Penetration Testing mailing list archives
Re: Standards for penetration testing
From: "Brahman (TPG)" <btlingham () tpg com au>
Date: Fri, 5 Mar 2004 15:32:39 +1100
Hi Thomas, in addition to reading ISO/IEC 17799 I would also like to point you to AS/NZS 7799.2:2003. This is a standard which is used to certify an organisation's information security maangeemnt system and I think is well worht reading as it allows a managed approach to informations ecurity ratehr than an adhoc approach taken by many organsiations. I am happy to discuss this further with you if you wish. You can find more information about this by visiting http://www.sai-global.com Regards Brahman ----- Original Message ----- From: "Thomas Kerbl" <thomas.kerbl () fh-hagenberg at> To: <pen-test () securityfocus com> Sent: Friday, March 05, 2004 5:08 AM Subject: Standards for penetration testing
Hello list, I'm currently doing some research for my thesis on penetration testing methods. Therefor I'm looking for widely used standards in this area. Here a collection of what I've already found: * OSSTMM - Open Source Security Testing Methodology Manual * Durchfuehrungskonzept fuer Penetrationstests (BSI - Germany) * NIST Guideline on Network Security Testing (special publ. 800-42) I tried (additional to google search) to find further standards in RFC repositories, the IEEE publication database, CERT, the ITIL website and of course the securityfocus archive. I couldn't find much usefull information on the penetration-test topic. Of course there are many great security ressources, but not exactly the information I was looking for. Can anyone point me to other standards for penetration testing? If there are any other "must-read" papers (like ISO17799 for example) out there, they are also welcome. I can make use of english and german documents. tia, Thomas Kerbl -- ~ FH-Hagenberg: Computer & Media Security ~ http://cms.fh-hagenberg.at ~ my GPG key ID: 0x924042D1 --------------------------------------------------------------------------
-
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or
less
to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the
skills
of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html --------------------------------------------------------------------------
--
------------------------------------------------------------------------------ Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html -------------------------------------------------------------------------------
Current thread:
- Re: Standards for penetration testing Brahman (TPG) (Apr 30)