Penetration Testing mailing list archives
Re: Pentest Letter of Achievement/Certificate
From: "Matthew J. Harmon" <matthew.j.harmon () quorumsecurity com>
Date: Thu, 14 Jul 2005 11:49:27 -0500 (CDT)
On Wed, 13 Jul 2005, Travis Good wrote: [snip]
Security audits are not marketing tools.
http://www.cafepress.com/hoganstore/617378 http://www.cafepress.com/ph4tl3wt/332961 Got FUD? -Matthew Matthew J. Harmon Principal Security Consultant Quorum Security, Inc. matthew.j.harmon () quorumsecurity com +1 612.987.0115 [This was inline posting, not top posting] On Wed, 13 Jul 2005, blowfish 448 wrote:
Tom, Ralph, thanks for the input, and I totally agree. Should have been paying more attention to the wording I used. It's not so much providing a certificate of success, here I agree with your arguments, but rather an objective statement of penetration testing has been executed at a certain period in time on infrastructure X at customer Y by company Z. This so they can show to their customer base they take security serious and have undergone testing.> From my experience in the financial market customers and partners - e.g. other banks -of financial organisations asking for such proof is absolutely not so uncommon. Thanks > On 7/12/05, blowfish 448 <blowfish448 () hotmail com> wrote: > > Hi, > > > > any of you know if any 'standards' or accepted guidelines exist for a > letter > > or certification > > of succesfull resistance to Penetration Testing/Vulnerability Assessment. > > Customers often > > demand to have a proof delivered by their Penetration Test service > provider > > to show to their > > partners and customers. > > > > The idea of course is not to disclose sensitive information but to briefly > > describe > > the environment tested and how - according to which methodologies and the > > attack vectors > > tested for. > > > > > > Thanks in advance > > > > > >
Travis Good, CISSP, IAM
Current thread:
- Re: Pentest Letter of Achievement/Certificate, (continued)
- Re: Pentest Letter of Achievement/Certificate R. DuFresne (Jul 13)
- Re: Pentest Letter of Achievement/Certificate John Kinsella (Jul 14)
- Re: Pentest Letter of Achievement/Certificate R. DuFresne (Jul 13)
- Re: Pentest Letter of Achievement/Certificate Tom Van de Wiele (Jul 13)
- Re: Pentest Letter of Achievement/Certificate blowfish 448 (Jul 13)
- Re: Pentest Letter of Achievement/Certificate Tom Van de Wiele (Jul 13)
- Re: Pentest Letter of Achievement/Certificate Travis Good (Jul 13)
- Re: Pentest Letter of Achievement/Certificate John Kinsella (Jul 14)
- RE: Pentest Letter of Achievement/Certificate Paul Fields (Jul 14)
- Re: Pentest Letter of Achievement/Certificate Mike Klingler (Jul 15)
- RE: Pentest Letter of Achievement/Certificate Lyal Collins (Jul 15)
- Re: Pentest Letter of Achievement/Certificate blowfish 448 (Jul 13)
- Re: Pentest Letter of Achievement/Certificate Matthew J. Harmon (Jul 14)
- Re: Pentest Letter of Achievement/Certificate Mark Teicher (Jul 13)
- Re: Pentest Letter of Achievement/Certificate Michael Sierchio (Jul 13)