Re: Standards for penetration testing

From: Brahman (TPG Account) (btlingham_at_tpg.com.au)
Date: 03/06/04

  • Next message: Irvin Temp: "setting up security research lab"
    To: "Rafael Ausejo Prieto" <rafael@ausejo.net>, <thomas.kerbl@fh-hagenberg.at>
    Date: Sat, 6 Mar 2004 18:40:30 +1100
    
    

    I would also reccomend reviewing AS/NZS 7799.2:2003 in addition to ISO/IEC
    17799:2000. These standards are available at http://www.sai-global.com

    Regards

    Brahman
    Acting Program Manager
    Information Security Management Systems
    btlingham@sai-global.com

    ----- Original Message -----
    From: "Rafael Ausejo Prieto" <rafael@ausejo.net>
    To: <thomas.kerbl@fh-hagenberg.at>
    Cc: <pen-test@securityfocus.com>
    Sent: Friday, March 05, 2004 9:08 AM
    Subject: RE: Standards for penetration testing

    > > * OSSTMM - Open Source Security Testing Methodology Manual
    > > * Durchfuehrungskonzept fuer Penetrationstests (BSI - Germany)
    > > * NIST Guideline on Network Security Testing (special publ. 800-42)
    > >> Can anyone point me to other standards for penetration testing?
    >
    > ISACA (Information Systems Audit and Control Association)
    > released this month an exposure draft:
    >
    > "IS AUDITING PROCEDURE PENETRATION TESTING AND VULNERABILITY ANALYSIS
    > DOCUMENT"
    > This material was issued on 1 February 2004. Exposure period closes 31
    March
    > 2004.
    >
    > I suppose it's not yet publicy available (just for ISACA members review);
    > but it could be in the near future...
    >
    >
    > Rafael Ausejo Prieto
    > rafael@ausejo.net
    > http://www.ausejo.net/
    >
    >
    > --------------------------------------------------------------------------
    -
    > Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
    > any course! All of our class sizes are guaranteed to be 10 students or
    less
    > to facilitate one-on-one interaction with one of our expert instructors.
    > Attend a course taught by an expert instructor with years of in-the-field
    > pen testing experience in our state of the art hacking lab. Master the
    skills
    > of an Ethical Hacker to better assess the security of your organization.
    > Visit us at:
    > http://www.infosecinstitute.com/courses/ethical_hacking_training.html
    > --------------------------------------------------------------------------

    --
    >
    >
    ---------------------------------------------------------------------------
    Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
    any course! All of our class sizes are guaranteed to be 10 students or less
    to facilitate one-on-one interaction with one of our expert instructors.
    Attend a course taught by an expert instructor with years of in-the-field
    pen testing experience in our state of the art hacking lab. Master the skills
    of an Ethical Hacker to better assess the security of your organization.
    Visit us at:
    http://www.infosecinstitute.com/courses/ethical_hacking_training.html
    ----------------------------------------------------------------------------
    

  • Next message: Irvin Temp: "setting up security research lab"

    Relevant Pages

    • Re: The Ultimate Toolkit...
      ... > Ethical Hacking at the InfoSec Institute. ... Arhont Ltd - Information Security ... Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. ...
      (Pen-Test)
    • RE: PacketShaper
      ... we're deploying these along with firewalls in our managed security ... >>Ethical Hacking at the InfoSec Institute. ... >>Attend a course taught by an expert instructor with years of ... >>pen testing experience in our state of the art hacking lab. ...
      (Pen-Test)
    • Re: Password trading problem
      ... > I'm in charge of doing a security review of it. ... > e-mail and any attachments is strictly prohibited. ... > Ethical Hacking at the InfoSec Institute. ... > pen testing experience in our state of the art hacking lab. ...
      (Security-Basics)
    • RE: securing password list
      ... What security methods do you use to secure a list such as this? ... > Ethical Hacking at the InfoSec Institute. ... > pen testing experience in our state of the art hacking lab. ...
      (Security-Basics)
    • RE: Online Universities with Information Security Programs
      ... Online Universitties with Information Security Programs ... > Ethical Hacking at the InfoSec Institute. ... > pen testing experience in our state of the art hacking lab. ...
      (Security-Basics)