Security Basics mailing list archives
RE: PenTest Checklist
From: "Steve Armstrong" <stevearmstrong () logicallysecure com>
Date: Tue, 9 May 2006 00:07:08 +0100
Further to my last, I had a large number of requests for the template so we have put it on the site (having updated the doc version, removed *most* of the typos and saved it in rich text format). http://www.logicallysecure.com/resources/templates/templates_tips_and_gu ides.html Hope this is of use to some. Please let me know if we are missing something or need to remove some old stuff. Note the MD5 hash is for info the sha256 is one for confidence. Steve A -----Original Message----- From: Steve Armstrong [mailto:stevearmstrong () logicallysecure com] Sent: 28 April 2006 00:10 To: security-basics () securityfocus com Subject: RE: PenTest Checklist If it is any use to the list, the report Carl references: Penetration Test Sample Report (Network & System) http://www.besnard.org/biometrics/2BIO706_business_report.pdf Was submitted by the a student (the guy on the web site) as part of the Westminster University Biometrics MSc course. It was the report for the end of week test, on the Penetration Testing Module. I know this because as well as writing the course, I presented it and built the test LAN they attacked. The course is still available thought the University www.wmin.ac.uk (although I do not personally lecture there any more). If any one is interested in the Master report that was presented to the students, drop me a line and I can dig it out for you. Steve A ---------------------------------------- NEW - UK IT Security Forum www.logicallysecure.com/forum -----Original Message----- From: Carl Davis [mailto:cdavis () rvasi com] Sent: 26 April 2006 11:58 To: 'Mr.Hartmann' Cc: 'Securi Net'; security-basics () securityfocus com Subject: RE: PenTest Checklist Below are links to resources that may come in handy: OWASP Guide to Web Application Penetration Testing (Web App) http://www.owasp.org/documentation/testing.html Web Application Cheatsheet Version 2 (Web App) http://www.secguru.com/files/temp/webappcheatsheet2.pdf Reconnaissance Cheatsheet (Web App -> General) http://www.professionalsecuritytesters.org/Documents/cheatsheets/reconna issa nceCheatSheet.pdf Penetration Test Sample Report (Network & System) http://www.besnard.org/biometrics/2BIO706_business_report.pdf Imperva Penetration Test Report Example (Web App) http://www.imperva.com/docs/VedaPenetrationTest.pdf Penetration Test Report Outline (General) http://www.deaddrop.com/InfoSec/Audit/SampleReports/penetrationReport.ht ml Cheers, Carl Davis,C|EH,CISSP,MCSE,CCSA Site: http://www.rvasi.com Forum: http://www.rvasi.com/forum -----Original Message----- From: Mr.Hartmann [mailto:hartmann () thestar com my] Sent: Thursday, April 20, 2006 8:29 PM To: 'Securi Net'; security-basics () securityfocus com Subject: PenTest Checklist Hi, Is there any site where I could get a sample of penetration test (remote & web) checklist/standard/guide and sample reports? Thanks. Adam /******************************************************************\ This message and any attachment(s) are confidential and may be privileged or otherwise protected from disclosure. If you are not the intended recipient, please telephone or e-mail the sender and delete this message and any attachment from your system. If you are not the intended recipient you must not copy this message or attachment or disclose the content to any other person. Any opinion, view and/or other information in this message and/or any attachment(s) hereto which do not relate to the official business of Star Publications (Malaysia) Bhd shall not be deemed given nor endorsed by Star Publications (Malaysia) Bhd. Our company is not responsible for any activity that might be considered to be an illegal and/or improper use of email. E-mail transmissions cannot be guaranteed to be secured or error-free as information could be intercepted, corrupted, lost, destroyed, delayed, incomplete or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message or for any virus damage which may arise as a result of this e-mail transmission. /******************************************************************\ ------------------------------------------------------------------------ - This List Sponsored by: Webroot Don't leave your confidential company and customer records un-protected. Try Webroot's Spy Sweeper Enterprise(TM) for 30 days for FREE with no obligation. See why so many companies trust Spy Sweeper Enterprise to eradicate spyware from their networks. FREE 30-Day Trial of Spy Sweeper Enterprise http://www.webroot.com/forms/enterprise_lead.php ------------------------------------------------------------------------ -- ------------------------------------------------------------------------ - This List Sponsored by: Webroot Don't leave your confidential company and customer records un-protected. Try Webroot's Spy Sweeper Enterprise(TM) for 30 days for FREE with no obligation. See why so many companies trust Spy Sweeper Enterprise to eradicate spyware from their networks. FREE 30-Day Trial of Spy Sweeper Enterprise http://www.webroot.com/forms/enterprise_lead.php ------------------------------------------------------------------------ -- ------------------------------------------------------------------------ - This List Sponsored by: Webroot Don't leave your confidential company and customer records un-protected. Try Webroot's Spy Sweeper Enterprise(TM) for 30 days for FREE with no obligation. See why so many companies trust Spy Sweeper Enterprise to eradicate spyware from their networks. FREE 30-Day Trial of Spy Sweeper Enterprise http://www.webroot.com/forms/enterprise_lead.php ------------------------------------------------------------------------ --
Current thread:
- RE: PenTest Checklist Steve Armstrong (May 09)