RE: hacking challenges

From: Yonatan Bokovza (Yonatan_at_xpert.com)
Date: 07/05/04

  • Next message: Chris Eagle: "RE: hacking challenges" 
    Date: Mon, 5 Jul 2004 12:17:14 +0300
To: <pen-test@securityfocus.com>

    > -----Original Message-----
    > From: gilles.lami@hays-dsia.fr [mailto:gilles.lami@hays-dsia.fr]
    > Sent: Friday, July 02, 2004 11:19
    > To: pen-test@securityfocus.com
    > Subject: hacking challenges
    >
    >
    > Hello,
    >
    > What do you think about the numerous hacking challenges
    > present on the web
    > ?
    > Do you think a good pen-tester should (or must ?) do these
    > games and pass
    > all levels of each one ?
    > If so, well ... Why ? (Even if the answer of this question could be
    > obvious).

    Some of these challenges are pretty good in representing
    real-world scenarios, and some are pretty bad. There is a lot
    more to penetration testing than these challenges, but a good
    penetration tester should be able to deal with most of them.

    > Another thing very different, and i am sorry for this
    > question i guess most
    > of you must have already ridden several times:
    > I have to build an action plan to specify how to react after
    > a successfull
    > hacking has been detected or suspected ( on a Windows or Unix
    > machine for
    > the moment )
    > What good readings could you advise ?

    That is a topic called "Incident Handling". There is a different securityfocus
    mailing list for that, and I'd recommend reading CERT's CSIRT
    (Computer Security Incident Response Team) FAQ
    http://www.cert.org/csirts/csirt_faq.html

    and CSIRTs handbook:
    http://www.cert.org/archive/pdf/csirt-handbook.pdf

    Best Regards,

    Yonatan Bokovza
    IT Security Consultant
    Xpert Systems

  • Next message: Chris Eagle: "RE: hacking challenges"

    Relevant Pages