Home page logo

pen-test logo Penetration Testing mailing list archives

Pentest Criteria
From: "Kurt M. John" <kurt.md.john () gmail com>
Date: Wed, 01 Sep 2010 15:42:08 -0400

Hey guys,

Another question for you. Usually when we do pentests for our clients we
report our findings and recommendations. We've never had to report the
criteria  our findings/vulnerabilities are based on as well. By criteria
I mean industry standards or best practices, e.g., NIST 800_53, CoBIT,

What if a client wants criteria reported as well. I'm not sure if there
is one I can use without running the risk of it being too far removed.
Is there a frame work or best practice which lends itself to pentests?
Or do I have to try to layer NIST on top of it


Thanks guys.

Kurt M. John, CISA, C┬ŽEH, CPT

Sent from my HTC on the Now Network from Sprint!

This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]