Security Basics mailing list archives
Methodology
From: Alex Fiuvertiz <fiuvertiz () gmail com>
Date: Wed, 18 Nov 2009 17:26:10 +0100
Hi Security-basics, It seems like there are a lot of different methodologies out there when it comes down to perfoming penetration tests. But how often are people/pentesters out there use the industry/official "standards" (se example list below)? Are you/they using them mostly for the client's sake when writing reports and to make sure you don't overlook anything? Or are you ignoring them totally and just hack away and have your own ultimate methodology (perhaps based on one of the methodologies specified below) and report format? PTF? Perhaps more of a techincal reference (http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html) OSSTMM ? NIST? ISSAF? Foundstone's methodology? xxxxx? I realize the methodologies above can't be compared quite simply, but at least they give you a hint of what I mean. Do you use any of these? Why? Why not? Regards, Alex ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Methodology Alex Fiuvertiz (Nov 19)