Penetration Testing mailing list archives
Pen Test Basic Needs
From: "Stephane Auger" <sauger () pre2post com>
Date: Thu, 14 Jul 2005 12:31:28 -0400
Hi list, I recently sent this email on the security-basics list, and afterwards discovered this list. I thought I'd repost it, since this is probably the best place for it. A quick couple of questions out of curiosity... 1) If you had to do a pen-test, what type of information would you need to begin with? External IP? Web site name? Anything else I'm forgetting? 2) What tools would you use for the pen-test? Nessus, Snort, Cain&Abel. Anything else that would be useful? 3) Any good docs on where to start? I can find my way around once I'm in, but it's the first step that's the problem. 4) Any templates on good contracts to cover myself? This pen-test will probably be for a network, but also for a web site that's hosted elsewhere. Both the network's and the hosing site's owners are aware and ready to sign off on it, so I'm pretty much aware of the legal ramifications, which is why I'd love to see some contract templates. I'll be backed up by others, but would still like the info on how to start so I can prepare. Thanks everyone! Stephane
Current thread:
- Pen Test Basic Needs Stephane Auger (Jul 14)
- Re: Pen Test Basic Needs Kyle Maxwell (Jul 15)
- <Possible follow-ups>
- RE: Pen Test Basic Needs Stephane Auger (Jul 15)
- Re: Pen Test Basic Needs Security Professional (Jul 15)
- RE: Pen Test Basic Needs Stephane Auger (Jul 15)
- Re: Pen Test Basic Needs Saint Anthony (Jul 16)