Penetration Testing Methodologies

From: Adriel T. Desautels (atd@secnetops.com)
Date: Tue Dec 14 2004 - 11:19:45 EST


 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Greetings List,
        I am interested in collecting ideas as to what people feel an ideal
penetration test is. What does the ideal methodology look like and
what are the goals? I am asking you this because I have been running
into interesting issues in certain markets. It would appear that some
people view penetration tests as nothing more then basic network
vulnerability audits while others view a penetration test for what it
is, a test designed to compromise target systems as PoC of
vulnerability.

        How do people feel about the use of automated tools and the weights
of their results? What about manual or custom testing? We have our
own methodology that we use for testing our client networks, but I am
always interested in learning what else might be done. I'd be happy
to engage anyone in a conversation about this subject.

Regards,
    Adriel T. Desautels
    Secure Network Operations, Inc.
    -----------------------------------------
    Office: 978-263-3829 Cell: 978-697-2946
    http://www.secnetops.com

CAUTION: The information contained in this mail message is
confidential and may be legally privileged. No confidentiality or
privilege is waived or lost by any mistransmission. If the reader of
this message is not the intended recipient, you are hereby notified
that any use, dissemination, or reproduction of this message is
prohibited. If you have received this message in error please notify
the sender immediately by email and destroy the original message.
Thank you

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1
Comment: http://www.secnetops.com

iQA/AwUBQb8SQ7R5YB3MHZrzEQIs4QCgh/nnbznNp7MgI8lBTWQfCr+xlTkAn1yk
ZZu2wdM22W3VbqMr2HF2obEx
=DQTm
-----END PGP SIGNATURE-----



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:10 EDT