Security Basics mailing list archives

Re: Security Audit & pen testing fnial report

From: "Ulisses Castro (thebug)" <uss.thebug () gmail com>
Date: Tue, 21 Oct 2008 17:36:35 -0200

Michael, maybe you can find some useful on securitydocs.com...

http://searchsecurity.techtarget.com/search/1,293876,sid14,00.html?cref=http%3A%2F%2Fmedia.techtarget.com%2FGCS%2Flive%2FsearchSecurity_cse_site.xml&cof=FORID%3A9&channel=searchsecurity&client=techtarget&q=penetration+test+report&x=0&y=0#1195

or maybe.. (I dont know exactly what you want...) on owasp.org

http://www.owasp.org/index.php/Category:OWASP_Legal_Project

And have another one from Imperva little bit older, but very very useful...

http://www.attackprevention.com/article/Sample_Penetration_Test_Report-2450.html

Regards,

Ulisses Castro


On Mon, Oct 20, 2008 at 6:27 PM, Michael Condon
<admin () singulartechnologysolutions com> wrote:

SANS has some of the best information, but it has to be parsed, regurgitated
(which is not such a bad exercise in itself).
I myself like to get as much information as I can from a variety of sources,
compare them with my own outline, and expand on it.
I saw some on the Internet that were really pretty, but as far as content
goes, they sort of blew.
----- Original Message ----- From: "Stephen Thornber" <skthornber () mac com>
To: "Michael Condon" <admin () singulartechnologysolutions com>
Cc: "Stephen Thornber" <skthornber () mac com>; "Richard Golodner"
<rgolodner () infratection com>; <security-basics () securityfocus com>
Sent: Monday, October 20, 2008 2:22 PM
Subject: Re: Security Audit & pen testing fnial report

I find it mind bogglingly - my new word of the day - amazing that  people
will not help, with straight answers instead of being obtuse or  rude. If
you know the answer to a question why not just give it  instead of saying go
and look it up. If the information sought is not  a trade secret, going to
take away your next customer, illegal or  against some national security
mandate, why oh why not give up the  information.

I too look for stuff on google all the time but rarely actually find  all
or a satisfying, easy to understand, lay approach to my  requirements.

I hate the better than you attitude, he says taking on a similar approach.

.... For me there are many useful books on audit and pen testing, and
there are many organizations that you could talk too, ISACA for  example,
SANS as another.

Books - Penetration testers Open Source toolkit, Exam Prep for  Certified
Ethical Hackers, Common Sense Computer Security etc etc, See  Amazon or
similar for Hundreds of other titles.

Now down to business, I will gladly send you more details of material  and
example reports for different things and I will gladly help in any  other
way you might need it.

So drop me a line off list anytime,

describe exactly what it is you are trying to achieve and I will,  either
answer or help you to answer the problem.

Yours

Stephen K THORNBER
MRSH, MBCS, CISM, CISSP


On 20 Oct 2008, at 18:29, Michael Condon wrote:

Yes, of course I've tried Google. If I was satisfied with what I  found,
you wouldn't be getting this message.
----- Original Message ----- From: "Richard Golodner"
<rgolodner () infratection com

To: "'Michael Condon'" <admin () singulartechnologysolutions com>;
<security-basics () securityfocus com

Sent: Monday, October 20, 2008 12:11 PM
Subject: RE: Security Audit & pen testing fnial report

Michael, most of this stuff is easily found by using Google. As you
move forward in your career you will find that people will be  willing
to
help a lot more once you have demonstrated that you have made an attempt
to
find some of this on your own. Also being able to use the information
available to you will help you get your job done better and waste  less
time
waiting on answers from other people.

   most sincerely, Richard


-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com
] On
Behalf Of Michael Condon
Sent: Monday, October 20, 2008 10:05 AM
To: security-basics () securityfocus com; pen-test () securityfocus com
Subject: Security Audit & pen testing fnial report

Does anyone know where there are some sample
1). Final reports of Security Audit to Management
2). Basic outline for Security Audit/Pen testing procedure checklist?

Current thread:

Re: Upptime report tools?, (continued)
- - - Re: Upptime report tools? CJ (Oct 16)
  - Re: Upptime report tools? Kurt Buff (Oct 16)
  - Message not available
    - Webb statistics program Mattias Hemmingtsson (Oct 16)
    - Message not available
    - Re: Disclaimer Jerry (Oct 16)
    - Re: Disclaimer Michael Condon (Oct 17)
    - Message not available
    - Message not available
    - Security Audit & pen testing fnial report Michael Condon (Oct 20)
    - RE: Security Audit & pen testing fnial report Richard Golodner (Oct 20)
    - Re: Security Audit & pen testing fnial report Michael Condon (Oct 20)
    - Re: Security Audit & pen testing fnial report Stephen Thornber (Oct 20)
    - Re: Security Audit & pen testing fnial report Michael Condon (Oct 21)
    - Re: Security Audit & pen testing fnial report Ulisses Castro (thebug) (Oct 22)
    - Re: Security Audit & pen testing fnial report Joey Peloquin (Oct 21)
    - RE: Security Audit & pen testing fnial report Erin Carroll (Oct 22)
    - Message not available
    - Enumeration - determining Firewall/Router address Michael Condon (Oct 21)
    - Re: Enumeration - determining Firewall/Router address Shreyas Zare (Oct 22)
    - Re: Enumeration - determining Firewall/Router address Michael Condon (Oct 22)
    - Re: Enumeration - determining Firewall/Router address Ansgar Wiechers (Oct 22)
  - RE: Upptime report tools? Daniel Gonzalez (Oct 16)
  - Re: Upptime report tools? Jon Kibler (Oct 17)
    - RE: Upptime report tools? Prodigi Child (Oct 17)
    - Re: Upptime report tools? Jon Kibler (Oct 17)

(Thread continues...)