From: espen@multigeeks.com
Date: Mon Oct 02 2006 - 15:34:33 EDT
Quoting "Jürgen R. Plasser" <plasser@hexagon.at>:
> Hi All,
>
> How do you document and log the pentest session itself?
>
> I want to document the pentest process in detail, not only for the
> customer, but for later reviews and to avoid legal difficulties.
>
> What are the best tools to accomplish that or do you even record the
> sessions on video with a camcorder? Or some kind of screen recorder?
>
> Thanks,
>
> Jürgen
>
>
Hi,
I'm not sure how it's *really* done, but one advice would be to just
keep a little "diary"/log of everything you've done, including;
- Your planning
- Tools used
- Methods used
- Problems faced, how you "solved" them
- Results
- (Also timestamps etc., how much time you spent to do that and that)
I also think that the report should be written (and presented?) in
such a way that "anyone" could understand it, not just people who are
familiar with security and techical stuff. (Though, not *too*
simplified.)
Just my two cents.
(Excuse my English)
Regards,
Espen
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:04 EDT