Penetration Testing mailing list archives

RE: Standards for penetration testing

From: "Rafael Ausejo Prieto" <rafael () ausejo net>
Date: Thu, 4 Mar 2004 23:08:14 +0100

* OSSTMM - Open Source Security Testing Methodology Manual
* Durchfuehrungskonzept fuer Penetrationstests (BSI - Germany)
* NIST Guideline on Network Security Testing (special publ. 800-42)

Can anyone point me to other standards for penetration testing?


ISACA (Information Systems Audit and Control Association)
released this month an exposure draft:

"IS AUDITING PROCEDURE PENETRATION TESTING AND VULNERABILITY ANALYSIS
DOCUMENT"
This material was issued on 1 February 2004. Exposure period closes 31 March
2004.

I suppose it's not yet publicy available (just for ISACA members review);
but it could be in the near future...


Rafael Ausejo Prieto
rafael () ausejo net
http://www.ausejo.net/ 


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------

Current thread:

Standards for penetration testing Thomas Kerbl (Mar 04)
- RE: Standards for penetration testing Rafael Ausejo Prieto (Mar 05)
  - Re: Standards for penetration testing Brahman (TPG Account) (Mar 07)
- <Possible follow-ups>
- RE: Standards for penetration testing Rosado, Rafael (Rafael) (Mar 05)
- Re: Standards for penetration testing Karsten Johansson (Mar 07)