Penetration Testing mailing list archives
RE: An idiot question
From: "Richard Zaluski" <rzaluski () ivolution ca>
Date: Tue, 2 Nov 2004 09:00:31 -0500
I agree with Omar, the OSSTMM is a great resource and also allows a 'certified' pen test if sections are followed. The OSSTMM is part of iVolutions Applied Penetration Testing Course Material and is used throughout the course to show students methodology behind a Professional Security / Penetration Test. A Pen Test is NOT simply finding the target and running tools. Tools and methodology go hand in hand. You NEED a methodology and you NEED to understand how, when, where and what to run in the way of tool sets to achieve the Methodologies expected results. For those who do not understand the concepts of Penetration testing the OSSTMM is a 'guideline' for Penetration testing and is recognized in the industry. Our advice : Setup a test network Test tools. Read all you can get your hands on about not just Pen Testing but Security Testing A lot of your time will be in Research in the Security Testing Vulnerability arena. Apply those tools to achieve the expected results in the OSSTMM Sections Sign up with online message boards that send you updates on exploits and vulnerabilities. Take a course if you can. Also some organizations have mentor / student programs in which gives you access to someone you can bounce questions off and be a resource. Just our 2 cents! Richard Zaluski, CCNA, CRCP CISO, Security and Infrastructure Services iVolution Technologies Incoporated 905.309.1911 866.601.4678 905.524.8450 (Pager) www.ivolution.ca rzaluski () ivolution ca ======================================================================= === CONFIDENTIALITY NOTICE: This email message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. If you are not the intended recipient, please contact the sender. Any unauthorized review, use, disclosure, or distribution is prohibited. ======================================================================= === PGP Key-ID: 85544DB6 PGP Key fingerprint: 0CD3 FB61 EAF1 11CA 8EC4 513A 75F2 6FC0 8554 -----Original Message----- From: Omar Prunera Dols [mailto:oprunera () salleURL edu] Sent: Thursday, October 28, 2004 11:13 AM To: pen-test () securityfocus com Subject: RE: An idiot question Hi all, I totally agree with Todd with his definition of pen-testing (Pen-test is like controlled hacking...), but when he says that there's no "exactly how to do it manual", i would say that's not 100% correct. Have your ever heard about OSSTMM?. This is the Open Source Security Testing Methodology Manual, and is not a "how to do manual" but is a good guideline to perform correctly a security test. I recommend you to take a look at http://isecom.org and to the OSSTMM See you On Tue, 26 Oct 2004, Todd Towles wrote:
Run over to insecure.org and look at all the tools. Pen-test is like controlled hacking...there is no "exactly how to do it manual" and to tell you the truth, there really shouldn't be one. Read, read read....and then..do do do in a controlled world. Reading everything in sight can get you to the door with the information but only "doing" can step you into the other room.-----Original Message----- From: Profeta [mailto:profetago () bol com br] Sent: Tuesday, October 26, 2004 10:31 AM To: pen-test () securityfocus com Subject: An idiot question Is there some sites that given an arsenal of tools to realize pen tests ? I know that www.packetstormsecurity.nl is a good start, but, there is another site that is more expecific to download some tools ? Thanks the attention! Pr0ph3t -------------------------------------------------------------- ---------------- Internet Security Systems. - Keeping You Ahead of the Threat When business losses are measured in seconds, Internet threats must be stopped before they impact your network. To learn how Internet Security Systems keeps organizations ahead of the threat with preemptive intrusion prevention, download the new whitepaper, Defining the Rules of Preemptive Protection, and end your reliance on reactive security technology. http://www.securityfocus.com/sponsor/ISS_pen-test_041001 -------------------------------------------------------------- -----------------
---------------------------------------------------------------------------- --
Internet Security Systems. - Keeping You Ahead of the Threat When business losses are measured in seconds, Internet threats must be
stopped before they impact your network. To learn how Internet Security Systems keeps organizations ahead of the threat with preemptive intrusion prevention, download the new whitepaper, Defining the Rules of Preemptive Protection, and end your reliance on reactive security technology.
http://www.securityfocus.com/sponsor/ISS_pen-test_041001
---------------------------------------------------------------------------- ---
Sincerely, -omar. Omar Prunera i Dols Networking Dept. - Security Area Enginyeria i Arquitectura La Salle Homepage: http://omar.squarespace.com E-mail: oprunera () salleurl edu omar () isecom org omar () ideahamster org oprunera () gmail com
Attachment:
rzaluski@ivolution.ca (rzaluski@ivolution.ca).vcf
Description:
Current thread:
- RE: An idiot question Randy Golly (Nov 01)
- <Possible follow-ups>
- RE: An idiot question Richard Zaluski (Nov 01)
- RE: An idiot question Omar Prunera Dols (Nov 01)
- RE: An idiot question Richard Zaluski (Nov 03)
- Re: Re: An idiot question jwoloz (Nov 01)
- RE: An idiot question Matthew Wilson (Nov 02)
- Re: An idiot question Alvin Packard (Nov 03)
- RE: An idiot question Shaineel Singh (Nov 03)