Re: RE: OSSTMM how good is it?

From: mythoughts@aboutosstmm.com
Date: Tue May 16 2006 - 20:38:39 EDT


('binary' encoding is not supported, stored as-is) I find this thread interesting because I have never seen an OSSTMM that has actually been finished, yet I have never seen any negative comments relating to it.

I think that it is a fantastic high level guide, but to actually use the methodology takes a huge amount of effort to figure out how to technically perform each of the steps.

I understand that it is supposed to be "upto the creativity of the pen tester" to figure out how to attack a target, but this doesn't provide a consistent result between pen testers, which is what the whole methodology is supposed to do - provide a consistent and comparable result for a client.

I haven't had a thorough look at ISSAF yet, but was impressed with the detail that it provides.

I am interested to hear what others think in relation to these comments.

Anon

------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security?
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's
Choice Award from eWeek. As attacks through web applications continue to rise,
you need to proactively protect your applications from hackers. Cenzic has the
most comprehensive solutions to meet your application security penetration
testing and vulnerability management needs. You have an option to go with a
managed service (Cenzic ClickToSecure) or an enterprise software
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can
help you: http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to confirm your
results from other product. Contact us at request@cenzic.com for details.
------------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:58 EDT