RE: PenTest Checklist



If it is any use to the list, the report Carl references:

Penetration Test Sample Report (Network & System)
http://www.besnard.org/biometrics/2BIO706_business_report.pdf

Was submitted by the a student (the guy on the web site) as part of the
Westminster University Biometrics MSc course.

It was the report for the end of week test, on the Penetration Testing
Module. I know this because as well as writing the course, I presented
it and built the test LAN they attacked.

The course is still available thought the University www.wmin.ac.uk
(although I do not personally lecture there any more).

If any one is interested in the Master report that was presented to the
students, drop me a line and I can dig it out for you.

Steve A

----------------------------------------

NEW - UK IT Security Forum www.logicallysecure.com/forum


-----Original Message-----
From: Carl Davis [mailto:cdavis@xxxxxxxxx]
Sent: 26 April 2006 11:58
To: 'Mr.Hartmann'
Cc: 'Securi Net'; security-basics@xxxxxxxxxxxxxxxxx
Subject: RE: PenTest Checklist

Below are links to resources that may come in handy:

OWASP Guide to Web Application Penetration Testing (Web App)
http://www.owasp.org/documentation/testing.html

Web Application Cheatsheet Version 2 (Web App)
http://www.secguru.com/files/temp/webappcheatsheet2.pdf

Reconnaissance Cheatsheet (Web App -> General)
http://www.professionalsecuritytesters.org/Documents/cheatsheets/reconna
issa
nceCheatSheet.pdf

Penetration Test Sample Report (Network & System)
http://www.besnard.org/biometrics/2BIO706_business_report.pdf

Imperva Penetration Test Report Example (Web App)
http://www.imperva.com/docs/VedaPenetrationTest.pdf

Penetration Test Report Outline (General)
http://www.deaddrop.com/InfoSec/Audit/SampleReports/penetrationReport.ht
ml


Cheers,

Carl Davis,C|EH,CISSP,MCSE,CCSA
Site: http://www.rvasi.com
Forum: http://www.rvasi.com/forum

-----Original Message-----
From: Mr.Hartmann [mailto:hartmann@xxxxxxxxxxxxxx]
Sent: Thursday, April 20, 2006 8:29 PM
To: 'Securi Net'; security-basics@xxxxxxxxxxxxxxxxx
Subject: PenTest Checklist

Hi,

Is there any site where I could get a sample of penetration test (remote
&
web) checklist/standard/guide and sample reports?

Thanks.
Adam


/******************************************************************\
This message and any attachment(s) are confidential and may be
privileged or otherwise protected from disclosure. If you are not the
intended recipient, please telephone or e-mail the sender and delete
this message and any attachment from your system. If you are not the
intended recipient you must not copy this message or attachment or
disclose the content to any other person.

Any opinion, view and/or other information in this message and/or any
attachment(s) hereto which do not relate to the official business of
Star Publications (Malaysia) Bhd shall not be deemed given nor endorsed
by Star Publications (Malaysia) Bhd. Our company is not responsible for
any activity that might be considered to be an illegal and/or improper
use of email.

E-mail transmissions cannot be guaranteed to be secured or error-free as
information could be intercepted, corrupted, lost, destroyed, delayed,
incomplete or contain viruses. The sender therefore does not accept
liability for any errors or omissions in the contents of this message or
for any virus damage which may arise as a result of this e-mail
transmission.
/******************************************************************\

------------------------------------------------------------------------
-
This List Sponsored by: Webroot

Don't leave your confidential company and customer records un-protected.

Try Webroot's Spy Sweeper Enterprise(TM) for 30 days for FREE with no
obligation. See why so many companies trust Spy Sweeper Enterprise to
eradicate spyware from their networks.
FREE 30-Day Trial of Spy Sweeper Enterprise

http://www.webroot.com/forms/enterprise_lead.php
------------------------------------------------------------------------
--



------------------------------------------------------------------------
-
This List Sponsored by: Webroot

Don't leave your confidential company and customer records un-protected.

Try Webroot's Spy Sweeper Enterprise(TM) for 30 days for FREE with no
obligation. See why so many companies trust Spy Sweeper Enterprise to
eradicate spyware from their networks.
FREE 30-Day Trial of Spy Sweeper Enterprise

http://www.webroot.com/forms/enterprise_lead.php
------------------------------------------------------------------------
--


-------------------------------------------------------------------------
This List Sponsored by: Webroot

Don't leave your confidential company and customer records un-protected.
Try Webroot's Spy Sweeper Enterprise(TM) for 30 days for FREE with no
obligation. See why so many companies trust Spy Sweeper Enterprise to
eradicate spyware from their networks.
FREE 30-Day Trial of Spy Sweeper Enterprise

http://www.webroot.com/forms/enterprise_lead.php
--------------------------------------------------------------------------



Relevant Pages

  • RE: PenTest Checklist
    ... Penetration Test Sample Report ... Try Webroot's Spy Sweeper Enterprisefor 30 days for FREE with no ... See why so many companies trust Spy Sweeper Enterprise to ... FREE 30-Day Trial of Spy Sweeper Enterprise ...
    (Security-Basics)
  • RE: malware block my PC for to enter in internet, possible?
    ... Try Webroot's Spy Sweeper Enterprisefor 30 days for FREE with no ... See why so many companies trust Spy Sweeper Enterprise to ... eradicate spyware from their networks. ... FREE 30-Day Trial of Spy Sweeper Enterprise ...
    (Security-Basics)
  • Re: Traceroute and Ping result save to database
    ... Try Webroot's Spy Sweeper Enterprisefor 30 days for FREE with no ... See why so many companies trust Spy Sweeper Enterprise to ... eradicate spyware from their networks. ... FREE 30-Day Trial of Spy Sweeper Enterprise ...
    (Security-Basics)
  • RE: Finding Wireless APs on your network
    ... You could ping all hosts in all networks with nmap -sP and through ... Try Webroot's Spy Sweeper Enterprisefor 30 days for FREE with no ... See why so many companies trust Spy Sweeper Enterprise to ... FREE 30-Day Trial of Spy Sweeper Enterprise ...
    (Security-Basics)
  • Re: Annoyed with M$
    ... Try Webroot's Spy Sweeper Enterprisefor 30 days for FREE with no ... See why so many companies trust Spy Sweeper Enterprise to ... eradicate spyware from their networks. ... FREE 30-Day Trial of Spy Sweeper Enterprise ...
    (Security-Basics)