Penetration Testing mailing list archives
RE: How to start a Pen Test Consultancy ?
From: "Chuck Fullerton" <chuckf69 () ceinetworks com>
Date: Thu, 6 Jan 2005 11:10:05 -0500
www.isecom.org Check out the OSSTMM. Chuck F. -----Original Message----- From: vivek_ece_iitg () yahoo co in [mailto:vivek_ece_iitg () yahoo co in] Sent: Thursday, January 06, 2005 2:49 AM To: pen-test () securityfocus com Subject: How to start a Pen Test Consultancy ? Hi All ! I am thinking of starting my own Pen Test consultancy. Though i can (arguably ;-) ) say that i am quite adept at penetration testing and ethical hacking, i am not aware of a "standardised technique" to conduct an audit. I would appreciate if someone can give me some pointers on this. If i break up my earliar question into smaller ones...i'd like to know the following : 1. What tests to conduct ? what all to check ? servers, routers, switches, applications, social engineering ?? 2. Time Span ? The ideal time span a pen tester should take to conduct an audit ? 3. What if my audit leads to a dos on their website ? i.e what are the do's and dont's when conducting an audit on a live system ? best practises ? legal stuff ? 4. Pen test report ? what to include and what not ? 5. Money ;-) ? How to determine a monetory equivalent for the pen test conducted ? i.e how to bill the customer ?? etc 6. If you can think of anything essential i missed out ....please add ! I know i am almost asking you guys to write an "essay" but i am sure this will be of help to lots of other ppl who would one day like to start something of their own. Thanks in advance ! Vivek Bangalore, India (flames >> /dev/null)
Current thread:
- How to start a Pen Test Consultancy ? vivek_ece_iitg (Jan 06)
- RE: How to start a Pen Test Consultancy ? Chuck Fullerton (Jan 06)
- RE: How to start a Pen Test Consultancy ? Nathan Einwechter (Jan 06)
- Re: How to start a Pen Test Consultancy ? Anders Thulin (Jan 10)
- <Possible follow-ups>
- RE: How to start a Pen Test Consultancy ? Schisler Isaiah (Jan 06)
- RE: How to start a Pen Test Consultancy ? Tyler Markowsky (Jan 06)