Penetration Testing mailing list archives
Re: Standards for penetration testing
From: "Brahman (TPG Account)" <btlingham () tpg com au>
Date: Sat, 6 Mar 2004 18:40:30 +1100
I would also reccomend reviewing AS/NZS 7799.2:2003 in addition to ISO/IEC 17799:2000. These standards are available at http://www.sai-global.com Regards Brahman Acting Program Manager Information Security Management Systems btlingham () sai-global com ----- Original Message ----- From: "Rafael Ausejo Prieto" <rafael () ausejo net> To: <thomas.kerbl () fh-hagenberg at> Cc: <pen-test () securityfocus com> Sent: Friday, March 05, 2004 9:08 AM Subject: RE: Standards for penetration testing
* OSSTMM - Open Source Security Testing Methodology Manual * Durchfuehrungskonzept fuer Penetrationstests (BSI - Germany) * NIST Guideline on Network Security Testing (special publ. 800-42)Can anyone point me to other standards for penetration testing?ISACA (Information Systems Audit and Control Association) released this month an exposure draft: "IS AUDITING PROCEDURE PENETRATION TESTING AND VULNERABILITY ANALYSIS DOCUMENT" This material was issued on 1 February 2004. Exposure period closes 31
March
2004. I suppose it's not yet publicy available (just for ISACA members review); but it could be in the near future... Rafael Ausejo Prieto rafael () ausejo net http://www.ausejo.net/ --------------------------------------------------------------------------
-
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or
less
to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the
skills
of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html --------------------------------------------------------------------------
--
--------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- Standards for penetration testing Thomas Kerbl (Mar 04)
- RE: Standards for penetration testing Rafael Ausejo Prieto (Mar 05)
- Re: Standards for penetration testing Brahman (TPG Account) (Mar 07)
- <Possible follow-ups>
- RE: Standards for penetration testing Rosado, Rafael (Rafael) (Mar 05)
- Re: Standards for penetration testing Karsten Johansson (Mar 07)
- RE: Standards for penetration testing Rafael Ausejo Prieto (Mar 05)