Methodology

[Alex Fiuvertiz <fiuvertiz () gmail com>]

Hi Security-basics,

It seems like there are a lot of different methodologies out there
when it comes down to perfoming penetration tests.
But how often are people/pentesters out there use the
industry/official "standards" (se example list below)?
Are you/they using them mostly for the client's sake when writing
reports and to make sure you don't overlook anything?

Or are you ignoring them totally and just hack away and have your own
ultimate methodology (perhaps based on one of the methodologies
specified below) and report format?


PTF? Perhaps more of a techincal reference
(http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html)
OSSTMM ?
NIST?
ISSAF?
Foundstone's methodology?
xxxxx?

I realize the methodologies above can't be compared quite simply, but
at least they give you a hint of what I mean.
Do you use any of these? Why? Why not?

Regards, Alex

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------