Penetration Testing mailing list archives

RE: Sizing Pentest

From: "Anup Singh" <anup () ealcatraz com>
Date: Fri, 29 Jun 2001 13:37:47 +0530

I think The pentest for a financial institution should conform to SAS 70
document for financial information security. Go thro the document.. you
should have a fair enuff idea..

regards

-----Original Message-----
From: Leonardo Loro [mailto:leoloro () microsoft com]
Sent: Thursday, June 28, 2001 11:19 AM
To: Penetration Testing (E-mail)
Subject: Sizing Pentest

Hi all,

Which keypoints should be taken in account when sizing a pen test (for a
financial institution that wants to check the vulnerabilities of their
intranet systems vulnerability).  Should it be charged x hour? X server?
X Deliverables? 

Basically, they have 10 Sun 450e and 10 W2k servers on their intranet,
and a PIX in to work as a FW in front of them.

Thx,

Leo

----------------------------------------------------------------------------
----------

This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service
For more information on SecurityFocus' SIA service which automatically
alerts you to 
the latest security vulnerabilities please see:

https://alerts.securityfocus.com/

<<attachment: winmail.dat>>

--------------------------------------------------------------------------------------

This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service
For more information on SecurityFocus' SIA service which automatically alerts you to 
the latest security vulnerabilities please see:

https://alerts.securityfocus.com/

Current thread:

Sizing Pentest Leonardo Loro (Jun 28)
- RE: Sizing Pentest Anup Singh (Jun 29)
- <Possible follow-ups>
- RE: Sizing Pentest stephen (Jun 29)