|
Penetration Testing
mailing list archives
RE: hacking challenges
From: "Yonatan Bokovza" <Yonatan () xpert com>
Date: Mon, 5 Jul 2004 12:17:14 +0300
-----Original Message-----
From: gilles.lami () hays-dsia fr [mailto:gilles.lami () hays-dsia fr]
Sent: Friday, July 02, 2004 11:19
To: pen-test () securityfocus com
Subject: hacking challenges
Hello,
What do you think about the numerous hacking challenges
present on the web
?
Do you think a good pen-tester should (or must ?) do these
games and pass
all levels of each one ?
If so, well ... Why ? (Even if the answer of this question could be
obvious).
Some of these challenges are pretty good in representing
real-world scenarios, and some are pretty bad. There is a lot
more to penetration testing than these challenges, but a good
penetration tester should be able to deal with most of them.
Another thing very different, and i am sorry for this
question i guess most
of you must have already ridden several times:
I have to build an action plan to specify how to react after
a successfull
hacking has been detected or suspected ( on a Windows or Unix
machine for
the moment )
What good readings could you advise ?
That is a topic called "Incident Handling". There is a different securityfocus
mailing list for that, and I'd recommend reading CERT's CSIRT
(Computer Security Incident Response Team) FAQ
http://www.cert.org/csirts/csirt_faq.html
and CSIRTs handbook:
http://www.cert.org/archive/pdf/csirt-handbook.pdf
Best Regards,
Yonatan Bokovza
IT Security Consultant
Xpert Systems
 By Date 
By Thread
Current thread:
| 
Intro
