From: Stephane Auger (sauger@pre2post.com)
Date: Fri Jul 15 2005 - 14:22:24 EDT
Let's say that it's not zero knowledge, but close. Only the information
to get to the entry points, and that's it. I want to figure out as much
as possible by myself.
As for the methodology, I guess the links and documents everyone has
sent me so far should be much help for that.
-----Original Message-----
From: Kyle Maxwell [mailto:krmaxwell@gmail.com]
Sent: July 15, 2005 1:54 PM
To: Stephane Auger
Cc: pen-test@securityfocus.com
Subject: Re: Pen Test Basic Needs
On 7/14/05, Stephane Auger <sauger@pre2post.com> wrote:
> 1) If you had to do a pen-test, what type of information would you
need to begin with? External IP? Web site name? Anything else I'm
forgetting?
Depends on what the client wants -- is this 'zero knowledge'? What's
fair game? This is part of the scope determination.
> 2) What tools would you use for the pen-test? Nessus, Snort,
Cain&Abel. Anything else that would be useful?
Not really sure what use Snort would be. That said, you should first
have a basic methodology for the test (footprint, enumeration, etc.),
and *that* will drive your tools. Putting the tools ahead of the
process is asking for trouble.
-- Kyle Maxwell http://caffeinatedsecurity.com [krmaxwell@gmail.com]
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:33 EDT