shall (a) pay interest on all late payments at the lesser of the rate of 1.5% per month or the highest rate permissible under applicable law, calculated daily and compounded monthly, and (b) reimburse Company for all costs incurred in collecting any late payments, including, without limitation, attorneys’ fees. If any undisputed charge owed by Customer to Company remains unpaid thirty (30) days after its due date, Company may, without limiting its rights and remedies, suspend Customer’s use of the Services until such amounts are paid in full.
8.2 If Company receives any feedback (which may consist of questions, comments, suggestions or the like) regarding the Platform (collectively, “Feedback”), all rights, including intellectual property rights in such Feedback shall belong exclusively to Company. Customer hereby irrevocably and unconditionally transfers and assigns to Company all intellectual property rights it has in such Feedback and waives any and all moral rights that Customer may have in respect thereto. It is further understood that use of Feedback, if any, may be made by Company at its sole discretion, and that Company in no way shall be obliged to make use of the Feedback.
8.3 Any anonymous information, which is derived from the use of the Platform (i.e., metadata, aggregated and/or analytics information and/or intelligence relating to the operation, support, and/or Customer’s use, of the Platform) which is not personally identifiable information (“Analytics Information”) may be used by Company for providing the Platform and its related services, for development, improving the Platform and/or for statistical purposes. Such Analytics Information is Company’s exclusive property.
8.4 As between the Parties, Customer is, and shall be, the sole and exclusive owner of all data and information provided, entered, inputted or uploaded to the Platform by or on behalf of Customer or otherwise integrated with the Platform via an API, or data belonging to Customer’s applications within the environment in which the Platform is made available (“Customer Data”). Customer represents and warrants that: (i) Customer owns or has obtained the consents and rights related to the Customer Data, and Customer has the right to provide Company the license granted herein to use such Customer Data in accordance with this Agreement; and (ii) the Customer Data does not infringe or violate any patents, copyrights, trademarks or other intellectual property, proprietary or privacy or publicity rights of any third party. Customer hereby grants Company and its affiliates a worldwide, non-exclusive, right and license, to access and use the Customer Data, in order to perform its obligations hereunder, including without limitation for Company’s provision of the Platform and/or related services hereunder. Company is not responsible for the accuracy, quality, integrity and legality of Customer Data and of the means by which Company acquired any Customer Data.
OTHER THAN AS EXPLICITLY STATED IN THIS AGREEMENT, TO THE EXTENT PERMITTED BY APPLICABLE LAW, THE PLATFORM, ITS RELATED SERVICES AND THE REPORTS (AS DEFINED BELOW) ARE PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS. COMPANY DOES NOT WARRANT THAT THE PLATFORM, ITS RELATED SERVICES AND THE REPORTS: (i) WILL MEET CUSTOMER’S REQUIREMENTS, (ii) WILL OPERATE ERROR-FREE, OR (iii) WILL BE ABLE TO FIND ALL WEAKNESSES, VULNERABILITIS OR OTHER SECURITY RELATED ISSUES IN COSTUMER’S ENVIRONMENT AND APPLICATIONS. EXCEPT FROM THE WARRNATIES SET FORTH IN THIS AGREEMENT, THE COMPANY EXPRESSLY DISCLAIMS ALL IMPLIED WARRANTIES, INCLUDING MERCHANTABILITY, SATISFACTORY QUALITY TITLE, NON- INFRINGEMENT, NON-INTERFERENCE, FITNESS FOR A PARTICULAR PURPOSE. COMPANY WILL NOT BE LIABLE FOR DELAYS, INTERRUPTIONS, SERVICE FAILURES OR OTHER PROBLEMS INHERENT IN USE OF THE INTERNET AND ELECTRONIC COMMUNICATIONS OR FOR ISSUES RELATED TO PUBLIC NETWORKS OR CUSTOMER’S HOSTING SERVICES.
11.2 COMPANY DOES NOT OFFER A WARRANTY OR MAKE ANY REPRESENTATION REGARDING ANY CONTENT, REPORTS, INFORMATION, RESULTS OR SOLUTIONS THAT CUSTOMER OBTAINS THROUGH USE OF THE PLATFORM AND ITS RELATED SERVICES (COLLECTIVELY, THE “REPORTS”), OR THAT THE REPORTS ARE COMPLETE OR ERROR-FREE. THE REPORTS DO NOT CONSTITUTE PROFESSIONAL ADVICE, AND CUSTOMER UNDERSTANDS IT MUST DETERMINE FOR ITSELF THE NEED TO OBTAIN ITS OWN INDEPENDENT PROFESSIONAL ADVICE REGARDING THE SUBJECT MATTER OF ANY REPORT AND/OR ANY SOFTWARE THAT CUSTOMER USES OR IS CONSIDERING TO USE. CUSTOMER’S USE OF AND RELIANCE UPON THE REPORTS IS ENTIRELY AT CUSTOMER’S SOLE DISCRETION AND RISK, AND COMPANY SHALL HAVE NO RESPONSIBILITY OR LIABILITY WHATSOEVER TO CUSTOMER IN CONNECTION WITH ANY OF THE FOREGOING.
11.3 CUSTOMER UNDERSTANDS ACKNOWLEDGES AND AGRRES THAT THE SERVICES ATTEMPT TO AND CAN ATTACK, HACK, CRACK AND/OR OTHERWISE DAMAGE THE CUSTOMER DATA. THEREFORE, CUSTOMER UNDERSTANDS AND ACKNOWLEDGES THAT ANY USE OF THE PLATFORM OR ANY PORTION THEREOF MAY CAUSE IRREVOCABLE AND IRREPARABLE DAMAGE TO ALL OR PART OF THE CUSTOMER DATA STORED, AND THE SAME WILL BE AT THE CUSTOMER’S SOLE RISK AND LIABILITY.
13.2 If the Platform becomes, or in Company’s opinion is likely to become, the subject of an IP Infringement Claim, then Company may, at its sole discretion: (a) procure for Customer the right to continue using the Platform; (b) replace or modify the Platform to avoid the IP Infringement Claim; or (c) if options (a) and (b) cannot be accomplished despite Company’s reasonable efforts, then Company may terminate this Agreement and Company shall also provide a refund for any amount pre-paid by Customer for such returned Platform for the remaining unused period of the license.
13.3 Notwithstanding the foregoing, Company shall have no responsibility for IP Infringement Claims resulting from or based on: (i) modifications to the Platform made by a party other than Company or its designee; (ii) Customer’s failure to implement software updates provided by Company specifically to avoid infringement; or (iii) combination or use of the Platform with equipment, devices or software not supplied by Company.
13.4 This Section 12 states Company’s entire liability, and Customer’s exclusive remedy, for any IP Infringement Claim.
13.5 Customer shall defend, indemnify and hold harmless Company (and any of its parents, subsidiaries, affiliates, directors, officers, employees, agents, suppliers and licensors) from and against all claims, liability, and expenses, including reasonable attorneys’ fees and legal fees and costs, arising out of: (a) Customer Data or Customer’s use of Customer Data with the Platform; (b) Customer’s use of the Services in breach of any provision of this Agreement. Company reserves the right, in its sole discretion and at its own expense, to assume the exclusive defense and control of any matter otherwise subject to indemnification by Customer and Customer agrees to cooperate as fully as reasonably required in the defense of any claim.
14.1 If Company reasonably believes that Customer is using the Platform in a manner that may cause harm to Company or any third party then Company may, without derogating from Company’s right to terminate this Agreement for any breach hereof, suspend Customer’s access to and use of the Platform until such time as Company believes the threat of harm,or actual harm, has passed.
14.2 This Agreement shall enter into force and effect on the Effective Date and shall remain in full force and effect for the term specified in the Order, or until all Orders hereunder have expired or been terminated (the “Term”).
14.3 Either party may terminate this Agreement and any applicable Order prior to the end of a Subscription Term if the other party: (a) materially breaches its obligations hereunder and does not cure such breach within thirty (30) days following receipt of notice of such breach; or (b) becomes the subject of a petition in bankruptcy or any other proceeding relating to insolvency, receivership, liquidation, or assignment for the benefit of creditors.
14.4 Upon termination or expiration of this Agreement: (i) Platform license granted to Customer under this Agreement shall expire, and Customer shall discontinue any further use and access thereof; (ii) Customer shall immediately delete and dispose of all copies of the Documentation in Customer’s or any of its representatives’ possession or control; and (iii) Company may delete all Customer Data uploaded on the Platform without affecting any of Company’s rights to the Analytics Information.
14.5 The provisions of this Agreement that, by their nature and content, must survive the termination of this Agreement in order to achieve the fundamental purposes of this Agreement (including, confidentiality and limitation of liability) shall so survive.
LAST UPDATED: August 3, 2023