New article on SecurityFocus: Open source security testing methodology interview with Pete Herzog

---

• From: "Erin Carroll" <amoeba@xxxxxxxxxxxxxx>
• Date: Wed, 29 Mar 2006 20:22:43 -0800

---

The following interview was published on SecurityFocus today:

Open source security testing methodology interview by Federico Biancuzzi
2006-03-29

Truth is made of numbers. Following this golden rule, Federico Biancuzzi
interviewed Pete Herzog, founder of ISECOM and creator of the OSSTMM, to
talk about the upcoming revision 3.0 of the Open Source Security Testing
Methodology Manual. He discusses why we need a testing methodology, why use
open source, the value of certifications, and plans for a new vulnerability
scanner developed with a different approach than Nessus.

http://www.securityfocus.com/columnists/395


--
Erin Carroll
Moderator
SecurityFocus pen-test list
"Do Not Taunt Happy-Fun Ball"

--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.385 / Virus Database: 268.3.3/296 - Release Date: 3/29/2006



------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security?
As attacks through web applications continue to rise, you need to proactively
protect your applications from hackers. Cenzic has the most comprehensive
solutions to meet your application security penetration testing and
vulnerability management needs. You have an option to go with a managed
service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm).
Download FREE whitepaper on how a managed service can help you:
http://www.cenzic.com/forms/ec.php?pubid=10025
And, now for a limited time we can do a FREE audit for you to confirm your
results from other product. Contact us at request@xxxxxxxxxx
------------------------------------------------------------------------------

---

• Prev by Date: Re: SV: Security test of firewall dose not show UDP port 500 is open
• Next by Date: Re: distributed computing project for pen-testing?
• Previous by thread: distributed computing project for pen-testing?
• Next by thread: OSSTMM Security Analyst Training Live Stream on the Web
• Index(es):
  • Date
  • Thread

---

Relevant Pages SF new interview announcement: Open source security testing methodology ... talk about the upcoming revision 3.0 of the Open Source Security Testing ... He discusses why we need a testing methodology, ... (Security-Basics) Re: MS Not Trust ist PSS/Gold Partners with Early Security/Vuln. ... As far as early release of specific information about a vulnerability, ... awaiting the patch. ... > attempt to maintain the veiled image of "real security", ... > both chose open source solutions. ... (microsoft.public.security) REVIEW: "Open Source Security Tools", Tony Howlett ... The tools listed in this book are for network security, ... Chapter one outlines the open source concept, ... most reviews of software tools, and the details are clear for all who ... (comp.security.misc) REVIEW: "Open Source Security Tools", Tony Howlett ... The tools listed in this book are for network security, ... Chapter one outlines the open source concept, ... most reviews of software tools, and the details are clear for all who ... (alt.computer.security) Re: The possibility of vms opening up? ... The notion of open systems security is based on having very ... open source clustering information can be found at least at the ... patches and support the older kernels for backward compatibility. ... that is why they pay vendors for support contracts. ... (comp.os.vms)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > pen-test  > 2006-03