Penetration Testing mailing list archives

Re: Security Audit

From: "bacano" <bacano () esoterica pt>
Date: Mon, 17 Sep 2001 13:53:54 +0100

Lets try to put things the other way around, for dont get in to the exercise
in semantics that Don Bailey said, or refering ourselfs to a pen test as if
it was only running a scanner or identify one hole in one server to can
exploit it without seeing anything else.

Regarding http://uk.osstmm.org/osstmm.htm, what are the topics for a zero
knowledge pen test or what is called there an Unrestricted Test?

Network Surveying
Port Scanning
System Identification
Services Probing
Vulnerability Research and Testing
Application Testing
Firewall & ACL Testing and Review
Security Policy Review
Privacy Review
Intrusion Detection System (IDS) Testing
Document Grinding (Electronic Dumpster Diving)
Social Engineering
Trusted Systems Testing
Password Cracking
Denial of Service (DoS) Testing
Wireless Network Testing
PBX Testing

[  ]'s bacano


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Current thread:

Re: Security Audit, (continued)
- Re: Security Audit H Carvey (Sep 12)
  - Re: Security Audit R. DuFresne (Sep 12)
    - Re: Security Audit H C (Sep 13)
    - Re: Security Audit R. DuFresne (Sep 13)
    - Re: Security Audit H C (Sep 13)
    - Industry Definitions... possible? was Re: Security Audit Don Bailey (Sep 14)
  - Re: Security Audit Phil Cracknell (Sep 14)
    - Re: Security Audit bacano (Sep 16)
    - RE: Security Audit Dom De Vitto (Sep 18)
- Re: Security Audit H C (Sep 16)
  - Re: Security Audit bacano (Sep 17)