Penetration Testing mailing list archives

RE: An idiot question

From: Omar Prunera Dols <oprunera () salleURL edu>
Date: Thu, 28 Oct 2004 17:13:08 +0200 (CEST)

Hi all,

I totally agree with Todd with his definition of pen-testing (Pen-test is
like controlled hacking...), but when he says that there's no "exactly how
to do it manual", i would say that's not 100% correct. Have your ever
heard about OSSTMM?. This is the Open Source Security Testing Methodology
Manual, and is not a "how to do manual" but is a good guideline to perform
correctly a security test.

I recommend you to take a look at http://isecom.org and to the OSSTMM

See you



On Tue, 26 Oct 2004, Todd Towles wrote:

Run over to insecure.org and look at all the tools. Pen-test is like
controlled hacking...there is no "exactly how to do it manual" and to
tell you the truth, there really shouldn't be one.

Read, read read....and then..do do do in a controlled world. Reading
everything in sight can get you to the door with the information but
only "doing" can step you into the other room.

-----Original Message-----
From: Profeta [mailto:profetago () bol com br]
Sent: Tuesday, October 26, 2004 10:31 AM
To: pen-test () securityfocus com
Subject: An idiot question

Is there some sites that given an arsenal of tools to realize
pen tests ? I know that www.packetstormsecurity.nl is a good
start, but, there is another site that is more expecific to
download some tools ? Thanks the attention!

Pr0ph3t

--------------------------------------------------------------
----------------
Internet Security Systems. - Keeping You Ahead of the Threat

When business losses are measured in seconds, Internet
threats must be stopped before they impact your network. To
learn how Internet Security Systems keeps organizations ahead
of the threat with preemptive intrusion prevention, download
the new whitepaper, Defining the Rules of Preemptive
Protection, and end your reliance on reactive security technology.

http://www.securityfocus.com/sponsor/ISS_pen-test_041001
--------------------------------------------------------------
-----------------


------------------------------------------------------------------------------
Internet Security Systems. - Keeping You Ahead of the Threat

When business losses are measured in seconds, Internet threats must be stopped before they impact your network. To 
learn how Internet Security Systems keeps organizations ahead of the threat with preemptive intrusion prevention, 
download the new whitepaper, Defining the Rules of Preemptive Protection, and end your reliance on reactive security 
technology.

http://www.securityfocus.com/sponsor/ISS_pen-test_041001
-------------------------------------------------------------------------------


Sincerely,
-omar.

Omar Prunera i Dols

Networking Dept. - Security Area
Enginyeria i Arquitectura La Salle

Homepage: http://omar.squarespace.com
E-mail: oprunera () salleurl edu
        omar () isecom org
        omar () ideahamster org
        oprunera () gmail com

Current thread:

RE: An idiot question Randy Golly (Nov 01)
- <Possible follow-ups>
- RE: An idiot question Richard Zaluski (Nov 01)
- RE: An idiot question Omar Prunera Dols (Nov 01)
  - RE: An idiot question Richard Zaluski (Nov 03)
- Re: Re: An idiot question jwoloz (Nov 01)
- RE: An idiot question Matthew Wilson (Nov 02)
  - Re: An idiot question Alvin Packard (Nov 03)
- RE: An idiot question Shaineel Singh (Nov 03)