RE: Penetration testing scope/outline

From: Tate Hansen (tate_at_ClearNetSec.com)
Date: 10/07/04

  • Next message: robert_at_dyadsecurity.com: "Re: Penetration testing scope/outline"
    To: <pen-test@securityfocus.com>
    Date: Wed, 6 Oct 2004 16:10:00 -0600
    
    

    I ran across these publications in an ISSEP seminar; the first link covers a
    lot of publications addressing all things security, the second contains
    specific details on security audits/penetration testing.

    Try:
    http://csrc.nist.gov/publications/nistpubs/

    Specifically:
    http://csrc.nist.gov/publications/nistpubs/800-42/NIST-SP800-42.pdf
    -Tate

    -----Original Message-----
    From: Billy Dodson [mailto:CraftedPacket@securitynerds.org]
    Sent: Tuesday, October 05, 2004 8:45 AM
    To: pen-test@securityfocus.com
    Subject: Penetration testing scope/outline

    Anyone have any documents they are willing to share on the scope of work for
    a pen-test? I have looked online but was unable to find any available
    documentation. If anyone could provide me with a some links or
    documentation outlining a pen-test/network audit it would be greatly
    appreciated.

    ----------------------------------------------------------------------------

    --
    Internet Security Systems. - Keeping You Ahead of the Threat
    When business losses are measured in seconds, Internet threats must be
    stopped before they impact your network. To learn how Internet Security
    Systems keeps organizations ahead of the threat with preemptive intrusion
    prevention, download the new whitepaper, Defining the Rules of Preemptive
    Protection, and end your reliance on reactive security technology. 
    http://www.securityfocus.com/sponsor/ISS_pen-test_041001
    ----------------------------------------------------------------------------
    ---
    ------------------------------------------------------------------------------
    Internet Security Systems. - Keeping You Ahead of the Threat
    When business losses are measured in seconds, Internet threats must be stopped before they impact your network. To learn how Internet Security Systems keeps organizations ahead of the threat with preemptive intrusion prevention, download the new whitepaper, Defining the Rules of Preemptive Protection, and end your reliance on reactive security technology. 
    http://www.securityfocus.com/sponsor/ISS_pen-test_041001
    -------------------------------------------------------------------------------
    

  • Next message: robert_at_dyadsecurity.com: "Re: Penetration testing scope/outline"

    Relevant Pages

    • Re: Verify Your Security Provider -- The truth behind manual testing.
      ... manual testing, not just automated scans. ... greater than the cost of the best possible security services. ... should be) asking for and b) to evaluate the proposals from vendors. ... If you want to be protected from the threat, you need to be tested at ...
      (Pen-Test)
    • The decades biggest scam
      ... on patently absurd domestic "homeland security" projects: ... and expenditures in fighting terrorism. ... McClatchy characterized this threat in similar terms: ... because of them -- the sprawling domestic Security State continues ...
      (soc.culture.vietnamese)
    • MI5 Boss hints kiss goodbye to civil rights...
      ... "THE INTERNATIONAL TERRORIST THREAT AND THE DILEMMAS IN COUNTERING IT" ... I am delighted to be here to celebrate the 60th Birthday of the AIVD. ... The friendship between the AIVD and my Service, the British Security ... fascism then, by the time I met him, on countering terrorism. ...
      (soc.culture.scottish)
    • Re: [Partially, Almost On Topic] Update On Worldwide Terror Alerts
      ... Soon, though, security levels may be raised yet again to ... The Scots have raised their threat level from "Pissed Off" to "Let's ... Italy has increased the alert level from "Shout Loudly and Excitedly" ... along so far with no knowledge of what color terror alert you are living under? ...
      (rec.boats)
    • Re: NDC-Al Gore invented being a hypocrite
      ... misuse terror threats to manipulate the public for political purposes. ... It said nothing about this particular instance, and it no way implies ... or suggests that this specific threat or the threat of terrorism in ... time of war or national unrest due to security issues. ...
      (rec.music.gdead)