RE: Standards for penetration testing

From: Rosado, Rafael (Rafael) (rarosado_at_lucent.com)
Date: 03/04/04

  • Next message: joey_at_r00t66.com: "RE: Exhange 2003" 
    To: thomas.kerbl@fh-hagenberg.at, pen-test@securityfocus.com
Date: Thu, 4 Mar 2004 13:52:55 -0700

    Thomas,

    You could also consider:

    * SECURITY PENETRATION TESTING GUIDELINE: A Chapter of the Handbook for the
    Computer Security Certification of Trusted Systems (US Navy)

    Rafael Rosado, CISSP, CISA
    IT Security Manager
    Lucent Technologies
    IT Infrastructure - Network Design
    2400 SW 145th Avenue
    Miramar, Florida 33027
    Office: 954-885-2176
    Facsimile: 954-885-3861
    Email: rarosado@lucent.com

    This electronic mail message contains information belonging to Lucent
    Technologies, which may be confidential and/or legal privileged. The
    information is intended only for the use of the individual or entity named
    above. If you are not the intended recipient, you are hereby notified that
    any disclosure, printing, copying, distribution, or the taking of any action
    in reliance on the contents of this electronically mailed information is
    strictly prohibited. If you receive this message in error, please
    immediately notify us by electronic mail and delete this message.

    -----Original Message-----
    From: Thomas Kerbl [mailto:thomas.kerbl@fh-hagenberg.at]
    Sent: Thursday, March 04, 2004 1:09 PM
    To: pen-test@securityfocus.com
    Subject: Standards for penetration testing

    Hello list,

    I'm currently doing some research for my thesis on penetration testing
    methods. Therefor I'm looking for widely used standards in this area.

    Here a collection of what I've already found:

    * OSSTMM - Open Source Security Testing Methodology Manual
    * Durchfuehrungskonzept fuer Penetrationstests (BSI - Germany)
    * NIST Guideline on Network Security Testing (special publ. 800-42)

    I tried (additional to google search) to find further standards in RFC
    repositories, the IEEE publication database, CERT, the ITIL website and of
    course the securityfocus archive. I couldn't find much usefull information
    on the penetration-test topic. Of course there are many great security
    ressources, but not exactly the information I was looking for.

    Can anyone point me to other standards for penetration testing? If there are
    any other "must-read" papers (like ISO17799 for example) out there, they are
    also welcome. I can make use of english and german documents.

    tia,
    Thomas Kerbl 

    --
~ FH-Hagenberg: Computer & Media Security ~ http://cms.fh-hagenberg.at ~ my
GPG key ID: 0x924042D1
---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the
skills of an Ethical Hacker to better assess the security of your
organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------
---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------
  • Next message: joey_at_r00t66.com: "RE: Exhange 2003"

    Relevant Pages

    • RE: The Ultimate Toolkit...
      ... Ethical Hacking at the InfoSec Institute. ... All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. ... Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. ... Master the skills of an Ethical Hacker to better assess the security of your organization. ...
      (Pen-Test)
    • RE: restore Administrator password
      ... file security that you had configured on the server for other users. ... to facilitate one-on-one interaction with one of our expert instructors. ... Attend a course taught by an expert instructor with years of ... pen testing experience in our state of the art hacking lab. ...
      (Security-Basics)
    • RE: process identification
      ... Security Consultant ... to facilitate one-on-one interaction with one of our expert instructors. ... Attend a course taught by an expert instructor with years of in-the-field ... pen testing experience in our state of the art hacking lab. ...
      (Security-Basics)
    • Re: SHA-1 Hash
      ... IT Technical Security Officer ... to facilitate one-on-one interaction with one of our expert instructors. ... Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. ...
      (Security-Basics)
    • RE: Security Appliances
      ... Subject: Security Appliances ... to facilitate one-on-one interaction with one of our expert instructors. ... Attend a course taught by an expert instructor with years of in-the-field ... pen testing experience in our state of the art hacking lab. ...
      (Security-Basics)