RE: Penetration testing scope/outline

From: Chuck Fullerton (chuckf69_at_ceinetworks.com)
Date: 10/05/04

  • Next message: Nathan Sportsman: "Re: Penetration testing scope/outline" 
    To: <CraftedPacket@securitynerds.org>, <pen-test@securityfocus.com>
Date: Tue, 5 Oct 2004 12:53:29 -0400

    Billy,

    What your asking depends alot on what you want to test. I recommend you
    check out the OSSTMM at www.isecom.org. The Open Source Security Testing
    Methodology Manual is an excellent resource for Security Testing.

    If you have any questions feel free to contact me directly and I'd be
    willing to discuss it further with you.

    Thanks!!

    Chuck Fullerton
    CEH,OPST,CISSP,CSS1,CCNP,CCDA,CNA,A+

    -----Original Message-----
    From: Billy Dodson [mailto:CraftedPacket@securitynerds.org]
    Sent: Tuesday, October 05, 2004 10:45 AM
    To: pen-test@securityfocus.com
    Subject: Penetration testing scope/outline

    Anyone have any documents they are willing to share on the scope of work
    for a pen-test? I have looked online but was unable to find any available
    documentation. If anyone could provide me with a some links or
    documentation outlining a pen-test/network audit it would be greatly
    appreciated.

    ---------------------------------------------------------------------------- 

    --
Internet Security Systems. - Keeping You Ahead of the Threat
When business losses are measured in seconds, Internet threats must be
stopped before they impact your network. To learn how Internet Security
Systems keeps organizations ahead of the threat with preemptive intrusion
prevention, download the new whitepaper, Defining the Rules of Preemptive
Protection, and end your reliance on reactive security technology.
http://www.securityfocus.com/sponsor/ISS_pen-test_041001
----------------------------------------------------------------------------
---
------------------------------------------------------------------------------
Internet Security Systems. - Keeping You Ahead of the Threat
When business losses are measured in seconds, Internet threats must be stopped before they impact your network. To learn how Internet Security Systems keeps organizations ahead of the threat with preemptive intrusion prevention, download the new whitepaper, Defining the Rules of Preemptive Protection, and end your reliance on reactive security technology. 
http://www.securityfocus.com/sponsor/ISS_pen-test_041001
-------------------------------------------------------------------------------
  • Next message: Nathan Sportsman: "Re: Penetration testing scope/outline"

    Relevant Pages

    • RE: application security testing training
      ... techniques and apply it to their job they need to have an environment they can ask questions and be ... Someone else mentioned specialized training from CORE Security. ... >>I am looking for application security testing training, ... >>leaks, reverse engineering, writing buffer overflow exploits etc.. ...
      (Pen-Test)
    • RE: application security testing training
      ... techniques and apply it to their job they need to have an environment they can ask questions and be ... Someone else mentioned specialized training from CORE Security. ... >>I am looking for application security testing training, ... >>leaks, reverse engineering, writing buffer overflow exploits etc.. ...
      (Pen-Test)
    • Re: Zaurus audit tools
      ... IT Technical Security Officer ... Internet Security Systems. ... To learn how Internet Security ... Systems keeps organizations ahead of the threat with preemptive ...
      (Pen-Test)
    • RE: Penetration testing scope/outline
      ... The OSSTMM stands for the "Open Source Security TESTING Methodology Manual". ... Internet Security Systems. ...
      (Pen-Test)
    • Security Testing Workshop in Barcelona
      ... Security Testing Workshop in Barcelona ... the Barcelona workshop for the OSSTMM (Open Source Security Testing ... Methodology Manual) has been pushed back a week to Nov. 29th. ...
      (Bugtraq)