RE: General Security audit question

From: Clement Dupuis (cdupuis@cccure.org)
Date: 01/09/03

  • Next message: James-lists: "Re: Making a W2K with Internet Connection Sharing secure"
    From: "Clement Dupuis" <cdupuis@cccure.org>
    To: "'Rapaille Max'" <Max.Rapaille@nbb.be>, "'Dallas Hindle'" <dallash@optushome.com.au>, <security-basics@securityfocus.com>, <focus-ids@securityfocus.com>
    Date: Thu, 9 Jan 2003 16:06:54 -0600
    
    

    Lately the OSSTMM methodology has been converted into a very good course
    called OPST (OSSTMM Professionnal Security Tester). The course is
    delivered in the states by www.intenseschool.com and other providers
    worldwide.

    Enjoy

    Clement

    > -----Original Message-----
    > From: Rapaille Max [mailto:Max.Rapaille@nbb.be]
    > Sent: Wednesday, January 08, 2003 1:06 AM
    > To: Dallas Hindle; security-basics@securityfocus.com;
    > focus-ids@securityfocus.com
    > Subject: RE: General Security audit question
    >
    >
    > HI.
    >
    > You could have a look at the osstmm : Open Source Security
    > Testing Methodology Manual. A very good doc for Sec audit.
    > Available for free at www.osstmm.org, or perhaps
    www.ideahamster.org... I think they changed the name not so long ago,
    but you should be able to find the link easely to the new address.

    A very nice and recommended reading. They give a good description and
    follow some international standards.. Should you not find it, send me a
    mail off-list, I will send you a copy.

    Regards,

    MAx

    -----Original Message-----
    From: Dallas Hindle [mailto:dallash@optushome.com.au]
    Sent: 07 January 2003 06:11
    To: security-basics@securityfocus.com; focus-ids@securityfocus.com
    Subject: General Security audit question

    Hi
     
    I've been asked to perform a security audit on a site (Stock Broker) and
    to report on all Site, network, server and software issues that I
    encounter
     
    I have a pretty decent idea of what I'm looking for, but if anyone has
    any links to, or templates of what you would find in a security audit
    could you please let me know or send me a copy?
     
     
     
    Thanks
     
    Dallas