RE: Penetration Testing Reports

From: Debasis Mohanty (mail@hackingspirits.com)
Date: Sun Apr 02 2006 - 14:20:07 EDT

• Next message: Curt Purdy: "RE: [lists] Re: About AsyncOS from IronPort"
• Previous message: Al: "Save hundreds on drugs, NO prescription required"
• In reply to: rkraus@telcomtex.net: "Penetration Testing Reports"
• Next in thread: sherwyn williams: "Penetration Testing Password via Wireless Access"
• Reply: sherwyn williams: "Penetration Testing Password via Wireless Access"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Nearly 1.5 yrs back, I wrote a paper on PenTesting. You can find a brief
overview of a pentest report structure in the presentation. Look for
"Demystifying Penetration Testing" @
http://www.hackingspirits.com/eth-hac/papers/whitepapers.asp.

Soon I'll make my personal pentest report public. Keep an eye...

Regards,
Debasis

-----Original Message-----
From: rkraus@telcomtex.net [mailto:rkraus@telcomtex.net]
Sent: Thursday, March 30, 2006 9:24 AM
To: pen-test@securityfocus.com
Subject: Penetration Testing Reports

Hey all,

I am looking to put together some reports for client that give a outline of
what vulnerabilities were found on his network. I know I could just print
out the Nessus and LanGuards scans and present that, but I think that alone
is kind of cheesy.

Is there anyplace that I can get a example of a vulnerability assessment
report, for external and internal audits? I dont want to re-create the
wheel, I am sure someone already has on put together.

Any help would be greatfull, I have docs put together for my HIPAA audits,
but none for Pen Tests.

Thanks for any help!!!

Even an example of a good one would be great, i can recreat it and format it
to my companys style guide to make it our own :-)

------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security?
As attacks through web applications continue to rise, you need to proactively
protect your applications from hackers. Cenzic has the most comprehensive
solutions to meet your application security penetration testing and
vulnerability management needs. You have an option to go with a managed
service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm).
Download FREE whitepaper on how a managed service can help you:
http://www.cenzic.com/forms/ec.php?pubid=10025
And, now for a limited time we can do a FREE audit for you to confirm your
results from other product. Contact us at request@cenzic.com
------------------------------------------------------------------------------

• Next message: Curt Purdy: "RE: [lists] Re: About AsyncOS from IronPort"
• Previous message: Al: "Save hundreds on drugs, NO prescription required"
• In reply to: rkraus@telcomtex.net: "Penetration Testing Reports"
• Next in thread: sherwyn williams: "Penetration Testing Password via Wireless Access"
• Reply: sherwyn williams: "Penetration Testing Password via Wireless Access"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:47 EDT