Penetration Testing mailing list archives
How to start a Pen Test Consultancy ?
From: <vivek_ece_iitg () yahoo co in>
Date: 6 Jan 2005 07:48:50 -0000
Hi All ! I am thinking of starting my own Pen Test consultancy. Though i can (arguably ;-) ) say that i am quite adept at penetration testing and ethical hacking, i am not aware of a "standardised technique" to conduct an audit. I would appreciate if someone can give me some pointers on this. If i break up my earliar question into smaller ones...i'd like to know the following : 1. What tests to conduct ? what all to check ? servers, routers, switches, applications, social engineering ?? 2. Time Span ? The ideal time span a pen tester should take to conduct an audit ? 3. What if my audit leads to a dos on their website ? i.e what are the do's and dont's when conducting an audit on a live system ? best practises ? legal stuff ? 4. Pen test report ? what to include and what not ? 5. Money ;-) ? How to determine a monetory equivalent for the pen test conducted ? i.e how to bill the customer ?? etc 6. If you can think of anything essential i missed out ....please add ! I know i am almost asking you guys to write an "essay" but i am sure this will be of help to lots of other ppl who would one day like to start something of their own. Thanks in advance ! Vivek Bangalore, India (flames >> /dev/null)
Current thread:
- How to start a Pen Test Consultancy ? vivek_ece_iitg (Jan 06)
- RE: How to start a Pen Test Consultancy ? Chuck Fullerton (Jan 06)
- RE: How to start a Pen Test Consultancy ? Nathan Einwechter (Jan 06)
- Re: How to start a Pen Test Consultancy ? Anders Thulin (Jan 10)
- <Possible follow-ups>
- RE: How to start a Pen Test Consultancy ? Schisler Isaiah (Jan 06)
- RE: How to start a Pen Test Consultancy ? Tyler Markowsky (Jan 06)