RE: Testing Help

The pen-testing profession can cover such a broad array of domains. We
might be able to better ascertain what might be a more advisable
solution if we knew what kind of audit you were looking to perform.
There are any compliance standards that may be required by the
requestor. SOX Audits, PCI (Payment Card Industry,) etc.

Perhaps you could describe what the surface area for potential attacks
should look like? Is this in regard to an Internet Facing Web
Application? The two references you provided appear to be pretty broad
however, I will admit, I could have spent more time researching them.

Hope I can help,

Chris



-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx]
On Behalf Of Lisa L Cooper
Sent: Monday, April 30, 2007 11:16 AM
To: pen-test@xxxxxxxxxxxxxxxxx
Subject: Testing Help

I'm new to the list so please bare with me. I would however like some
advice on the following issue. An audit request has prompted us to
investigate network pen testing. We are looking at the following
options.

1. Outside vendors such as Network Armor, and Rapid 7. Have any of you
used these and if so, which one, and were you satisfied?

2. We have Nessus, but as I'm sure you guys know the reporting is awful.
Do any of you know if anyone has written a good program to help out with
this situation?

Lisa L. Cooper, lisa.cooper@xxxxxxxxxxxxxx University of Louisville
Information Technology Enterprise Network Security Miller IT Bldg, Room
109 Louisville, KY 40292




------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic See HOW Now with our 20/20
program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------


------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------

Relevant Pages

  • Re: Holes in my security - advice needed
    ... I will be blamed if there is an attack, ... I would do a audit of the information on the network. ... If they don't understand why it is bad,...then how did the company policy ...
    (microsoft.public.windows.server.networking)
  • RE: network auditing
    ... I was just reading the thread on the "NASA security Audit" ... Port scan the target network IP. ...
    (Security-Basics)
  • Re: Catch a hacker?
    ... I don't know about the audit part though. ... >> the Admin network password. ... >> admin signon signed on last and so on. ...
    (microsoft.public.win2000.security)
  • Re: Holes in my security - advice needed
    ... I will be blamed if there is an attack, ... I would do a audit of the information on the network. ... If they don't understand why it is bad,...then how did the company policy ...
    (microsoft.public.windows.server.networking)
  • Re: What user deleted a network file
    ... Also, if you use NTFS as the FS on your target, you can audit the file system access to particular file/directories/disks. ... For more complex auditing you should try some 3rd party network security audit software. ... > Can anyone tell me if it is possible to know what user (using windows XP), ... > deleted a network file/directory in a computer with Windows XP embedded. ...
    (microsoft.public.windowsxp.embedded)