From: Jonathan Rickman (jonathan@xcorps.net)
Date: Sun Aug 24 2003 - 15:14:10 EDT
On Saturday 23 August 2003 15:57, Gerald Cody Bunch wrote:
> This may or may not be 100% on topic, but I believe that it would fit in
> good. From what I have read pen-tests are supposedly well documented
> from the start (or should be) and some form of report generated at the
> end. My question is, what templates/procedures do the members of this
> list use? Are there any standards for documentation, and/or publicly
> available templates/procedures?
I follow the OSSTM Manual. Not quite to the letter, but pretty close. As for
pre and post test documentation, I have my own document templates for
several different lines of business.
http://www.isecom.org/projects/osstmm.htm
-- Jonathan Rickman X Corps Security http://www.xcorps.net --------------------------------------------------------------------------- Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the world<92>s premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symantec is the Diamond sponsor. Early-bird registration ends September 6 Visit: www.blackhat.com ----------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:38 EDT