How to start a Pen Test Consultancy ?
('binary' encoding is not supported, stored as-is)
Hi All !
I am thinking of starting my own Pen Test consultancy.
Though i can (arguably ;-) ) say that i am quite adept
at penetration testing and ethical hacking, i am not
aware of a "standardised technique" to conduct an audit.
I would appreciate if someone can give me some pointers
on this. If i break up my earliar question into smaller
ones...i'd like to know the following :
1. What tests to conduct ?
what all to check ? servers, routers, switches, applications, social engineering ??
2. Time Span ?
The ideal time span a pen tester should take to
conduct an audit ?
3. What if my audit leads to a dos on their website ?
i.e what are the do's and dont's when conducting
an audit on a live system ? best practises ?
legal stuff ?
4. Pen test report ?
what to include and what not ?
5. Money ;-) ?
How to determine a monetory equivalent for the
pen test conducted ? i.e how to bill the
customer ?? etc
6. If you can think of anything essential i missed
out ....please add !
I know i am almost asking you guys to write an "essay"
but i am sure this will be of help to lots of other
ppl who would one day like to start something of their
own.
Thanks in advance !
Vivek
Bangalore, India
(flames >> /dev/null)
This archive was generated by hypermail 2.1.7
: Sat Apr 12 2008 - 10:54:12 EDT