Penetration Testing mailing list archives
RE: How to start a Pen Test Consultancy ?
From: "Tyler Markowsky" <tyler.markowsky () seccuris com>
Date: Thu, 6 Jan 2005 14:51:13 -0600
Some marketing-oriented stream of consciousness for our friend Vivek... There certainly is a lot of demand in North America for information security consultants who can ensure networks containing personal and private information are secure (that is, essentially, why companies conduct Pen Test's). This demand continues to grow and could work to your advantage: many of the larger international corporations are expanding their labour forces abroad to include massive outsourcing arrangements in countries like India. With that in mind, I would suggest you look into the privacy laws of those organizations who are outsourcing. For example: in Canada there are huge penalties for privacy violations mandated by the government (PIPEDA). In the States accountancy standards have just been expanded to include information security (Sarbanes Oxley). You may be able to capitalize on those outsourcing arrangements, because despite the fact that much of the work is subcontracted, those companies are still liable to their home country's privacy standards! Good luck with your venture Vivek! Best, Tyler Markowsky Information Risk Analyst SECCURIS http://www.seccuris.com ***PLEASE DONTATE MONEY FOR THE VICTIMS OF THE ASIAN TSUNAMI*** *Canadians: http://www.redcross.ca/ - The Canadian Gov will match Canadian citizen's donations until January 11th** -----Original Message----- From: Schisler Isaiah [mailto:schisler_isaiah () bah com] Sent: Thursday, January 06, 2005 12:18 PM To: pen-test () securityfocus com Subject: RE: How to start a Pen Test Consultancy ? As mentioned before http://www.isecom.org is great place for open source pen-testing information and should be able to answer most of the questions that you've posed. One thing that you did forget to mention and will definitely need to be covered before doing any penetration testing is legal documentation (i.e. non-disclosure agreement, liability insurance, etc.). The owner of the business your trying to sell your service to is not going to just let anybody come on the network and start doing whatever they want to it. It may be easier to hire a lawyer that specializes in documents like that, or you can invest the time to do the research yourself. But you definitely want to have you're butt covered before you start pen-testing someone's network. -----Original Message----- From: vivek_ece_iitg () yahoo co in [mailto:vivek_ece_iitg () yahoo co in] Sent: Wednesday, January 05, 2005 11:49 PM To: pen-test () securityfocus com Subject: How to start a Pen Test Consultancy ? Hi All ! I am thinking of starting my own Pen Test consultancy. Though i can (arguably ;-) ) say that i am quite adept at penetration testing and ethical hacking, i am not aware of a "standardised technique" to conduct an audit. I would appreciate if someone can give me some pointers on this. If i break up my earliar question into smaller ones...i'd like to know the following : 1. What tests to conduct ? what all to check ? servers, routers, switches, applications, social engineering ?? 2. Time Span ? The ideal time span a pen tester should take to conduct an audit ? 3. What if my audit leads to a dos on their website ? i.e what are the do's and dont's when conducting an audit on a live system ? best practises ? legal stuff ? 4. Pen test report ? what to include and what not ? 5. Money ;-) ? How to determine a monetory equivalent for the pen test conducted ? i.e how to bill the customer ?? etc 6. If you can think of anything essential i missed out ....please add ! I know i am almost asking you guys to write an "essay" but i am sure this will be of help to lots of other ppl who would one day like to start something of their own. Thanks in advance ! Vivek Bangalore, India (flames >> /dev/null)
Current thread:
- How to start a Pen Test Consultancy ? vivek_ece_iitg (Jan 06)
- RE: How to start a Pen Test Consultancy ? Chuck Fullerton (Jan 06)
- RE: How to start a Pen Test Consultancy ? Nathan Einwechter (Jan 06)
- Re: How to start a Pen Test Consultancy ? Anders Thulin (Jan 10)
- <Possible follow-ups>
- RE: How to start a Pen Test Consultancy ? Schisler Isaiah (Jan 06)
- RE: How to start a Pen Test Consultancy ? Tyler Markowsky (Jan 06)