Penetration Testing mailing list archives
RE: Sizing Pentest
From: "Anup Singh" <anup () ealcatraz com>
Date: Fri, 29 Jun 2001 13:37:47 +0530
I think The pentest for a financial institution should conform to SAS 70 document for financial information security. Go thro the document.. you should have a fair enuff idea.. regards -----Original Message----- From: Leonardo Loro [mailto:leoloro () microsoft com] Sent: Thursday, June 28, 2001 11:19 AM To: Penetration Testing (E-mail) Subject: Sizing Pentest Hi all, Which keypoints should be taken in account when sizing a pen test (for a financial institution that wants to check the vulnerabilities of their intranet systems vulnerability). Should it be charged x hour? X server? X Deliverables? Basically, they have 10 Sun 450e and 10 W2k servers on their intranet, and a PIX in to work as a FW in front of them. Thx, Leo ---------------------------------------------------------------------------- ---------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
<<attachment: winmail.dat>>
-------------------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Sizing Pentest Leonardo Loro (Jun 28)
- RE: Sizing Pentest Anup Singh (Jun 29)
- <Possible follow-ups>
- RE: Sizing Pentest stephen (Jun 29)