RE: Pen Testing Map

From: Cure, Samuel J (scure@kpmg.com)
Date: Thu Jul 06 2006 - 22:53:50 EDT


Thank you for putting this map together. This is something that could
definitely evolve as a continuous pentest model for reference by
security professionals.

S_cure

-----Original Message-----
From: Art Cooper [mailto:acooper@innerwall.com]
Sent: Thursday, July 06, 2006 7:26 PM
To: Toggmeister@vulnerabilityassessment.co.uk;
pen-test@securityfocus.com
Subject: Re: Pen Testing Map

This is a very helpful matrix. Thanks.

Best Regards,
Coop

From: <Toggmeister@vulnerabilityassessment.co.uk>
Date: 6 Jul 2006 19:08:58 -0000
To: <pen-test@securityfocus.com>
Subject: Pen Testing Map

Hi,

   I've been pen testing for a few months now and find that with all the
tools out there and which tool to use on what I lose track. We also
have new joiners to our organisation and to help with that I've STARTED
to put together a help guide to a basic pen test, including what
requirements are need for the test, tools to use on what, syntax, links
to their sites etc..
I'm basically after:

Constructive Feedback

Helpful tips and pointers:

   Tools and Syntax for other ports not listed

   (I've done about 25 services so far)

   Other Suggestions

Its available here:

http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html

Its very busy, but I'm trying to be as verbose as possible to provide as
much info as possible. Basically a one-stop shop for a newbie

I've used freemind (thanks for the pointer nebs)
http://freemind.sourceforge.net/wiki/index.php/Main_Page

to generate this and I'm hoping may prove useful and a good reminder
when I forget.

Hope this helps. TIA

Toggmeister

http://www.vulnerabilityassessment.co.uk

------------------------------------------------------------------------

----
--
This List Sponsored by: Cenzic
Concerned about Web Application Security?
Why not go with the #1 solution - Cenzic, the only one to win the
Analyst's Choice Award from eWeek. As attacks through web applications
continue to rise, you need to proactively protect your applications from
hackers. Cenzic has the most comprehensive solutions to meet your
application security penetration testing and vulnerability management
needs. You have an option to go with a managed service (Cenzic
ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download
FREE whitepaper on how a managed service can help you:
http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to confirm
your results from other product. Contact us at request@cenzic.com for
details.
------------------------------------------------------------------------
----
--
------------------------------------------------------------------------
------
This List Sponsored by: Cenzic
Concerned about Web Application Security? 
Why not go with the #1 solution - Cenzic, the only one to win the
Analyst's Choice Award from eWeek. As attacks through web applications
continue to rise, you need to proactively protect your applications from
hackers. Cenzic has the most comprehensive solutions to meet your
application security penetration testing and vulnerability management
needs. You have an option to go with a managed service (Cenzic
ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download
FREE whitepaper on how a managed service can help you:
http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to confirm
your results from other product. Contact us at request@cenzic.com for
details.
------------------------------------------------------------------------
------
*****************************************************************************
The information in this email is confidential and may be legally privileged.  It is intended solely for the addressee. Access to this email by anyone else is unauthorized. 
If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. When addressed to our clients any opinions or advice contained in this email are subject to the terms and conditions expressed in the governing KPMG client engagement letter.  
*****************************************************************************
------------------------------------------------------------------------------
This List Sponsored by: Cenzic
Concerned about Web Application Security? 
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's 
Choice Award from eWeek. As attacks through web applications continue to rise, 
you need to proactively protect your applications from hackers. Cenzic has the 
most comprehensive solutions to meet your application security penetration 
testing and vulnerability management needs. You have an option to go with a 
managed service (Cenzic ClickToSecure) or an enterprise software 
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can 
help you: http://www.cenzic.com/news_events/wpappsec.php 
And, now for a limited time we can do a FREE audit for you to confirm your 
results from other product. Contact us at request@cenzic.com for details.
------------------------------------------------------------------------------


This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:56:13 EDT