From: Carlos Eduardo Pinheiro (cabeca@gmx.net)
Date: Sun Nov 30 2003 - 13:14:31 EST
Hi guy,
You can find useful information at http://www.isecom.org/, they developed
some guidelines covering how to proceed a security audit ( including the
reporting part ) I hope it helps.
You can also take a look at an example report from core security (
http://www.core-sec.com/examples/core_example_1.pdf )
Regards,
Carlos Eduardo Pinheiro - cabeca@gmx.net
ICQ: 134439332
----- Original Message -----
From: "TJ O'Grady" <tjogrady@flyingwithouta.net>
To: <pen-test@securityfocus.com>
Sent: Sunday, November 30, 2003 11:08 AM
Subject: Reporting aspect of pen-testing
> Hi folks,
>
> I am putting together a pen testing proposal as part of my final
> Master's project. If it's good enough, it will lead to a full pen test
> of a real network. This list has been very helpful with the technology
> background, but the part I am stuck on right now is the reporting
> piece. When a pen-test is complete, what do you include in the report?
> How do you structure the information for business contacts, I imagine
> raw data is often not helpful in many cases. Any hints or tips would
> be greatly appreciated.
>
> Thank you,
> TJ
>
>
> --------------------------------------------------------------------------
-
> --------------------------------------------------------------------------
-- > --------------------------------------------------------------------------- ----------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:43 EDT