Re: Penetration Techniques/Tool Used in the Testing

[Gamble <a629w () unb ca>]

Hey,

> Where can I get a listing of the most commonly used Penetration testing
> techniques within past twelve months. 

You should check out http://www.insecure.org/tools.html for a list of
the top 50 security tools.  

> I would appreciate any input (white paper,
> specific web site, individual, institute or company name and phone numbers) that
> you could provide me. I would like to collect any statistical data regarding
> usage of these techniques if they are available. 

http://project.honeynet.org/ is a site dedicated to providing infomation
about attacks on their honeypot.  

http://www.attrition.org/mirror/attrition/stats.html 
This page can give you some info on defacement statistics.  It dosn't
cover the techniques used, but it gives info on what OS's are being
defaced.  It might be useful to use this along with the bugtraq archives
to see how the number of hacks for certain operating systems increases
once a remote hole is found.

> I am also looking to find a list of top twenty or so vulnerabilities
> existing/introduced in the past twelve months. Backup data for each
> vulnerability would be helpful too. 

http://www.sans.org/topten.htm is a site which tells you how to elimiate
the top 10 security threats.  Poking around the SANS website will give you
a lot of good infomation which should be useful.

> I am writing a paper and like to cross reference list of the vulnerabilities
> with the penetration techniques that could identify the listed vulnerabilities
> in the tested system/network. Thank you

Good luck

> Regards,
> Reza Ghaffari
> Email: Reza.CTR.Ghaffari () faa gov


Cheers,  

-- Jamie Gamble