Formatting cleanup

xml/source/snippets/offerte/en/aboutus.xml

@@ -1,42 +1,69 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <section>
-        <title>About <company_long/></title>
+  <title>About
-	<p><company_long/> is the world's first not-for-profit computer security consultancy. 
+    <company_long/>
-	We operate under an innovative new business model whereby we use a Dutch fiscal 
+  </title>
-	entity, called a “Fiscaal Fondswervende Instelling” (Fiscal Fund raising Institution), 
+  <p>
-	as a commercial front-end to send 90% of our profits, tax-free, to a not-for-profit 
+    <company_long/>
-	foundation, Stichting NL net. The NLnet Foundation has supported open-source, 
+    is the world's first not-for-profit computer security consultancy. We
-	digital rights, and Internet research for almost 20 years.</p>
+    operate under an innovative new business model whereby we use a Dutch fiscal
+    entity, called a “Fiscaal Fondswervende Instelling” (Fiscal Fund raising
+    Institution), as a commercial front-end to send 90% of our profits,
+    tax-free, to a not-for-profit foundation, Stichting NL net. The NLnet
+    Foundation has supported open-source, digital rights, and Internet research
+    for almost 20 years.
+  </p>
 
-	<p>In contrast to other organizations, our profits do not benefit shareholders, 
+  <p>In contrast to other organizations, our profits do not benefit
-	investors, or founders. Our profits benefit society. As an  
+    shareholders, investors, or founders. Our profits benefit society. As an
-	organization without a profit-motive, we recruit top-name, ethical security 
+    organization without a profit-motive, we recruit top-name, ethical security
-	experts and find like-minded customers that want to use their IT security 
+    experts and find like-minded customers that want to use their IT security
-	budget as a "vote" to support socially responsible entrepreneurship. The rapid 
+    budget as a "vote" to support socially responsible entrepreneurship. The
-	pace of our current growth reflects the positive response the market has to our 
+    rapid pace of our current growth reflects the positive response the market
-	idealistic philosophy and innovative business model.</p>
+    has to our idealistic philosophy and innovative business model.
+  </p>
 
- <p><company_long/> has a number of values that we describe as our 
+  <p>
- “Core Principles.” These are:</p>
+    <company_long/>
-    <ul>
+    has a number of values that we describe as our “Core Principles.” These are:
-      <li><b>No sketchy stuff</b><br/> 
+  </p>
-      We don't build surveillance systems, hack activists, sell exploits to 
+  <ul>
-      intelligence agencies, or anything of the sort. If a job is even remotely 
+    <li>
-      morally questionable, we simply won't do it.</li>
+      <b>No sketchy stuff</b>
-      <li><b>Open-Source</b><br/>
+      <br/>
-      Releasing ALL tools and frameworks we build as open source on GitHub (a link to our GitHub page can be found on our website).</li>
+      We don't build surveillance systems, hack activists, sell exploits to
-      <li><b>Teach to fish</b><br/>
+      intelligence agencies, or anything of the sort. If a job is even remotely
-      During engagements, we will not only share our results with your company, 
+      morally questionable, we simply won't do it.
-      but also provide a step-by-step description of how to perform the same 
+    </li>
-      audit or procedure without us. We want to demystify what we're doing. 
+    <li>
-      It's not rocket science, and we genuinely want to help your company 
+      <b>Open-Source</b>
-      improve its security posture, even if it costs us repeat business.</li>
+      <br/>
-      <li><b>IoCs for free</b><br/>Releasing ALL collected threat intelligence 
+      Releasing ALL tools and frameworks we build as open source on GitHub (a
-      (Indicators of Compromise) into an open-source database that everyone can freely use. 
+      link to our GitHub page can be found on our website).
-      (Sanitized in agreement with customers.)</li>
+    </li>
-      <li><b>Zero days</b><br/>
+    <li>
-      We don't sell zero-days - we responsibly disclose them!</li>
+      <b>Teach to fish</b>
-          </ul> 
+      <br/>
-<p>For more information about <company_long/>, we refer you to our website: 
+      During engagements, we will not only share our results with your company,
-<a href="http://www.radicallyopensecurity.com">www.radicallyopensecurity.com</a>.</p>
+      but also provide a step-by-step description of how to perform the same
+      audit or procedure without us. We want to demystify what we're doing. It's
+      not rocket science, and we genuinely want to help your company improve its
+      security posture, even if it costs us repeat business.
+    </li>
+    <li>
+      <b>IoCs for free</b>
+      <br/>Releasing ALL collected threat intelligence (Indicators of
+      Compromise) into an open-source database that everyone can freely use.
+      (Sanitized in agreement with customers.)
+    </li>
+    <li>
+      <b>Zero days</b>
+      <br/>
+      We don't sell zero-days - we responsibly disclose them!
+    </li>
+  </ul>
+  <p>For more information about<company_long/>, we refer you to our website:
+    <a href="http://www.radicallyopensecurity.com">
+      www.radicallyopensecurity.com</a>.
+  </p>
 </section>

xml/source/snippets/offerte/en/additional-code-audit_methodology.xml

@@ -2,48 +2,53 @@
 <section>
   <title>Code Audit</title>
   <p>
-    <company_short/> will perform a code audit to aid pentesting. During a 
+    <company_short/>
-    code audit, we manually examine the code of an application to ensure there 
+    will perform a code audit to aid pentesting. During a code audit, we
-    are no security vulnerabilities and use our understanding of the code to 
+    manually examine the code of an application to ensure there are no security
-    guide our pentesting. If vulnerabilities are found, we document those and 
+    vulnerabilities and use our understanding of the code to guide our
-    suggest ways to fix them. This is done by highly-trained penetration testers 
+    pentesting. If vulnerabilities are found, we document those and suggest ways
-    who can both review the raw code as well as interpret the findings of the 
+    to fix them. This is done by highly-trained penetration testers who can both
-    automated scans, putting them into context.
+    review the raw code as well as interpret the findings of the automated
+    scans, putting them into context.
   </p>
   <p>
-     During the code audit portion of penetration tests, we take the following 
+    During the code audit portion of penetration tests, we take the following
-     criteria into account:
+    criteria into account:
   </p>
   <ol>
-    <li>Risk Assessment and "Threat Modeling"<br/>
+    <li>Risk Assessment and "Threat Modeling"
-      In this step, we analyze the risks of a particular application or system. 
+      <br/>
-      Threat Modeling is a specific, structured approach to risk analysis that 
+      In this step, we analyze the risks of a particular application or system.
-      enables us to identify, qualify, and address the security risks, thus 
+      Threat Modeling is a specific, structured approach to risk analysis that
-      dovetailing with the Code Review process. For example, user data is 
+      enables us to identify, qualify, and address the security risks, thus
-      sacred. We focus on encrypted storage, discover if <client_short/> employees 
+      dovetailing with the Code Review process. For example, user data is
-      have a backdoor into data, and cut loose stolen devices by wiping them 
+      sacred. We focus on encrypted storage, discover if <client_short/>
-      remotely and revoking accounts.
+      employees have a backdoor into data, and cut loose stolen devices by
+      wiping them remotely and revoking accounts.
     </li>
-    <li>Purpose and Context<br/>
+    <li>Purpose and Context
-      Here we focus on risks, especially in the quick and easy sharing of 
+      <br/>
-      internal documents and itineraries. Account details aren't so secret 
+      Here we focus on risks, especially in the quick and easy sharing of
-      when we know who will be in meetings, but what's being discussed is secret.
+      internal documents and itineraries. Account details aren't so secret when
+      we know who will be in meetings, but what's being discussed is secret.
     </li>
-    <li>Complexity<br/>
+    <li>Complexity
-      The complexity of the system is in the frameworks that support the web 
+      <br/>
-      application. We'd ignore those and focus only on the custom code and 
+      The complexity of the system is in the frameworks that support the web
-      backend code. We would also 
+      application. We'd ignore those and focus only on the custom code and
-      focus on implementation mistakes and known flaws in the systems. For 
+      backend code. We would also focus on implementation mistakes and known
-      example, we'd ensure you're using the latest versions of software, 
+      flaws in the systems. For example, we'd ensure you're using the latest
-      but we wouldn't delve into the framework itself. Since we assume the 
+      versions of software, but we wouldn't delve into the framework itself.
-      code is written by a team, it should be clearly-written code. If you have 
+      Since we assume the code is written by a team, it should be
-      several full-release versions, there will undoubtedly be several revisions 
+      clearly-written code. If you have several full-release versions, there
-      and audits on that code.
+      will undoubtedly be several revisions and audits on that code.
     </li>
   </ol>
   <p>
-    For more information, please refer to this link: 
+    For more information, please refer to this link:
-    <a href="https://www.owasp.org/index.php/OWASP_Code_Review_V2_Table_of_Contents">
+    <a
-    https://www.owasp.org/index.php/OWASP_Code_Review_V2_Table_of_Contents</a>
+      href="https://www.owasp.org/index.php/OWASP_Code_Review_V2_Table_of_Contents">
+      https://www.owasp.org/index.php/OWASP_Code_Review_V2_Table_of_Contents
+    </a>
   </p>
 </section>

xml/source/snippets/offerte/en/black-box.xml

@@ -1,16 +1,14 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <section id="blackboxing">
-<title>The Black-Box Pentesting Method</title>
+  <title>The Black-Box Pentesting Method</title>
-<p>
+  <p>
-  <!--snippet -->Crystal-Box vs. Black-Box pentesting refers to the amount of information
+    Crystal-Box vs. Black-Box pentesting refers to the amount of information
-  about the target environment, architecture, and/or applications that the customer 
+    about the target environment, architecture, and/or applications that the
-  initially shares with the pentesters. With Black-Box testing, pentesters
+    customer initially shares with the pentesters. With Black-Box testing,
-  are given no information whatsoever about the target(s). With Crystal-Box testing,
+    pentesters are given no information whatsoever about the target(s). With
-  pentesters are given all information requested about the target(s), including 
+    Crystal-Box testing, pentesters are given all information requested about
-  source code (when relevant), access to developers or system management, etc..
+    the target(s), including source code (when relevant), access to developers
-<br />
+    or system management, etc.
-<br />
+  </p>
-  In this case <company_short/> will conduct a black-Box test.
+  <p>In this case <company_short/> will conduct a black-Box test.</p>
-</p>
 </section>
-<!-- end of template -->

xml/source/snippets/offerte/en/conditions.xml

@@ -1,21 +1,32 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <section>
-        <title>Terms and Conditions</title>
+  <title>Terms and Conditions</title>
-        <p><company_short/> will only perform the <company_svc_short/>
+  <p>
-        if it has obtained the permission from <generate_permission_parties/> 
+    <company_short/> will only perform the
-        as set out in the penetration testing waiver, attached as <b>Annex 2</b>, 
+    <company_svc_short/> if it has obtained the permission from
-        or provided in a separate document.</p>
+    <generate_permission_parties/> as set out in the penetration testing waiver,
-        
+    attached as <b>Annex 2</b>, or provided in a separate document.
-        <p><company_short/> performs this assignment on the basis of its general 
+  </p>
-        terms and conditions, which are attached to this offer as Annex 1. 
+
-        <company_short/> rejects any general terms and conditions used by 
+  <p>
-        <client_short/>.</p>
+    <company_short/>
-        <p>In order to agree to this offer, please sign this letter in duplicate 
+    performs this assignment on the basis of its general terms and conditions,
-        and return it to:</p>
+    which are attached to this offer as Annex 1.
-        <contact>
+    <company_short/> rejects any general terms and conditions used by
-    <name><company_legal_rep/></name>
+    <client_short/>.
-    <address><company_long/><br/>Overdiemerweg 28<br/>1111 PP Diemen</address>
+  </p>
+  <p>In order to agree to this offer, please sign this letter in duplicate and
+    return it to:
+  </p>
+  <contact>
+    <name>
+      <company_legal_rep/>
+    </name>
+    <address>
+      <company_long/>
+      <br/>Overdiemerweg 28<br/>1111 PP Diemen
+    </address>
     <email>melanie@radicallyopensecurity.com</email>
-</contact>
+  </contact>
-    <generate_offer_signature_box/>
+  <generate_offer_signature_box/>
-    </section>
+</section>

xml/source/snippets/offerte/en/crystal-box.xml

@@ -1,4 +1,4 @@
-<?xml version="1.0" encoding="UTF-8"?><!--snippet -->
+<?xml version="1.0" encoding="UTF-8"?>
 <section id="crystalboxing">
   <title>The Crystal-Box Pentesting Method</title>
   <p>
@@ -20,4 +20,4 @@
     crystal-box pentesting fits naturally hand-in-hand with the "Peek Over Our
     Shoulder" option that <company_short/> offers to <client_short/>.
   </p>
-</section><!-- end of template -->
+</section>

xml/source/snippets/offerte/en/disclaimer.xml

@@ -7,7 +7,6 @@
     <company_short/>, instead, has an obligation to make reasonable efforts (in
     Dutch: “<i>inspanningsverplichting</i>”) to perform the agreed services.
   </p>
-
   <p>
     <company_short/> and <client_short/>
     agree to take reasonable measures to maintain the confidentiality of

xml/source/snippets/offerte/en/disclaimer_code-audit.xml

@@ -8,11 +8,8 @@
     <company_short/>, instead, has an obligation to make reasonable efforts (in
     Dutch: “<i>inspanningsverplichting</i>”) to perform the agreed services.
   </p>
-
   <p>
-    <company_short/>
+    <company_short/> and <client_short/>
-    and
-    <client_short/>
     agree to take reasonable measures to maintain the confidentiality of
     information and any personal data they gain access to in the course of
     performing the code audit. Both parties will use the information and data

xml/source/snippets/offerte/en/examplewaiver.xml

@@ -1,7 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <section id="waiver-example">
   <title>ANNEX 2 Example Pentest Waiver</title>
-
   <p>
     <b><i>(Full Client Name)</i> (“<i>(Client)</i>”)</b>, with its registered
     office at Somestreet, Somecity, Earth, Milkyway, and duly represented by

xml/source/snippets/offerte/en/grey-box.xml

@@ -2,13 +2,13 @@
 <section id="greyboxing">
   <title>The Grey-Box Pentesting Method</title>
   <p>
-    <!--snippet -->Crystal-Box vs. Black-Box pentesting refers to the amount of
+    Crystal-Box vs. Black-Box pentesting refers to the amount of information
-    information regarding the target environment, architecture, and/or
+    regarding the target environment, architecture, and/or applications that is
-    applications that is initially shared by the customer with the pentesters.
+    initially shared by the customer with the pentesters. With Black-Box
-    With Black-Box testing, pentesters are given no information whatsoever about
+    testing, pentesters are given no information whatsoever about the target(s).
-    the target(s). With Crystal-Box testing, pentesters are given all
+    With Crystal-Box testing, pentesters are given all information requested
-    information requested about the target(s), including source-code (when
+    about the target(s), including source-code (when relevant), access to
-    relevant), access to developers or system management, etc..
+    developers or system management, etc..
   </p>
   <p>
     <company_short/>

xml/source/snippets/offerte/en/introandscope.xml

@@ -1,12 +1,17 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <section>
   <title>Introduction</title>
-  <p><client_long/> (hereafter “<b><client_short/></b>”), with its registered office
+  <p>
-  at <client_street/>, <client_city/>, <client_country/>, has requested <company_long/>
+    <client_long/> (hereafter “<b><client_short/></b>”), with its registered office at
-  (hereafter “<b><company_short/></b>”) to perform <company_svc_long/>.
+    <client_street/>, <client_city/>, <client_country/>, has requested <company_long/>
-  The motivation for this request is that <client_short/> wishes to get a better
+    (hereafter “<b><company_short/></b>”) to perform <company_svc_long/>.
-  insight into ...</p>
+  </p>
+  <p>
+    The motivation for this request is that <client_short/> wishes to gain better
+    insight into ...
+  </p>
 
-  <p>This offer sets out the scope of the work and the terms and conditions under
+  <p>This offer sets out the scope of the work and the terms and conditions
-  which <company_short/> will perform these services.</p>
+    under which <company_short/> will perform these services.
+  </p>
 </section>

xml/source/snippets/offerte/en/introandscope_retest.xml

@@ -4,11 +4,12 @@
   <p>
     <client_long/> (hereafter “<b><client_short/></b>”), with its registered office at
     <client_street/>, <client_city/>, <client_country/>, has requested <company_long/>
-    (hereafter “<b><company_short/></b>”) to perform <company_svc_long/>.</p>
+    (hereafter “<b><company_short/></b>”) to perform <company_svc_long/>.
-    <p>The motivation for this request is that <client_short/> has had a recent penetration
+  </p>
-      test done by <company_short/> and wishes to check that the vulnerabilities found
+  <p>The motivation for this request is that <client_short/> has had a recent penetration
-      have been mitigated.
+    test done by <company_short/> and wishes to check that the vulnerabilities found
-    </p>
+    have been mitigated.
+  </p>
 
   <p>This offer sets out the scope of the work and the terms and conditions
     under which <company_short/> will perform these services.

xml/source/snippets/offerte/en/methodology_code-audit.xml

@@ -10,8 +10,8 @@
     impact on the Confidentiality, Integrity and Availability (CIA) of the
     system. We will describe how an attacker would exploit the vulnerability and
     suggest ways of fixing it.
-    <br/>
+  </p>
-    This requires an extensive knowledge of the platform the application is
+  <p>This requires an extensive knowledge of the platform the application is
     running on, as well as the extensive knowledge of the language the
     application in written in and patterns that have been used. Therefore a code
     audit done by highly-trained specialists with a strong background in
@@ -21,7 +21,7 @@
     During the code audit, we take the following approach:
   </p>
   <ol>
-    <li>Thorough comprehension of functionality
+    <li><b>Thorough comprehension of functionality</b>
       <br/>
       We try to get a thorough comprehension of how the application works and
       how it interacts with the user and other systems. Having detailed
@@ -29,7 +29,7 @@
       documentation) at this stage is very helpful, as they aid the
       understanding of the application
     </li>
-    <li>Static analysis
+    <li><b>Static analysis</b>
       <br/>
       Using the understanding we gained in the previous step, we will use static
       code analysis to uncover any vulnerabilities. Static analysis means the
@@ -47,7 +47,7 @@
       assessing the quality of the security measures.
     </li>
 
-    <li>Dynamic analysis
+    <li><b>Dynamic analysis</b>
       <br/>
       Dynamic analysis can also be performed. In this case, the program is run
       and actively exploited by the specialist. This is usually done to confirm

xml/source/snippets/offerte/en/methodology_load-test.xml

@@ -1,6 +1,5 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <section>
-  <!-- for an example load testing offer, ask other writers!-->
   <title>Load testing</title>
   <p>The aim of load testing is to measure what realistic level of performance a
     service deployment is capable of delivering, or whether it meets a specific

xml/source/snippets/offerte/en/planningandpayment.xml

@@ -1,10 +1,13 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <section>
   <title>Planning and Payment</title>
-  <p><company_short/> will uphold the following dates for the planning of the services:</p>
+  <p>
+    <company_short/>
+    will uphold the following dates for the planning of the services:
+  </p>
   <ul>
-      <li><company_short/> performs a <company_svc_short/> on <p_testingduration/>.</li>
+    <li><company_short/> performs a <company_svc_short/> on <p_testingduration/>.</li>
-      <li><company_short/> delivers the final report <p_reportdue/>.</li>
+    <li><company_short/> delivers the final report <p_reportdue/>.</li>
   </ul>
   <p>
     Our fixed-fee price quote for the above described <company_svc_short/> is <p_fee/>.-

xml/source/snippets/offerte/en/prerequisites.xml

@@ -2,7 +2,7 @@
 <section>
   <title>Prerequisites</title>
   <p>In order to perform this audit, <company_short/> will need access to:</p>
-    <!--Example of most common scenario, change if necessary!! :-->
+    <!-- Example of most common scenario, change as necessary -->
   <ul>
     <li>Test accounts</li>
     <li>Test environment</li>

xml/source/snippets/offerte/en/prerequisites_training.xml

@@ -2,7 +2,7 @@
 <section>
   <title>Prerequisites</title>
   <p>In order to provide training, <company_short/> will need to:</p>
-    <!--Example of most common scenario, change if necessary!! :-->
+    <!-- Example of most common scenario, change if necessary -->
   <ul>
     <li>Develop training materials</li>
     <li>Book an appropriate venue</li>

xml/source/snippets/offerte/en/projectoverview.xml

@@ -1,6 +1,5 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <section>
-  <!-- section with an overview of ROS activities -->
   <title>Project Overview</title>
   <p>
     <company_short/> will perform <company_svc_long/> for <client_short/>

xml/source/snippets/offerte/en/projectoverview_retest.xml

@@ -1,6 +1,5 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <section>
-  <!-- section with an overview of ROS activities -->
   <title>Project Overview</title>
   <p>
     <company_short/> will perform <company_svc_long/> for <client_short/>

xml/source/snippets/offerte/en/projectoverview_training.xml

@@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <section>
   <title>Project Overview
-  </title><!-- section with an overview of ROS activities -->
+  </title>
   <p>
     <company_short/>
     will provide xxx training sessions, for xxx different groups,

xml/source/snippets/offerte/en/teamandreporting.xml

@@ -20,7 +20,6 @@
     <!-- remove this for non pentesting offers-->
     <p>The workflow of our penetration testing team is modeled on that of a
       Capture The Flag (CTF) team:
-      <!-- remove this for non pentesting offers-->
 
       <company_long/> has a geographically distributed team and we use online
       infrastructure (RocketChat, GitLabs, etc.) to coordinate our work. This

xml/source/snippets/offerte/en/waiver.xml

@@ -1,78 +1,85 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <waivers>
-    <standard_waiver>
+  <standard_waiver>
-        <title><company_svc_short/> - WAIVER</title>
+    <title>
+      <company_svc_short/>
+      - WAIVER
+    </title>
 
-        <p><b><i><signee_long/></i> (<i><signee_short/></i>)</b>, with its registered office at <signee_street/>,
+    <p>
-            <signee_city/>, <signee_country/> and duly represented by <b><signee_waiver_rep/></b></p>
+      <b><i><signee_long/></i> (<i><signee_short/></i>)</b>, with its registered office at
+      <signee_street/>, <signee_city/>, <signee_country/> and duly represented by
+      <b><signee_waiver_rep/></b>
+    </p>
 
-        <p>
+    <p>
-            <b>WHEREAS:</b>
+      <b>WHEREAS:</b>
-        </p>
+    </p>
 
-<p>A. <client_short/> wants some of its systems to be tested,
+    <p>A. <client_short/> wants some of its systems to be tested,
-                            <company_long/> (“<company_short/>”) has offered to perform
+      <company_long/> (“<company_short/>”) has offered to perform such testing for
-                        such testing for <client_short/> and
+      <client_short/> and <client_short/> has accepted this offer.
-                            <client_short/> has accepted this offer.
+      The assignment will be performed by <company_short/>' core-team members,
-                        The assignment will be performed by <company_short/>' core-team members, external
+      external freelancers, and/or volunteers (the “Consultants”).
-                        freelancers, and/or volunteers (the “Consultants”).</p>
+    </p>
-                    <p>B. Some of the activities performed by
+    <p>B. Some of the activities performed by <company_short/>
-                            <company_short/> and the
+      and the Consultants during the course of this assignment could be
-                        Consultants during the course of this assignment could be considered
+      considered illegal, unless <signee_short/>
-                        illegal, unless <signee_short/> has given permission for
+      has given permission for these activities.
-                        these activities. <company_short/>
+      <company_short/> and the Consultant will only perform such activities if they
-                        and the Consultant will only perform such activities if they have received
+      have received the required permission.
-                        the required permission.</p>
+    </p>
-                    <p>C. <signee_short/> is
+    <p>C. <signee_short/> is willing to give such permission to <company_short/>,
-                        willing to give such permission to <company_short/>, the Consultants and any
+      the Consultants and any other person <company_short/> might employ or engage for
-                        other person <company_short/> might
+      the assignment.
-                        employ or engage for the assignment.</p>
+    </p>
-                    <p>
+    <p>
-                        <b>DECLARES AS FOLLOWS:</b>
+      <b>DECLARES AS FOLLOWS:</b>
-                    </p>
+    </p>
-                    <p>1. <signee_short/> is
+    <p>1. <signee_short/> is aware that <company_short/> will perform
-                        aware that <company_short/> will
+      <company_svc_long/> of the following systems of <signee_short/>, as described
-                        perform <company_svc_long/> of the
+      below. The services are intended to gain insight in the security of these systems.
-                        following systems of <signee_short/>, as described
+      To do so, <company_short/> will access these systems, attempt to find
-                        below. The services are intended to gain insight in the security of these
+      vulnerabilities and gain further access and elevated privileges by exploiting
-                        systems. To do so, <company_short/>
+      any vulnerabilities found. <company_short/> will test the following targets
-                        will access these systems, attempt to find vulnerabilities and gain further
+      (the “<b>Targets</b>”):
-                        access and elevated privileges by exploiting any vulnerabilities found.
+    </p>
-                            <company_short/> will test the
+    <generate_targets/>
-                        following targets (the “<b>Targets</b>”):</p>
+    <p>2. <signee_short/> hereby grants <company_short/>
-                    <generate_targets/>
+      and the Consultants on a date to be confirmed by email the broadest
-                    <p>2. <signee_short/>
+      permission possible to perform the assignment, including the permission
-                        hereby grants <company_short/> and
+      to:
-                        the Consultants on a date to be confirmed by email the broadest permission
+    </p>
-                        possible to perform the assignment, including the permission to:</p>
+    <p>a. enter and use the Targets;</p>
-                    <p>a. enter and use the Targets;</p>
+    <p>b. circumvent, breach, remove and turn off any security measures
-                    <p>b. circumvent, breach, remove and turn off
+      protecting the Targets;
-                        any security measures protecting the Targets;</p>
+    </p>
-                    <p>c. copy, intercept, record, amend, delete,
+    <p>c. copy, intercept, record, amend, delete, render unusable or
-                        render unusable or inaccessible any data stored on, processed by or
+      inaccessible any data stored on, processed by or transferred via the
-                        transferred via the Targets; and</p>
+      Targets; and
-                    <p>d. hinder the access or use of the
+    </p>
-                        Targets,</p>
+    <p>d. hinder the access or use of the Targets,</p>
-                    <p>but <signee_short/>
+    <p>but <signee_short/> only grants the permission for these activities to the
-                        only grants the permission for these activities to the extent that (i) such
+      extent that (i) such activities are necessary to perform the assignment and
-                        activities are necessary to perform the assignment and (ii) such activities
+      (ii) such activities do not disrupt the normal business operations of
-                        do not disrupt the normal business operations of <signee_short/>.</p>
+      <signee_short/>.
-                    <p>3. The permission under Article 1 extends
+    </p>
-                        to all systems on which the Targets run, or which <company_short/> or the Consultant might
+    <p>3. The permission under Article 1 extends to all systems on which the
-                        encounter while performing the assignment, regardless of whether these
+      Targets run, or which <company_short/> or the Consultant might encounter
-                        systems are owned by third parties.</p>
+      while performing the assignment, regardless of whether these systems are
-                    <p>4. <signee_short/>
+      owned by third parties.
-                        warrants that it has the legal authority to give the permission set out
+    </p>
-                        under Articles 1 and 2. It also warrants it has obtained the necessary
+    <p>4. <signee_short/> warrants that it has the legal authority to give the
-                        permissions from any third parties referred to under Article 3.</p>
+      permission set out under Articles 1 and 2. It also warrants it has obtained
-                    <p>5. Should the public prosecutor initiate an
+      the necessary permissions from any third parties referred to under Article 3.
-                        investigation or criminal proceedings against <company_short/> or any of the consultants it
+    </p>
-                        engaged or employed as a result of the performance of the assignment for the
+    <p>5. Should the public prosecutor initiate an investigation or criminal
-                        customer, then <signee_short/> will co-operate fully
+      proceedings against <company_short/> or any of the consultants it engaged or
-                        with <company_short/> in defending
+      employed as a result of the performance of the assignment for the customer,
-                        against this investigation or proceedings, including by providing any
+      then <signee_short/> will co-operate fully with <company_short/>
-                        evidence it has which relates to this investigation or these
+      in defending against this investigation or proceedings, including by
-                        proceedings.</p>
+      providing any evidence it has which relates to this investigation or these
-
+      proceedings.
-    </standard_waiver>
+    </p>
+  </standard_waiver>
 </waivers>

xml/source/snippets/offerte/nl/crystal-box.xml

@@ -1,18 +1,22 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<!--snippet -->
+<div>
-<div><p>
+  <p>
-  Crystal-Box vs. Black-Box pentesting verwijst naar de hoeveelheid 
+    Crystal-Box vs. Black-Box pentesting verwijst naar de hoeveelheid informatie
-  informatie over de doelwit omgeving, architectuur, en/of applicaties die de klant 
+    over de doelwit omgeving, architectuur, en/of applicaties die de klant in
-  in eerste instantie deelt met de pentesters. Bij Black-Box testing ontvangen de 
+    eerste instantie deelt met de pentesters. Bij Black-Box testing ontvangen de
-  pentester helemaal geen informatie over het doelwit. Bij Crystal-Box tests 
+    pentester helemaal geen informatie over het doelwit. Bij Crystal-Box tests
-  ontvangen de pentesters alle informatie die opgevraagd wordt betreffende het doelwit, 
+    ontvangen de pentesters alle informatie die opgevraagd wordt betreffende het
-  inclusief source code (wanneer dit relevant is), toegang tot developers of systeembeheer, etc...
+    doelwit, inclusief source code (wanneer dit relevant is), toegang tot
-</p>
+    developers of systeembeheer, etc...
-<p>
+  </p>
-  <company_short/> zal een Crystal-box pentest uitvoeren - de methode die onze voorkeur heeft. 
+  <p>
-  In tegenstelling tot "echte" hackers, die alle tijd van de wereld hebben, 
+    <company_short/>
-  vinden pentests plaats in een beperkt tijdsbestek. Crystal-box pentesting biedt ons 
+    zal een Crystal-box pentest uitvoeren - de methode die onze voorkeur heeft.
-  de mogelijkheid om onze tijd zo efficiënt mogelijk te gebruiken, waardoor het maximale aantal kwetsbaarheden kan worden gevonden. 
+    In tegenstelling tot "echte" hackers, die alle tijd van de wereld hebben,
-  Daarnaast sluit de Crystal-box pentest het beste aan bij de "meekijk"-optie die <company_short/> <client_short/> biedt.
+    vinden pentests plaats in een beperkt tijdsbestek. Crystal-box pentesting
-</p></div>
+    biedt ons de mogelijkheid om onze tijd zo efficiënt mogelijk te gebruiken,
-<!-- end of template -->
+    waardoor het maximale aantal kwetsbaarheden kan worden gevonden. Daarnaast
+    sluit de Crystal-box pentest het beste aan bij de "meekijk"-optie die
+    <company_short/> <client_short/> biedt.
+  </p>
+</div>