Re: Penetration testing scope/outline

• Previous message: Chuck Fullerton: "RE: Penetration testing scope/outline"
• In reply to: Billy Dodson: "Penetration testing scope/outline"
• Next in thread: josh_at_dyadsecurity.com: "Re: Penetration testing scope/outline"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 5 Oct 2004 11:56:48 -0500 (CDT)
To: pen-test@securityfocus.com

You can use the OSSTMM as a baseline and then customize and reduce
according to the scope of your project.

http://isecom.securenetltd.com/osstmm.en.2.1.pdf

Make sure that the scope encompassing the project is agreed by both you
and the client through an SLA.

If you need an example of a post report, let me know and I'll be happy to
send you one that we use at Praetorian.

Good Luck,
Nathan Sportsman
Praetorian Security Solutions

> Anyone have any documents they are willing to share on the scope of work
> for a pen-test? I have looked online but was unable to find any available
> documentation. If anyone could provide me with a some links or
> documentation outlining a pen-test/network audit it would be greatly
> appreciated.
>
> ------------------------------------------------------------------------------
> Internet Security Systems. - Keeping You Ahead of the Threat
>
> When business losses are measured in seconds, Internet threats must be
> stopped before they impact your network. To learn how Internet Security
> Systems keeps organizations ahead of the threat with preemptive intrusion
> prevention, download the new whitepaper, Defining the Rules of Preemptive
> Protection, and end your reliance on reactive security technology.
>
> http://www.securityfocus.com/sponsor/ISS_pen-test_041001
> -------------------------------------------------------------------------------
>
>

------------------------------------------------------------------------------
Internet Security Systems. - Keeping You Ahead of the Threat

When business losses are measured in seconds, Internet threats must be stopped before they impact your network. To learn how Internet Security Systems keeps organizations ahead of the threat with preemptive intrusion prevention, download the new whitepaper, Defining the Rules of Preemptive Protection, and end your reliance on reactive security technology.

http://www.securityfocus.com/sponsor/ISS_pen-test_041001
-------------------------------------------------------------------------------

• Previous message: Chuck Fullerton: "RE: Penetration testing scope/outline"
• In reply to: Billy Dodson: "Penetration testing scope/outline"
• Next in thread: josh_at_dyadsecurity.com: "Re: Penetration testing scope/outline"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: aspx applictions SQL Injection ... The true fix has to come from strong input validation and/or escaping ... > Internet Security Systems. ... - Keeping You Ahead of the Threat ... To learn how Internet Security ... (Pen-Test) RE: An idiot question ... Internet Security Systems. ... To learn how Internet Security ... Systems keeps organizations ahead of the threat with preemptive ... Preemptive Protection, and end your reliance on reactive security ... (Pen-Test) Re: Nessus question ... Do the boxes that you're scanning have IP filtering setup on them, ... > Internet Security Systems. ... - Keeping You Ahead of the Threat ... To learn how Internet Security ... (Pen-Test) Re: Zaurus audit tools ... IT Technical Security Officer ... Internet Security Systems. ... To learn how Internet Security ... Systems keeps organizations ahead of the threat with preemptive ... (Pen-Test) RE: An idiot question ... It is a bootable Linux distrubution ISO that includes most known ... To learn how Internet Security ... Systems keeps organizations ahead of the threat with preemptive ... Preemptive Protection, and end your reliance on reactive security ... (Pen-Test)