Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Security Audit

From: Aleksander Czarnowski <alekc () avet com pl>
Date: Fri, 7 Sep 2001 17:23:22 +0200 
Then maybe someone should define what the components are for 
a standard penetration test, a vulnerability assessment, and 
a security audit.

There is already one freely available and it is called Open Source Security
Testing Methodology (http://uk.osstmm.org/osstmm.htm). In RFCs you will find
Site Security Handbook (it's not on pen-test, but I guess it can be useful
anyway).  On the other hand many companies have their own methodology which
they do not like to distribute outside. Creating proper and efficient
methodology is very difficult task that not every one can accomplish.
Because of this market demands such solution and the cost of some services
is high. Price is also based on resources and time needed to create such
methodology. And please remember that after creating your methodology should
be research further to keep up with the rest of the world.
Regards,
Aleksander Czarnowski
AVET INS

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
Previous By Date Next
Previous By Thread Next

Current thread: