Re: Pen Test Basic Needs

["Saint Anthony" <saintpatrick () xasamail com>]

One of the first things to do when undertaking any major project like this, define the scope.  Everything else will 
become more definite after you clearly plot out what it is you hope to test.

This includes the selection of utilities and so on.

- Anthony Towry
  Student 


sauger () pre2post com wrote: 
> Hi list,
>
> I recently sent this email on the security-basics list, and
> afterwards discovered this list.  I thought I'd repost it, since
> this is probably the best place for it.
>
> A quick couple of questions out of curiosity...
>
> 1) If you had to do a pen-test, what type of information would
> you need to begin with?  External IP?  Web site name? 
> Anything else I'm forgetting?
> 2) What tools would you use for the pen-test?  Nessus, Snort,
> Cain&Abel.  Anything else that would be useful?
> 3) Any good docs on where to start?  I can find my way around
> once I'm in, but it's the first step that's the problem.
> 4) Any templates on good contracts to cover myself?
>
> This pen-test will probably be for a network, but also for a web
> site that's hosted elsewhere.  Both the network's and the hosing
> site's owners are aware and ready to sign off on it, so I'm
> pretty much aware of the legal ramifications, which is why I'd
> love to see some contract templates.  I'll be backed up by
> others, but would still like the info on how to start so I can
> prepare.
>
> Thanks everyone!
>
> Stephane


    http://www.xasamail.com/