Penetration Testing mailing list archives
Possibly a different methodology for network testing
From: "Steve Armstrong" <stevearmstrong () logicallysecure com>
Date: Sat, 22 Jul 2006 00:55:19 +0100
Thanks to everyone who pointed out the various Methodologies as I looked for crossover from what I believe may be a different/alternate method of undertaking testing. I have thrown together some bits on how I believe a Vulnerability test should be undertaken, ensuring that the risks are assessed based upon the network configuration, data movement profile and basic design of why the network exists at all. I still believe it is different to the OSSTMM, OWASP and NSA based methodologies, and if I get a confirmation from these lists that my thinking is correct, I will develop this further, with diagrams, flow charts and templates. http://www.logicallysecure.com/forum/viewtopic.php?t=192 I have derived this not because I believe these methodologies are lacking, but that I believe they fulfil different needs. Anyway , please let me know your thoughts, public or otherwise. Yes I understand there is not much meat on it, but I am still confirming if my thoughts are different from other methodologies. Steve A (nebs) Thank you for all your time and help. The links are to my forum with both a Mind map and a word document. The mind map software is open source and can be obtained from here: http://freemind.sourceforge.net/wiki/index.php/Main_Page ------------------------------------------------------------------------------ This List Sponsored by: Cenzic Concerned about Web Application Security? Why not go with the #1 solution - Cenzic, the only one to win the Analyst's Choice Award from eWeek. As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com for details. ------------------------------------------------------------------------------
Current thread:
- Possibly a different methodology for network testing Steve Armstrong (Jul 21)
- RE: Possibly a different methodology for network testing Omar A. Herrera (Jul 22)