From: Rosado, Rafael (Rafael) (rarosado@lucent.com)
Date: Thu Mar 04 2004 - 15:52:55 EST
Thomas,
You could also consider:
* SECURITY PENETRATION TESTING GUIDELINE: A Chapter of the Handbook for the
Computer Security Certification of Trusted Systems (US Navy)
Rafael Rosado, CISSP, CISA
IT Security Manager
Lucent Technologies
IT Infrastructure - Network Design
2400 SW 145th Avenue
Miramar, Florida 33027
Office: 954-885-2176
Facsimile: 954-885-3861
Email: rarosado@lucent.com
This electronic mail message contains information belonging to Lucent
Technologies, which may be confidential and/or legal privileged. The
information is intended only for the use of the individual or entity named
above. If you are not the intended recipient, you are hereby notified that
any disclosure, printing, copying, distribution, or the taking of any action
in reliance on the contents of this electronically mailed information is
strictly prohibited. If you receive this message in error, please
immediately notify us by electronic mail and delete this message.
-----Original Message-----
From: Thomas Kerbl [mailto:thomas.kerbl@fh-hagenberg.at]
Sent: Thursday, March 04, 2004 1:09 PM
To: pen-test@securityfocus.com
Subject: Standards for penetration testing
Hello list,
I'm currently doing some research for my thesis on penetration testing
methods. Therefor I'm looking for widely used standards in this area.
Here a collection of what I've already found:
* OSSTMM - Open Source Security Testing Methodology Manual
* Durchfuehrungskonzept fuer Penetrationstests (BSI - Germany)
* NIST Guideline on Network Security Testing (special publ. 800-42)
I tried (additional to google search) to find further standards in RFC
repositories, the IEEE publication database, CERT, the ITIL website and of
course the securityfocus archive. I couldn't find much usefull information
on the penetration-test topic. Of course there are many great security
ressources, but not exactly the information I was looking for.
Can anyone point me to other standards for penetration testing? If there are
any other "must-read" papers (like ISO17799 for example) out there, they are
also welcome. I can make use of english and german documents.
tia,
Thomas Kerbl
-- ~ FH-Hagenberg: Computer & Media Security ~ http://cms.fh-hagenberg.at ~ my GPG key ID: 0x924042D1 --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:49 EDT