Reporting aspect of pen-testing
From: TJ O'Grady (tjogrady_at_flyingwithouta.net)
Date: 11/30/03
- Previous message: Robert E. Lee: "RE: Heavyweight Network Mapping Tools"
- In reply to: Andy Cuff [Talisker]: "Scanning Tools"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 30 Nov 2003 08:08:12 -0500 To: <pen-test@securityfocus.com>
Hi folks,
I am putting together a pen testing proposal as part of my final
Master's project. If it's good enough, it will lead to a full pen test
of a real network. This list has been very helpful with the technology
background, but the part I am stuck on right now is the reporting
piece. When a pen-test is complete, what do you include in the report?
How do you structure the information for business contacts, I imagine
raw data is often not helpful in many cases. Any hints or tips would
be greatly appreciated.
Thank you,
TJ
---------------------------------------------------------------------------
----------------------------------------------------------------------------
- Previous message: Robert E. Lee: "RE: Heavyweight Network Mapping Tools"
- In reply to: Andy Cuff [Talisker]: "Scanning Tools"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
