Possibly a different methodology for network testing

From: Steve Armstrong (stevearmstrong@logicallysecure.com)
Date: Fri Jul 21 2006 - 19:55:19 EDT

• Next message: Omar A. Herrera: "RE: Possibly a different methodology for network testing"
• Previous message: Erin Carroll: "Moderator duties satisfaction survey"
• Next in thread: Omar A. Herrera: "RE: Possibly a different methodology for network testing"
• Reply: Omar A. Herrera: "RE: Possibly a different methodology for network testing"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Thanks to everyone who pointed out the various Methodologies as I looked
for crossover from what I believe may be a different/alternate method of
undertaking testing.
 
I have thrown together some bits on how I believe a Vulnerability test
should be undertaken, ensuring that the risks are assessed based upon
the network configuration, data movement profile and basic design of why
the network exists at all.
 
I still believe it is different to the OSSTMM, OWASP and NSA based
methodologies, and if I get a confirmation from these lists that my
thinking is correct, I will develop this further, with diagrams, flow
charts and templates.
 
http://www.logicallysecure.com/forum/viewtopic.php?t=192
 
I have derived this not because I believe these methodologies are
lacking, but that I believe they fulfil different needs.
 
Anyway , please let me know your thoughts, public or otherwise.
 
Yes I understand there is not much meat on it, but I am still confirming
if my thoughts are different from other methodologies.
 
Steve A
 
(nebs)
 
Thank you for all your time and help.
 
The links are to my forum with both a Mind map and a word document. The
mind map software is open source and can be obtained from here:
http://freemind.sourceforge.net/wiki/index.php/Main_Page
 
 
 

------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security?
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's
Choice Award from eWeek. As attacks through web applications continue to rise,
you need to proactively protect your applications from hackers. Cenzic has the
most comprehensive solutions to meet your application security penetration
testing and vulnerability management needs. You have an option to go with a
managed service (Cenzic ClickToSecure) or an enterprise software
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can
help you: http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to confirm your
results from other product. Contact us at request@cenzic.com for details.
------------------------------------------------------------------------------

• Next message: Omar A. Herrera: "RE: Possibly a different methodology for network testing"
• Previous message: Erin Carroll: "Moderator duties satisfaction survey"
• Next in thread: Omar A. Herrera: "RE: Possibly a different methodology for network testing"
• Reply: Omar A. Herrera: "RE: Possibly a different methodology for network testing"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:56:22 EDT