|
Penetration Testing
mailing list archives
Re: [PEN-TEST] Sample penetration report
From: "Teicher, Mark" <mark.teicher () NETWORKICE COM>
Date: Tue, 22 Aug 2000 17:23:53 -0700
Here is an outline that has been used by several different organizations
over the years and in some cases still being used by some of the larger
type security consulting practices:
Executive Summary
Findings
Recommendations
Introduction
Purpose and Scope
Network Map .
Remote Dial-in Map
Findings and Recommendations
Organizational and Procedural Issues
Network Security Responsibility
Internal Restrictions
Network-Wide Vulnerabilities
Firewall
Intrusion Detection and Security Monitoring
Host Vulnerabilities
Dial-in Vulnerabilities
Password Issues
Network Vulnerabilities
Recommendations
Industry Best Practices
Network Considerations
Network Addressing
Firewalls
Automated Systems
Intrusion Detection and Security Monitoring
Vulnerability Scanning
Host Considerations
System Banners
Dial-in Access
Remote Management of Network Infrastructure Devices
Centralized Security Authority
Informational Services
User Authentication .
Passwords
Password Administration
Password Structure and Policy
Appendix
Assessment Process Overview
Background
Security as an Operational Process
Security Posture Defined
Assessment Process
Network Discovery
Target System and Vulnerability Identification
Data Analysis and Security Design Review
At 03:46 PM 8/21/00 -0400, Christopher M. Bergeron wrote:
Can anyone point me to a sample penetration test / vulnerability analysis
report somewhere? What types of things does one usually put in such a
report?
 By Date 
By Thread
Current thread:
|
Intro
