Re: Pen-Test startup help
From: Jonathan Rickman (jonathan_at_xcorps.net)
Date: 08/24/03
- Previous message: Etaoin Shrdlu: "Re: Pen-Test startup help"
- In reply to: Gerald Cody Bunch: "Pen-Test startup help"
- Next in thread: hellNbak: "Re: Pen-Test startup help"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: <gbunch@gmx.net>, <pen-test@securityfocus.com> Date: Sun, 24 Aug 2003 15:14:10 -0400
On Saturday 23 August 2003 15:57, Gerald Cody Bunch wrote:
> This may or may not be 100% on topic, but I believe that it would fit in
> good. From what I have read pen-tests are supposedly well documented
> from the start (or should be) and some form of report generated at the
> end. My question is, what templates/procedures do the members of this
> list use? Are there any standards for documentation, and/or publicly
> available templates/procedures?
I follow the OSSTM Manual. Not quite to the letter, but pretty close. As for
pre and post test documentation, I have my own document templates for
several different lines of business.
http://www.isecom.org/projects/osstmm.htm
-- Jonathan Rickman X Corps Security http://www.xcorps.net --------------------------------------------------------------------------- Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the world<92>s premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symantec is the Diamond sponsor. Early-bird registration ends September 6 Visit: www.blackhat.com ----------------------------------------------------------------------------
- Previous message: Etaoin Shrdlu: "Re: Pen-Test startup help"
- In reply to: Gerald Cody Bunch: "Pen-Test startup help"
- Next in thread: hellNbak: "Re: Pen-Test startup help"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
