RE: An idiot question

From: Omar Prunera Dols (oprunera@salleURL.edu)
Date: Thu Oct 28 2004 - 11:13:08 EDT

• Next message: Peadro, Jeff (AIS): "RE: TS/3389 risk on Internet"
• Previous message: Keith T. Morgan: "RE: TS/3389 risk on Internet"
• In reply to: Todd Towles: "RE: An idiot question"
• Next in thread: Richard Zaluski: "RE: An idiot question"
• Reply: Richard Zaluski: "RE: An idiot question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi all,

I totally agree with Todd with his definition of pen-testing (Pen-test is
like controlled hacking...), but when he says that there's no "exactly how
to do it manual", i would say that's not 100% correct. Have your ever
heard about OSSTMM?. This is the Open Source Security Testing Methodology
Manual, and is not a "how to do manual" but is a good guideline to perform
correctly a security test.

I recommend you to take a look at http://isecom.org and to the OSSTMM

See you

On Tue, 26 Oct 2004, Todd Towles wrote:

> Run over to insecure.org and look at all the tools. Pen-test is like
> controlled hacking...there is no "exactly how to do it manual" and to
> tell you the truth, there really shouldn't be one.
>
> Read, read read....and then..do do do in a controlled world. Reading
> everything in sight can get you to the door with the information but
> only "doing" can step you into the other room.
>
> > -----Original Message-----
> > From: Profeta [mailto:profetago@bol.com.br]
> > Sent: Tuesday, October 26, 2004 10:31 AM
> > To: pen-test@securityfocus.com
> > Subject: An idiot question
> >
> > Is there some sites that given an arsenal of tools to realize
> > pen tests ? I know that www.packetstormsecurity.nl is a good
> > start, but, there is another site that is more expecific to
> > download some tools ? Thanks the attention!
> >
> > Pr0ph3t
> >
> > --------------------------------------------------------------
> > ----------------
> > Internet Security Systems. - Keeping You Ahead of the Threat
> >
> > When business losses are measured in seconds, Internet
> > threats must be stopped before they impact your network. To
> > learn how Internet Security Systems keeps organizations ahead
> > of the threat with preemptive intrusion prevention, download
> > the new whitepaper, Defining the Rules of Preemptive
> > Protection, and end your reliance on reactive security technology.
> >
> > http://www.securityfocus.com/sponsor/ISS_pen-test_041001
> > --------------------------------------------------------------
> > -----------------
> >
> >
>
> ------------------------------------------------------------------------------
> Internet Security Systems. - Keeping You Ahead of the Threat
>
> When business losses are measured in seconds, Internet threats must be stopped before they impact your network. To learn how Internet Security Systems keeps organizations ahead of the threat with preemptive intrusion prevention, download the new whitepaper, Defining the Rules of Preemptive Protection, and end your reliance on reactive security technology.
>
> http://www.securityfocus.com/sponsor/ISS_pen-test_041001
> -------------------------------------------------------------------------------
>
>

Sincerely,
-omar.

Omar Prunera i Dols

Networking Dept. - Security Area
Enginyeria i Arquitectura La Salle

Homepage: http://omar.squarespace.com
E-mail: oprunera@salleurl.edu
        omar@isecom.org
        omar@ideahamster.org
        oprunera@gmail.com

• Next message: Peadro, Jeff (AIS): "RE: TS/3389 risk on Internet"
• Previous message: Keith T. Morgan: "RE: TS/3389 risk on Internet"
• In reply to: Todd Towles: "RE: An idiot question"
• Next in thread: Richard Zaluski: "RE: An idiot question"
• Reply: Richard Zaluski: "RE: An idiot question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:08 EDT