Re: Pen-Test requirements

["SD List" <list () security-database com>]

Hi,

You should take a look on Open Source Security Testing Methodology
(OSSTMM). It enumerates things to do or not to [ link;
http://www.osstmm.org or http://www.isecom.org ]

Also, guys from vulnerabilityassessment.co.uk has a very good checklist
(called Pre Site Inspection Checklist)
http://www.vulnerabilityassessment.co.uk/Presite%20Inspection.html

Hope this helps you out.

Security-Database.com Team



> I am chartered with having a connection pen-tested. I'm trying to
> determine the requirements for a statement of work for outsourcing.
>
> The objective of the pen-test is to validate technical controls that
> prevent unauthorized access to and from our network.
>
> Does anyone have a standard SOW for this type of testing?
>
>
> ------------------------------------------------------------------------
> This List Sponsored by: Cenzic
>
> Need to secure your web apps?
> Cenzic Hailstorm finds vulnerabilities fast.
> Click the link to buy it, try it or download Hailstorm for FREE.
>
> http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
> ------------------------------------------------------------------------



------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------