Home page logo

pen-test logo Penetration Testing mailing list archives

Re: Reporting aspect of pen-testing
From: "Carlos Eduardo Pinheiro" <cabeca () gmx net>
Date: Sun, 30 Nov 2003 16:14:31 -0200

Hi guy,

You can find useful information at http://www.isecom.org/, they developed
some guidelines covering how to proceed a security audit ( including the
reporting part ) I hope it helps.
You can also take a look at an example report from core security (
http://www.core-sec.com/examples/core_example_1.pdf )


Carlos Eduardo Pinheiro - cabeca () gmx net
ICQ: 134439332

----- Original Message ----- 
From: "TJ O'Grady" <tjogrady () flyingwithouta net>
To: <pen-test () securityfocus com>
Sent: Sunday, November 30, 2003 11:08 AM
Subject: Reporting aspect of pen-testing

Hi folks,

I am putting together a pen testing proposal as part of my final
Master's project. If it's good enough, it will lead to a full pen test
of a real network. This list has been very helpful with the technology
background, but the part I am stuck on right now is the reporting
piece. When a pen-test is complete, what do you include in the report?
How do you structure the information for business contacts, I imagine
raw data is often not helpful  in many cases. Any hints or tips would
be greatly appreciated.

Thank you,



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]