From: Chuck Fullerton (chuckf69@ceinetworks.com)
Date: Thu Jan 06 2005 - 11:10:05 EST
www.isecom.org
Check out the OSSTMM.
Chuck F.
-----Original Message-----
From: vivek_ece_iitg@yahoo.co.in [mailto:vivek_ece_iitg@yahoo.co.in]
Sent: Thursday, January 06, 2005 2:49 AM
To: pen-test@securityfocus.com
Subject: How to start a Pen Test Consultancy ?
Hi All !
I am thinking of starting my own Pen Test consultancy.
Though i can (arguably ;-) ) say that i am quite adept
at penetration testing and ethical hacking, i am not
aware of a "standardised technique" to conduct an audit.
I would appreciate if someone can give me some pointers
on this. If i break up my earliar question into smaller
ones...i'd like to know the following :
1. What tests to conduct ?
what all to check ? servers, routers, switches, applications, social
engineering ??
2. Time Span ?
The ideal time span a pen tester should take to
conduct an audit ?
3. What if my audit leads to a dos on their website ?
i.e what are the do's and dont's when conducting
an audit on a live system ? best practises ?
legal stuff ?
4. Pen test report ?
what to include and what not ?
5. Money ;-) ?
How to determine a monetory equivalent for the
pen test conducted ? i.e how to bill the
customer ?? etc
6. If you can think of anything essential i missed
out ....please add !
I know i am almost asking you guys to write an "essay"
but i am sure this will be of help to lots of other
ppl who would one day like to start something of their
own.
Thanks in advance !
Vivek
Bangalore, India
(flames >> /dev/null)
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:12 EDT