Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: pentest documentation

From: espen () multigeeks com
Date: Mon, 2 Oct 2006 21:34:33 +0200
Quoting "Jürgen R. Plasser" <plasser () hexagon at>:


Hi All,

How do you document and log the pentest session itself?

I want to document the pentest process in detail, not only for the
customer, but for later reviews and to avoid legal difficulties.

What are the best tools to accomplish that or do you even record the
sessions on video with a camcorder? Or some kind of screen recorder?

Thanks,

Jürgen




Hi,
I'm not sure how it's *really* done, but one advice would be to just keep a little "diary"/log of everything you've done, including; 

- Your planning
- Tools used
- Methods used
- Problems faced, how you "solved" them
- Results
- (Also timestamps etc., how much time you spent to do that and that)
I also think that the report should be written (and presented?) in such a way that "anyone" could understand it, not just people who are familiar with security and techical stuff. (Though, not *too* simplified.) 


Just my two cents.


(Excuse my English)


Regards,
Espen



------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: