Penetration Testing mailing list archives
Re: OSSTMM how good is it?
From: rik kershaw-moore <rkm () tsiolkovsky co uk>
Date: Wed, 17 May 2006 06:45:25 +0100
On Tuesday 16 May 2006 13:01, Steve Armstrong wrote:
However, you state you are undertaking IS1&3 but not 2 why is that. And given the nature of IS1&3 why are you using CRAMM?
Beaucse IS2 is th building of Accreditation Document sets - which fall outside the remit, as does IS4 and IS5.
Finally, are you looking to use the OSSTMM as in internal testing standard or one to level contracts against? I ask because your questioning alludes to a non technical level of expertise but you are discussing a methodology to undertake technical testing.
We are looking for an internal testing methodology. We already have an very technical internal testing system in place, but it is home grown and our accreditors wish for something more recognised. This accounts for why we have to use CRAMM as well as IS1. Now IS1 is a good back of a fag packet stuff, useful in management meetings and the like but our accreditors don't trust it for some reason. Rik -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------------------------------------------------------------ This List Sponsored by: Cenzic Concerned about Web Application Security? Why not go with the #1 solution - Cenzic, the only one to win the Analyst's Choice Award from eWeek. As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com for details. ------------------------------------------------------------------------------
Current thread:
- RE: OSSTMM how good is it? Steve Armstrong (May 16)
- Re: OSSTMM how good is it? rik kershaw-moore (May 17)
- <Possible follow-ups>
- Re: OSSTMM how good is it? baumgartner (May 16)
- Re: RE: OSSTMM how good is it? mythoughts (May 17)
- Re: RE: OSSTMM how good is it? offset (May 18)
- Re: RE: OSSTMM how good is it? T . Dudek (May 31)
- Re: RE: OSSTMM how good is it? offset (May 18)
- Re: RE: OSSTMM how good is it? stevearmstrong (May 18)