Penetration Testing: Re: Pentest Letter of Achievement/Certificate

["blowfish 448" <blowfish448 () hotmail com>]

Hi John,

I checked and in the current available OSSTMM 2.1 version there is a certain 
'data sheet'
mentioned in the accreditation section. It says however in the document that 
such data
sheet is only available in vs. 2.5 Which I could not trace back. After 2.1 
the next one set
for release is 3.0. Do you know of such 2.5 version maybe?


Thanks


> From: John Kinsella <jlk () thrashyour com>
> Reply-To: John Kinsella <jlk () thrashyour com>
> To: blowfish 448 <blowfish448 () hotmail com>
> CC: pen-test () securityfocus com
> Subject: Re: Pentest Letter of Achievement/Certificate
> Date: Tue, 12 Jul 2005 19:29:43 -0700
>
> I think http://www.isecom.org/osstmm/ might cover what you're looking
> for...
>
> John
>
> On Tue, Jul 12, 2005 at 10:52:42PM +0200, blowfish 448 wrote:
> > Hi,
> >
> > any of you know if any 'standards' or accepted guidelines exist for a
> > letter or certification
> > of succesfull resistance to Penetration Testing/Vulnerability 
> Assessment.
> > Customers often
> > demand to have a proof delivered by their Penetration Test service 
> provider
> > to show to their
> > partners and customers.
> >
> > The idea of course is not to disclose sensitive information but to 
> briefly
> > describe
> > the environment tested and how - according to which methodologies and 
> the
> > attack vectors
> > tested for.
> >
> >
> > Thanks in advance
> >
> >