RE: General Security audit question

["Clement Dupuis" <cdupuis () cccure org>]

Lately the OSSTMM methodology has been converted into a very good course
called OPST (OSSTMM Professionnal Security Tester).  The course is
delivered in the states by www.intenseschool.com and other providers
worldwide.

Enjoy

Clement


> -----Original Message-----
> From: Rapaille Max [mailto:Max.Rapaille () nbb be] 
> Sent: Wednesday, January 08, 2003 1:06 AM
> To: Dallas Hindle; security-basics () securityfocus com; 
> focus-ids () securityfocus com
> Subject: RE: General Security audit question
>
>
> HI.
>
> You could have a look at the osstmm : Open Source Security 
> Testing Methodology Manual.  A very good doc for Sec audit. 
> Available for free at www.osstmm.org, or perhaps 
www.ideahamster.org...  I think they changed the name not so long ago,
but you should be able to find the link easely to the new address.

A very nice and recommended reading.  They give a good description and
follow some international standards.. Should you not find it, send me a
mail off-list, I will send you a copy.

Regards,

MAx



-----Original Message-----
From: Dallas Hindle [mailto:dallash () optushome com au] 
Sent: 07 January 2003 06:11
To: security-basics () securityfocus com; focus-ids () securityfocus com
Subject: General Security audit question


Hi
 
I've been asked to perform a security audit on a site (Stock Broker) and
to report on all Site, network, server and software issues that I
encounter
 
I have a pretty decent idea of what I'm looking for, but if anyone has
any links to, or templates of what you would find in a security audit
could you please let me know or send me a copy?
 
 
 
Thanks
 
Dallas