Home page logo
/

pen-test logo Penetration Testing mailing list archives

Possibly a different methodology for network testing
From: "Steve Armstrong" <stevearmstrong () logicallysecure com>
Date: Sat, 22 Jul 2006 00:55:19 +0100

Thanks to everyone who pointed out the various Methodologies as I looked
for crossover from what I believe may be a different/alternate method of
undertaking testing.
 
I have thrown together some bits on how I believe a Vulnerability test
should be undertaken, ensuring that the risks are assessed based upon
the network configuration, data movement profile and basic design of why
the network exists at all.
 
I still believe it is different to the OSSTMM, OWASP and NSA based
methodologies, and if I get a confirmation from these lists that my
thinking is correct, I will develop this further, with diagrams, flow
charts and templates.
 
http://www.logicallysecure.com/forum/viewtopic.php?t=192
 
I have derived this not because I believe these methodologies are
lacking, but that I believe they fulfil different needs.
 
Anyway , please let me know your thoughts, public or otherwise.
 
Yes I understand there is not much meat on it, but I am still confirming
if my thoughts are different from other methodologies.
 
Steve A
 
(nebs)
 
Thank you for all your time and help.
 
The links are to my forum with both a Mind map and a word document.  The
mind map software is open source and can be obtained from here:
http://freemind.sourceforge.net/wiki/index.php/Main_Page
 
 
 

------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security?
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's
Choice Award from eWeek. As attacks through web applications continue to rise,
you need to proactively protect your applications from hackers. Cenzic has the
most comprehensive solutions to meet your application security penetration
testing and vulnerability management needs. You have an option to go with a
managed service (Cenzic ClickToSecure) or an enterprise software
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can
help you: http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to confirm your
results from other product. Contact us at request () cenzic com for details.
------------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]