Re: Pentest Letter of Achievement/Certificate

From: blowfish 448 (blowfish448@hotmail.com)
Date: Wed Jul 13 2005 - 04:33:10 EDT


Hi John,

I checked and in the current available OSSTMM 2.1 version there is a certain
'data sheet'
mentioned in the accreditation section. It says however in the document that
such data
sheet is only available in vs. 2.5 Which I could not trace back. After 2.1
the next one set
for release is 3.0. Do you know of such 2.5 version maybe?

Thanks

>From: John Kinsella <jlk@thrashyour.com>
>Reply-To: John Kinsella <jlk@thrashyour.com>
>To: blowfish 448 <blowfish448@hotmail.com>
>CC: pen-test@securityfocus.com
>Subject: Re: Pentest Letter of Achievement/Certificate
>Date: Tue, 12 Jul 2005 19:29:43 -0700
>
>I think http://www.isecom.org/osstmm/ might cover what you're looking
>for...
>
>John
>
>On Tue, Jul 12, 2005 at 10:52:42PM +0200, blowfish 448 wrote:
> > Hi,
> >
> > any of you know if any 'standards' or accepted guidelines exist for a
> > letter or certification
> > of succesfull resistance to Penetration Testing/Vulnerability
>Assessment.
> > Customers often
> > demand to have a proof delivered by their Penetration Test service
>provider
> > to show to their
> > partners and customers.
> >
> > The idea of course is not to disclose sensitive information but to
>briefly
> > describe
> > the environment tested and how - according to which methodologies and
>the
> > attack vectors
> > tested for.
> >
> >
> > Thanks in advance
> >
> >



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:32 EDT