Penetration Testing mailing list archives
Re: Pentest Letter of Achievement/Certificate
From: "R. DuFresne" <dufresne () sysinfo com>
Date: Wed, 13 Jul 2005 17:26:20 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1Isn;t the final report pentesters report what is being asked for here?(0) Or are companies really hung up on and seeking gold stars to post in public areas and at the bottom of stationary? Kinda like the certifications that M$ got for NT back in the late 90's I guess, meaningless in any env other then the single system they had tested....
Thanks, Ron DuFresne(0) in most cases that pentesters report is likely to be backed with the corp documentation showing how they mitigated the issues found during the pentest. Afterall, few companeis should ever comeout of a thourough penttest unscathed. So they document how they corrected what was discerovered, and perhaps have another outside party verify the 'corrections'. but gold starts and report cards, or neat little certificates in frames? <shakes his head>
On Tue, 12 Jul 2005, John Kinsella wrote:
I think http://www.isecom.org/osstmm/ might cover what you're looking for... John On Tue, Jul 12, 2005 at 10:52:42PM +0200, blowfish 448 wrote:Hi, any of you know if any 'standards' or accepted guidelines exist for a letter or certification of succesfull resistance to Penetration Testing/Vulnerability Assessment. Customers often demand to have a proof delivered by their Penetration Test service provider to show to their partners and customers. The idea of course is not to disclose sensitive information but to briefly describe the environment tested and how - according to which methodologies and the attack vectors tested for. Thanks in advance
- -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
admin & senior security consultant: sysinfo.com
http://sysinfo.com
Key fingerprint = 9401 4B13 B918 164C 647A E838 B2DF AFCC 94B0 6629
...We waste time looking for the perfect lover
instead of creating the perfect love.
-Tom Robbins <Still Life With Woodpecker>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFC1Yb/st+vzJSwZikRAilGAKDCOxyj3Fox77OhX21BgmkC7I1r3QCgxPYB
6R+l1D8nti84/RaOEfoUE5c=
=aHj2
-----END PGP SIGNATURE-----
Current thread:
- Re: Pentest Letter of Achievement/Certificate, (continued)
- Re: Pentest Letter of Achievement/Certificate John Kinsella (Jul 12)
- Re: Pentest Letter of Achievement/Certificate blowfish 448 (Jul 13)
- Re: Pentest Letter of Achievement/Certificate John Kinsella (Jul 13)
- Re: Pentest Letter of Achievement/Certificate blowfish 448 (Jul 14)
- Message not available
- GPRS Security dinckan (Jul 14)
- RE: GPRS Security Tonie (Jul 15)
- Re: GPRS Security Ty Bodell (Jul 15)
- Re: GPRS Security Johan Mellberg (Jul 16)
- RE: GPRS Security Sahir Hidayatullah (Jul 19)
- source code audit manoj kumar (Jul 19)
- Re: Pentest Letter of Achievement/Certificate blowfish 448 (Jul 13)
- Re: Pentest Letter of Achievement/Certificate John Kinsella (Jul 12)
- Re: Pentest Letter of Achievement/Certificate John Kinsella (Jul 14)
- Re: Pentest Letter of Achievement/Certificate blowfish 448 (Jul 13)
- Re: Pentest Letter of Achievement/Certificate Tom Van de Wiele (Jul 13)
- Re: Pentest Letter of Achievement/Certificate Travis Good (Jul 13)
- Re: Pentest Letter of Achievement/Certificate John Kinsella (Jul 14)
- RE: Pentest Letter of Achievement/Certificate Paul Fields (Jul 14)
- Re: Pentest Letter of Achievement/Certificate Mike Klingler (Jul 15)
- RE: Pentest Letter of Achievement/Certificate Lyal Collins (Jul 15)