Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: pentest documentation

From: Gareth Davies <gareth.davies () mynetsec com>
Date: Tue, 03 Oct 2006 04:13:04 +0800
Jürgen R. Plasser wrote:

Hi All,

How do you document and log the pentest session itself?
I want to document the pentest process in detail, not only for the customer, but for later reviews and to avoid legal difficulties.
What are the best tools to accomplish that or do you even record the sessions on video with a camcorder? Or some kind of screen recorder? 

Thanks,

Jürgen
Same as when you do forensics, record the whole session, input and output, write it out to a text file, file command and last commands are time/date. 

Then provide an md5 of the whole thing.

Cheers

--
Gareth Davies - ISO 27001 LA, OPST

Manager - Security Practice

Network Security Solutions MSC Sdn. Bhd.
Suite E-07-21, Block E, Plaza Mont' Kiara, No. 2 Jalan Kiara,
Mont’ Kiara, 50480
Kuala Lumpur, Malaysia Phone: +603-6203 5303 or +603-6203 5920 

www.mynetsec.com


------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: