Re: web app pentest report
- From: Pete Herzog <lists@xxxxxxxxxx>
- Date: Fri, 08 Aug 2008 11:29:47 +0200
Hi,
explanation, and 3) HOW TO FIX THE ISSUE!! You would not believe what
If you can reliably fix the issue then I recommend you suggest it. Since you won't know their infrastructure as well as them, you should consider fixes that include changes to internal processes, architecture, controls, and the service environment. Don't help trap them in the poor bug/patch/upgrade security cycle. Make suggestions that would show that with the right environmental changes or added controls a flaw in the application will have no adverse impact.
Also consider your job as telling them what they did right as well as what's wrong. This will help them apply the right things to everything.
Look also at the report standard for OSSTMM. That's a good guide as to
how a report should look. Alter it around for an app assessment.
OSSTMM 3.0 LITE out now (www.osstmm.org) contains the Security Test Audit Report (STAR) which is already used by various companies in web app pen tests. There's nothing there to adjust. But you will need to follow it with a list of problems you found.
Sincerely,
-pete.
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Top 5 Common Mistakes in Securing Web Applications
Get 45 Min Video and PPT Slides
www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------
- References:
- web app pentest report
- From: ChElAnO
- Re: web app pentest report
- From: Jason
- web app pentest report
- Prev by Date: RE: Please post the names of any pentesting companies in India, if any
- Next by Date: RE: SQL injection ( and being a pen tester means being good in every area)
- Previous by thread: Re: web app pentest report
- Next by thread: SQL injection ( and being a pen tester means being good in every area)
- Index(es):
