Penetration Testing mailing list archives
Pentest Criteria
From: "Kurt M. John" <kurt.md.john () gmail com>
Date: Wed, 01 Sep 2010 15:42:08 -0400
Hey guys, Another question for you. Usually when we do pentests for our clients we report our findings and recommendations. We've never had to report the criteria our findings/vulnerabilities are based on as well. By criteria I mean industry standards or best practices, e.g., NIST 800_53, CoBIT, etc. What if a client wants criteria reported as well. I'm not sure if there is one I can use without running the risk of it being too far removed. Is there a frame work or best practice which lends itself to pentests? Or do I have to try to layer NIST on top of it Thoughts? Thanks guys. Kurt M. John, CISA, C¦EH, CPT Sent from my HTC on the Now Network from Sprint! ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Pentest Criteria Kurt M. John (Sep 03)
- Re: Pentest Criteria TAS (Sep 05)
- Re: Pentest Criteria Pete Herzog (Sep 07)
- Re: Pentest Criteria Wim Remes (Sep 08)
- Re: Pentest Criteria Pete Herzog (Sep 08)
- Message not available
- Re: Pentest Criteria Pete Herzog (Sep 08)
- Re: Pentest Criteria Wim Remes (Sep 08)
- Re: Pentest Criteria Pete Herzog (Sep 08)
- Message not available
- Re: Pentest Criteria Kurt M. John (Sep 09)
- RE: Pentest Criteria Cor Rosielle (Sep 09)
- Message not available
- Re: Pentest Criteria Pete Herzog (Sep 09)
- Re: Pentest Criteria Pete Herzog (Sep 07)
- Re: Pentest Criteria TAS (Sep 05)