Penetration Testing mailing list archives
Re: [PEN-TEST] Sample penetration report
From: "Teicher, Mark" <mark.teicher () NETWORKICE COM>
Date: Tue, 22 Aug 2000 17:23:53 -0700
Here is an outline that has been used by several different organizations over the years and in some cases still being used by some of the larger type security consulting practices: Executive Summary Findings Recommendations Introduction Purpose and Scope Network Map . Remote Dial-in Map Findings and Recommendations Organizational and Procedural Issues Network Security Responsibility Internal Restrictions Network-Wide Vulnerabilities Firewall Intrusion Detection and Security Monitoring Host Vulnerabilities Dial-in Vulnerabilities Password Issues Network Vulnerabilities Recommendations Industry Best Practices Network Considerations Network Addressing Firewalls Automated Systems Intrusion Detection and Security Monitoring Vulnerability Scanning Host Considerations System Banners Dial-in Access Remote Management of Network Infrastructure Devices Centralized Security Authority Informational Services User Authentication . Passwords Password Administration Password Structure and Policy Appendix Assessment Process Overview Background Security as an Operational Process Security Posture Defined Assessment Process Network Discovery Target System and Vulnerability Identification Data Analysis and Security Design Review At 03:46 PM 8/21/00 -0400, Christopher M. Bergeron wrote:
Can anyone point me to a sample penetration test / vulnerability analysis report somewhere? What types of things does one usually put in such a report?
Current thread:
- [PEN-TEST] Sample penetration report Christopher M. Bergeron (Aug 22)
- Re: [PEN-TEST] Sample penetration report Teicher, Mark (Aug 22)
- Re: [PEN-TEST] Sample penetration report The Unicorn (Aug 24)
- <Possible follow-ups>
- Re: [PEN-TEST] Sample penetration report Knowledgebase i-Net Security (Aug 23)
- Re: [PEN-TEST] Sample penetration report Teicher, Mark (Aug 23)