Penetration Testing mailing list archives
Re: pentest documentation
From: Gareth Davies <gareth.davies () mynetsec com>
Date: Tue, 03 Oct 2006 04:13:04 +0800
Jürgen R. Plasser wrote:
Hi All, How do you document and log the pentest session itself?I want to document the pentest process in detail, not only for the customer, but for later reviews and to avoid legal difficulties.What are the best tools to accomplish that or do you even record the sessions on video with a camcorder? Or some kind of screen recorder?Thanks, Jürgen
Same as when you do forensics, record the whole session, input and output, write it out to a text file, file command and last commands are time/date.
Then provide an md5 of the whole thing. Cheers -- Gareth Davies - ISO 27001 LA, OPST Manager - Security Practice Network Security Solutions MSC Sdn. Bhd. Suite E-07-21, Block E, Plaza Mont' Kiara, No. 2 Jalan Kiara, Mont’ Kiara, 50480Kuala Lumpur, Malaysia Phone: +603-6203 5303 or +603-6203 5920
www.mynetsec.com ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
Current thread:
- pentest documentation Jürgen R. Plasser (Oct 02)
- Re: pentest documentation David Swafford (Oct 02)
- Re: pentest documentation Jürgen R. Plasser (Oct 02)
- Re: pentest documentation Andres Riancho (Oct 02)
- Re: pentest documentation IndianZ (Oct 02)
- Re: pentest documentation Jason Ross (Oct 02)
- Re: pentest documentation Jürgen R. Plasser (Oct 03)
- Re: pentest documentation Jürgen R. Plasser (Oct 02)
- Re: pentest documentation David Swafford (Oct 02)
- Re: pentest documentation Tonnerre Lombard (Oct 03)
- <Possible follow-ups>
- Re: Re: pentest documentation krymson (Oct 02)
- Re: pentest documentation David Ball (Oct 03)
- RE: Re: pentest documentation William Woodhams (Oct 03)
- Re: pentest documentation Ben Anderson (Oct 03)