nanog mailing list archives
Re: Penetration Test Assistance
From: Brett Watson <brett () the-watsons org>
Date: Tue, 5 Jun 2012 13:31:02 -0700
On Jun 5, 2012, at 11:34 AM, Darden, Patrick S. wrote:
I'm with Barry--a network diagram showing everything from the pov of the pen team should be part of the end report.
Maybe, maybe not. It all depends on the scope of the engagement. I've had customers ask for very specific pen test of a group of servers, or specific applications, wherein they provide all the topology, system, and network info, and just want me to look at one specific area. Then of course others want a "black box" assessment, wherein they don't tell you anything, and expect you to discover whatever you can discover. I'm personally very specific about scoping, and just give the customer exactly what they want but you've got to "interview" each other to figure all of that out. And totally agree with a previous poster, you should always get a redacted or sample report to see what kind of quality you can expect in the finished product. -b
Current thread:
- Re: Penetration Test Assistance, (continued)
- Re: Penetration Test Assistance Joel jaeggli (Jun 05)
- Re: Penetration Test Assistance Quinn Kuzmich (Jun 05)
- RE: Penetration Test Assistance Baklarz, Ron (Jun 05)
- Re: Penetration Test Assistance dennis (Jun 05)
- Re: Penetration Test Assistance William Herrin (Jun 05)
- Re: Penetration Test Assistance Aled Morris (Jun 05)
- RE: Penetration Test Assistance Darden, Patrick S. (Jun 05)
- Re: Penetration Test Assistance Barry Greene (Jun 05)
- RE: Penetration Test Assistance Darden, Patrick S. (Jun 05)
- Re: Penetration Test Assistance Harry Hoffman (Jun 05)
- Re: Penetration Test Assistance Brett Watson (Jun 05)
- RE: Penetration Test Assistance Darden, Patrick S. (Jun 05)
- Re: Penetration Test Assistance Leo Bicknell (Jun 05)